Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with SMART Repair malware


  • This topic is locked This topic is locked
22 replies to this topic

#1 Lippy2950

Lippy2950

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 09 May 2012 - 11:40 AM

I am yet another victim of this S.M.A.R.T. Repair HDD malware, and would greatly appreciate some help getting rid of it! I have the usual symptoms:

all of my icons except the trash bin and "my computer" are hidden, and a window called "Data Recovery" with the following text appears on the screen: "S.M.A.R.T. Repair Hard drives diagnostic report. Multiple 'System Alerts!'

I am running Win XP SP3 32-bit and do not have access to the install disk.

Thanks so much!

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Administrator at 12:22:11 on 2012-05-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2454 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [NeroHomeFirstStart] "c:\program files\common files\ahead\lib\NMFirstStart.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://portal.tsachoice.com/XTSAC.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://paychextraining.webex.com/client/T26L/training/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CE98F609-E821-4A2A-BDB4-A902F201235F} : NameServer = 68.115.71.53,66.189.0.29
TCP: Interfaces\{CE98F609-E821-4A2A-BDB4-A902F201235F} : DhcpNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 171064]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-13 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-12-21 95200]
S2 Rebit-SaveMe-Svc;Rebit SaveMe Svc;c:\program files\rebit-saveme\bin\Rebit-SaveMe-Svc.exe [2010-5-20 2213400]
S2 Rebit-SaveMe-SysMon;Rebit SaveMe SysMon;c:\program files\rebit-saveme\bin\Rebit-SaveMe-SysMon.exe [2010-5-20 608280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 257696]
S3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-5-16 36224]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-1-6 163616]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-5-8 26400]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\drivers\libusb0.sys [2010-8-5 20992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-13 22344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-5-16 134912]
S4 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-2-16 87368]
S4 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-7-3 80392]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-18 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-18 135664]
S4 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2012-2-1 214896]
S4 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files\common files\roxio shared\vhstodvd\sharedcom\RoxMediaDBVHS.exe [2010-2-19 1116656]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2012-05-09 11:31:34 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Ahead
2012-05-09 02:15:57 26400 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-05-09 02:15:32 -------- d-----w- c:\program files\HitmanPro
2012-05-09 02:15:22 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-05-08 23:17:13 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-05-08 22:05:28 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2012-05-08 22:05:23 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2012-05-08 21:50:45 223232 ----a-w- c:\documents and settings\all users\application data\S6b3aizdRfmdmJ.exe
2012-05-08 21:39:53 302080 ----a-w- c:\documents and settings\all users\application data\luXXcFXjDwitC.exe
2012-05-08 16:43:14 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce3a5112-f5e9-472a-adcf-8afcbe467034}\mpengine.dll
2012-05-07 16:43:11 6734704 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-03 17:45:13 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 17:45:09 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-03 17:45:09 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-21 21:51:51 -------- d-----w- c:\program files\InterActual
2012-04-14 16:08:49 -------- d-----w- c:\program files\HRBlock2011
.
==================== Find3M ====================
.
2012-05-09 05:11:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 05:11:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 04:42:07 16608 ----a-w- c:\windows\gdrv.sys
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:23:14.46 ===============

Edited by hamluis, 09 May 2012 - 01:22 PM.
Moved from XP to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 09 May 2012 - 11:37 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Lippy2950

Lippy2950
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 10 May 2012 - 07:00 AM

Hi Gringo, and thanks for the help! I had just completed the Smart HD (Uninstall Guide), then the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, so my CD Emulation software has been disabled - should I enable it before running the Combofix?


Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Security Scan Plus
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Windows Defender
McAfee SiteAdvisor
Java™ 6 Update 17
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 10 May 2012 - 07:34 AM

OK still send me the combofix log once it completes
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Lippy2950

Lippy2950
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 10 May 2012 - 08:35 AM

Combofix alerted me that MSE needed to be disabled. I am running in Safe Mode and do not have any direct access to MSE, however, I disabled the Security Center Service, and disabled the Microsift Firewall hoping that would do the trick. It didn't. Combofix then gave me the only option of 'Proceed at your own risk', so I did. It began its scan until it alerted me that I did not have Microsoft Windows Recovery Console and offered to download it. I clicked 'yes'. The console downloaded, installed, and began to scan. It got through 7 or 8 stages then a blue error screen stating Windows has encountered an error and needed to restart. The computer began to reboot before I could get the specifics of the error message, but did successfully reboot into Safe Mode. Combofix did not resume.
Reran ComboFix

ComboFix 12-05-10.02 - Administrator 05/10/2012 10:49:10.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2767 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\luXXcFXjDwitC.exe
c:\documents and settings\All Users\Application Data\S6b3aizdRfmdmJ
c:\documents and settings\All Users\Application Data\S6b3aizdRfmdmJ.exe
c:\documents and settings\Parents\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-09 02:15 . 2012-05-09 04:41 26400 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-05-09 02:15 . 2012-05-09 02:15 -------- d-----w- c:\program files\HitmanPro
2012-05-09 02:15 . 2012-05-09 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-08 22:04 . 2012-05-09 23:00 -------- d-----w- c:\documents and settings\Administrator
2012-05-08 16:43 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE3A5112-F5E9-472A-ADCF-8AFCBE467034}\mpengine.dll
2012-05-07 16:43 . 2012-04-13 07:36 6734704 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-03 17:45 . 2012-05-03 17:45 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 17:45 . 2012-05-03 17:45 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 17:45 . 2012-05-03 17:45 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-21 21:51 . 2012-04-21 21:52 -------- d-----w- c:\program files\InterActual
2012-04-14 16:54 . 2012-04-14 16:54 -------- d-----w- c:\program files\Microsoft.NET
2012-04-14 16:08 . 2012-04-14 16:09 -------- d-----w- c:\program files\HRBlock2011
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 05:11 . 2012-04-06 13:41 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 05:11 . 2011-06-17 00:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 04:42 . 2009-07-03 18:39 16608 ----a-w- c:\windows\gdrv.sys
2012-04-04 19:56 . 2009-07-13 12:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2009-06-18 22:48 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-05-03 17:45 . 2011-03-26 16:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Parents^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Parents\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Parents^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Parents\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Parents^Start Menu^Programs^Startup^Jawbone Updater.lnk]
path=c:\documents and settings\Parents\Start Menu\Programs\Startup\Jawbone Updater.lnk
backup=c:\windows\pss\Jawbone Updater.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|\ü [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-11-19 03:28 1966080 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ------r- c:\windows\alcwzrd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 23:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]
2010-12-15 22:03 80448 ----a-w- c:\program files\Kodak\MediaImpression\ArcMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 02:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-05-12 21:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-14 23:45 136176 ----atw- c:\documents and settings\Parents\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 22:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotoCast]
2012-03-07 15:44 1704 ----a-w- c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]
2012-03-20 23:42 13324288 ----a-w- c:\documents and settings\Parents\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 23:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-05-20 20:24 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 18:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ACDaemon"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"WinDefend"=2 (0x2)
"stllssvr"=3 (0x3)
"RoxMediaDBVHS"=3 (0x3)
"PLFlash DeviceIoControl Service"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"MsMpSvc"=2 (0x2)
"MotoHelper"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"GEST Service"=2 (0x2)
"DeviceMonitorService"=2 (0x2)
"ATI Smart"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"McComponentHostService"=3 (0x3)
"McAfee SiteAdvisor Service"=2 (0x2)
"MBAMService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=
"c:\\Documents and Settings\\Parents\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\Parents\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Motorola Media Link\\Lite\\MML.exe"=
"c:\\Program Files\\Motorola Mobility\\MotoCast\\MotoCast.exe"=
"c:\\Program Files\\Motorola Mobility\\MotoCast\\bin\\MotoCast-thumbnailer.exe"=
.
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Rebit-SaveMe-Svc;Rebit SaveMe Svc;c:\program files\Rebit-SaveMe\bin\Rebit-SaveMe-Svc.exe [5/20/2010 9:20 PM 2213400]
S2 Rebit-SaveMe-SysMon;Rebit SaveMe SysMon;c:\program files\Rebit-SaveMe\bin\Rebit-SaveMe-SysMon.exe [5/20/2010 9:20 PM 608280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 9:41 AM 257696]
S3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [5/16/2010 8:32 AM 36224]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [1/6/2012 11:14 AM 163616]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [5/8/2012 10:15 PM 26400]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\drivers\libusb0.sys [8/5/2010 4:09 PM 20992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/13/2009 8:16 AM 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 1:45 PM 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [5/16/2010 8:32 AM 134912]
S4 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2/16/2012 4:02 PM 87368]
S4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [7/3/2009 2:40 PM 80392]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2010 12:35 PM 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2010 12:35 PM 135664]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/13/2009 8:17 AM 654408]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/21/2010 1:38 PM 95200]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2/1/2012 5:55 PM 214896]
S4 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2/19/2010 6:44 AM 1116656]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 2:57 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 05:11]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 16:35]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 16:35]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-725345543-1003Core.job
- c:\documents and settings\Parents\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-14 23:45]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-725345543-1003UA.job
- c:\documents and settings\Parents\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-14 23:45]
.
2012-05-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-05-08 c:\windows\Tasks\MotoCast Update.job
- c:\program files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-03-07 18:07]
.
2012-05-08 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01 21:55]
.
2012-05-06 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01 21:55]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CE98F609-E821-4A2A-BDB4-A902F201235F}: NameServer = 68.115.71.53,66.189.0.29
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
MSConfigStartUp-luXXcFXjDwitC - c:\documents and settings\All Users\Application Data\luXXcFXjDwitC.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero 7\InCD\NBHGui.exe
MSConfigStartUp-Software Informer - c:\program files\Software Informer\softinfo.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-10 10:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rebit-SaveMe-Svc]
"ImagePath"="c:\program files\Rebit-SaveMe\bin\Rebit-SaveMe-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-507921405-492894223-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,38,e1,82,ba,e0,d3,4d,90,55,be,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,38,e1,82,ba,e0,d3,4d,90,55,be,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-05-10 10:58:23
ComboFix-quarantined-files.txt 2012-05-10 14:58
.
Pre-Run: 547,938,304 bytes free
Post-Run: 3,917,107,200 bytes free
.
- - End Of File - - 9F0870B9E620779CC2CE161B1E8C8F78

Edited by Lippy2950, 10 May 2012 - 10:00 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 10 May 2012 - 01:59 PM

Greetings Lippy2950

Are you able to run in normal mode now? If so run these in normal mode.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Lippy2950

Lippy2950
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 10 May 2012 - 05:26 PM

Booted into Windows fine. Quicklaunch icons replaced with one 'Data_Recovery' icon.

18:20:02.0515 3720 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:20:02.0859 3720 ============================================================
18:20:02.0859 3720 Current date / time: 2012/05/10 18:20:02.0859
18:20:02.0859 3720 SystemInfo:
18:20:02.0859 3720
18:20:02.0859 3720 OS Version: 5.1.2600 ServicePack: 3.0
18:20:02.0859 3720 Product type: Workstation
18:20:02.0859 3720 ComputerName: MAIN
18:20:02.0859 3720 UserName: Parents
18:20:02.0859 3720 Windows directory: C:\WINDOWS
18:20:02.0859 3720 System windows directory: C:\WINDOWS
18:20:02.0859 3720 Processor architecture: Intel x86
18:20:02.0859 3720 Number of processors: 2
18:20:02.0859 3720 Page size: 0x1000
18:20:02.0859 3720 Boot type: Normal boot
18:20:02.0859 3720 ============================================================
18:20:03.0578 3720 Drive \Device\Harddisk0\DR0 - Size: 0x15D50E5DE00 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:20:03.0593 3720 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:20:03.0609 3720 ============================================================
18:20:03.0609 3720 \Device\Harddisk0\DR0:
18:20:03.0609 3720 MBR partitions:
18:20:03.0609 3720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xAEA82841
18:20:03.0609 3720 \Device\Harddisk1\DR1:
18:20:03.0609 3720 MBR partitions:
18:20:03.0609 3720 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36B1F33
18:20:03.0609 3720 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x36B1F72, BlocksNum 0x35B86BA6
18:20:03.0640 3720 ============================================================
18:20:03.0671 3720 C: <-> \Device\Harddisk1\DR1\Partition0
18:20:03.0718 3720 G: <-> \Device\Harddisk1\DR1\Partition1
18:20:03.0718 3720 S: <-> \Device\Harddisk0\DR0\Partition0
18:20:03.0718 3720 ============================================================
18:20:03.0718 3720 Initialize success
18:20:03.0718 3720 ============================================================
18:20:09.0937 3400 ============================================================
18:20:09.0937 3400 Scan started
18:20:09.0937 3400 Mode: Manual; SigCheck; TDLFS;
18:20:09.0937 3400 ============================================================
18:20:10.0328 3400 Abiosdsk - ok
18:20:10.0328 3400 abp480n5 - ok
18:20:10.0421 3400 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:20:10.0500 3400 ACDaemon - ok
18:20:10.0515 3400 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:20:10.0625 3400 ACPI - ok
18:20:10.0640 3400 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:20:10.0718 3400 ACPIEC - ok
18:20:10.0734 3400 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:20:10.0750 3400 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
18:20:10.0750 3400 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
18:20:10.0828 3400 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:20:10.0828 3400 AdobeFlashPlayerUpdateSvc - ok
18:20:10.0828 3400 adpu160m - ok
18:20:10.0843 3400 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:20:10.0921 3400 aec - ok
18:20:10.0937 3400 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
18:20:10.0953 3400 Afc - ok
18:20:10.0984 3400 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:20:11.0000 3400 AFD - ok
18:20:11.0015 3400 Aha154x - ok
18:20:11.0015 3400 aic78u2 - ok
18:20:11.0015 3400 aic78xx - ok
18:20:11.0031 3400 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:20:11.0093 3400 Alerter - ok
18:20:11.0093 3400 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:20:11.0156 3400 ALG - ok
18:20:11.0171 3400 AliIde - ok
18:20:11.0171 3400 amsint - ok
18:20:11.0187 3400 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:20:11.0265 3400 AppMgmt - ok
18:20:11.0281 3400 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
18:20:11.0281 3400 ArcCD ( UnsignedFile.Multi.Generic ) - warning
18:20:11.0281 3400 ArcCD - detected UnsignedFile.Multi.Generic (1)
18:20:11.0281 3400 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
18:20:11.0296 3400 ArcRec ( UnsignedFile.Multi.Generic ) - warning
18:20:11.0296 3400 ArcRec - detected UnsignedFile.Multi.Generic (1)
18:20:11.0312 3400 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
18:20:11.0328 3400 ArcUdfs ( UnsignedFile.Multi.Generic ) - warning
18:20:11.0328 3400 ArcUdfs - detected UnsignedFile.Multi.Generic (1)
18:20:11.0343 3400 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:20:11.0437 3400 Arp1394 - ok
18:20:11.0437 3400 asc - ok
18:20:11.0437 3400 asc3350p - ok
18:20:11.0437 3400 asc3550 - ok
18:20:11.0546 3400 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:20:11.0546 3400 aspnet_state - ok
18:20:11.0562 3400 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:20:11.0625 3400 AsyncMac - ok
18:20:11.0640 3400 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:20:11.0703 3400 atapi - ok
18:20:11.0718 3400 Atdisk - ok
18:20:11.0750 3400 Ati HotKey Poller (88f1cb6714b9b59cf0ef68356cbefbaa) C:\WINDOWS\system32\Ati2evxx.exe
18:20:11.0781 3400 Ati HotKey Poller - ok
18:20:11.0828 3400 ATI Smart (613e7ada3279f7ad20588b919c223481) C:\WINDOWS\system32\ati2sgag.exe
18:20:11.0843 3400 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
18:20:11.0843 3400 ATI Smart - detected UnsignedFile.Multi.Generic (1)
18:20:12.0046 3400 ati2mtag (2f24aff9e8409821aafa005d3706b583) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:20:12.0140 3400 ati2mtag - ok
18:20:12.0250 3400 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:20:12.0265 3400 AtiHdmiService - ok
18:20:12.0296 3400 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:20:12.0359 3400 Atmarpc - ok
18:20:12.0390 3400 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:20:12.0453 3400 AudioSrv - ok
18:20:12.0484 3400 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:20:12.0546 3400 audstub - ok
18:20:12.0546 3400 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
18:20:12.0578 3400 BANTExt ( UnsignedFile.Multi.Generic ) - warning
18:20:12.0578 3400 BANTExt - detected UnsignedFile.Multi.Generic (1)
18:20:12.0578 3400 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:20:12.0656 3400 Beep - ok
18:20:12.0687 3400 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:20:12.0765 3400 BITS - ok
18:20:12.0781 3400 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:20:12.0843 3400 Browser - ok
18:20:12.0921 3400 catchme - ok
18:20:12.0937 3400 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:20:13.0000 3400 cbidf2k - ok
18:20:13.0015 3400 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:20:13.0093 3400 CCDECODE - ok
18:20:13.0093 3400 cd20xrnt - ok
18:20:13.0109 3400 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:20:13.0171 3400 Cdaudio - ok
18:20:13.0187 3400 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:20:13.0234 3400 Cdfs - ok
18:20:13.0265 3400 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:20:13.0281 3400 Cdrom - ok
18:20:13.0296 3400 Changer - ok
18:20:13.0312 3400 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:20:13.0375 3400 CiSvc - ok
18:20:13.0390 3400 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:20:13.0437 3400 ClipSrv - ok
18:20:13.0546 3400 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:13.0562 3400 clr_optimization_v2.0.50727_32 - ok
18:20:13.0625 3400 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:13.0640 3400 clr_optimization_v4.0.30319_32 - ok
18:20:13.0640 3400 CmdIde - ok
18:20:13.0640 3400 COMSysApp - ok
18:20:13.0640 3400 Cpqarray - ok
18:20:13.0671 3400 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
18:20:13.0687 3400 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
18:20:13.0687 3400 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
18:20:13.0703 3400 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:20:13.0765 3400 CryptSvc - ok
18:20:13.0812 3400 ctac32k (04a43d6b00bf09b2d5cffcd3c5790741) C:\WINDOWS\system32\drivers\ctac32k.sys
18:20:13.0828 3400 ctac32k - ok
18:20:13.0859 3400 ctaud2k (f501738d0bf4de69f7307109efa0246c) C:\WINDOWS\system32\drivers\ctaud2k.sys
18:20:13.0875 3400 ctaud2k - ok
18:20:13.0921 3400 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
18:20:13.0921 3400 ctdvda2k - ok
18:20:13.0953 3400 ctprxy2k (e3aad66077b2594503ab11a31c3d2e7d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
18:20:13.0953 3400 ctprxy2k - ok
18:20:13.0968 3400 ctsfm2k (72c73af1a60321d7e3aaa61859a32f0b) C:\WINDOWS\system32\drivers\ctsfm2k.sys
18:20:13.0984 3400 ctsfm2k - ok
18:20:14.0000 3400 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
18:20:14.0015 3400 ctxusbm - ok
18:20:14.0015 3400 dac2w2k - ok
18:20:14.0015 3400 dac960nt - ok
18:20:14.0062 3400 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:20:14.0062 3400 DcomLaunch - ok
18:20:14.0171 3400 DeviceMonitorService (6824007c0ecec46edd64d7a9d86eba84) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
18:20:14.0171 3400 DeviceMonitorService - ok
18:20:14.0203 3400 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:20:14.0265 3400 Dhcp - ok
18:20:14.0312 3400 DigiartyVirtualCDBus (74c79938aa7b65b17d8e7722bd602095) C:\WINDOWS\system32\drivers\DigiartyVirtualCDBus.sys
18:20:14.0312 3400 DigiartyVirtualCDBus - ok
18:20:14.0343 3400 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:20:14.0406 3400 Disk - ok
18:20:14.0406 3400 dmadmin - ok
18:20:14.0468 3400 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:20:14.0531 3400 dmboot - ok
18:20:14.0531 3400 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:20:14.0593 3400 dmio - ok
18:20:14.0609 3400 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:20:14.0671 3400 dmload - ok
18:20:14.0703 3400 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:20:14.0765 3400 dmserver - ok
18:20:14.0781 3400 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:20:14.0843 3400 DMusic - ok
18:20:14.0875 3400 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:20:14.0890 3400 Dnscache - ok
18:20:14.0921 3400 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:20:14.0968 3400 Dot3svc - ok
18:20:15.0000 3400 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
18:20:15.0062 3400 dot4 - ok
18:20:15.0078 3400 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
18:20:15.0140 3400 Dot4Print - ok
18:20:15.0156 3400 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
18:20:15.0203 3400 dot4usb - ok
18:20:15.0218 3400 dpti2o - ok
18:20:15.0234 3400 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:20:15.0281 3400 drmkaud - ok
18:20:15.0296 3400 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:20:15.0343 3400 EapHost - ok
18:20:15.0375 3400 emupia (bb1d92ac27b6129d3bef215c5a1b9a84) C:\WINDOWS\system32\drivers\emupia2k.sys
18:20:15.0375 3400 emupia - ok
18:20:15.0390 3400 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:20:15.0453 3400 ERSvc - ok
18:20:15.0484 3400 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:20:15.0484 3400 Eventlog - ok
18:20:15.0515 3400 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:20:15.0531 3400 EventSystem - ok
18:20:15.0546 3400 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:20:15.0609 3400 Fastfat - ok
18:20:15.0640 3400 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:20:15.0640 3400 FastUserSwitchingCompatibility - ok
18:20:15.0656 3400 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:20:15.0718 3400 Fdc - ok
18:20:15.0718 3400 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:20:15.0781 3400 Fips - ok
18:20:15.0796 3400 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:20:15.0843 3400 Flpydisk - ok
18:20:15.0859 3400 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:20:15.0921 3400 FltMgr - ok
18:20:16.0015 3400 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:20:16.0031 3400 FontCache3.0.0.0 - ok
18:20:16.0046 3400 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:20:16.0109 3400 Fs_Rec - ok
18:20:16.0125 3400 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:20:16.0203 3400 Ftdisk - ok
18:20:16.0218 3400 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
18:20:16.0218 3400 gdrv - ok
18:20:16.0265 3400 GEST Service (604937407a431016577dddb4e1dd2a85) C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
18:20:16.0265 3400 GEST Service - ok
18:20:16.0281 3400 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:20:16.0343 3400 Gpc - ok
18:20:16.0390 3400 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:20:16.0406 3400 gupdate - ok
18:20:16.0406 3400 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:20:16.0406 3400 gupdatem - ok
18:20:16.0484 3400 ha20x2k (b70a5f66a5505da65e54a4c2bab4c78f) C:\WINDOWS\system32\drivers\ha20x2k.sys
18:20:16.0515 3400 ha20x2k - ok
18:20:16.0531 3400 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:20:16.0578 3400 HDAudBus - ok
18:20:16.0640 3400 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:20:16.0703 3400 helpsvc - ok
18:20:16.0703 3400 HidServ - ok
18:20:16.0734 3400 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:20:16.0796 3400 HidUsb - ok
18:20:16.0812 3400 hitmanpro35 (e695a1bf42b5b8c946cb259ee10f4629) C:\WINDOWS\system32\drivers\hitmanpro36.sys
18:20:16.0812 3400 hitmanpro35 - ok
18:20:16.0843 3400 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:20:16.0906 3400 hkmsvc - ok
18:20:16.0906 3400 hpn - ok
18:20:16.0937 3400 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:20:16.0953 3400 HTTP - ok
18:20:16.0968 3400 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:20:17.0046 3400 HTTPFilter - ok
18:20:17.0046 3400 i2omgmt - ok
18:20:17.0046 3400 i2omp - ok
18:20:17.0062 3400 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:20:17.0125 3400 i8042prt - ok
18:20:17.0296 3400 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:20:17.0312 3400 idsvc - ok
18:20:17.0328 3400 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:20:17.0375 3400 Imapi - ok
18:20:17.0406 3400 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:20:17.0453 3400 ImapiService - ok
18:20:17.0468 3400 ini910u - ok
18:20:17.0703 3400 IntcAzAudAddService (4aaa8312732655f93a254d1fa695eb79) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:20:17.0828 3400 IntcAzAudAddService - ok
18:20:17.0921 3400 IntelIde - ok
18:20:17.0953 3400 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:20:18.0015 3400 intelppm - ok
18:20:18.0031 3400 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:20:18.0078 3400 Ip6Fw - ok
18:20:18.0109 3400 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:20:18.0171 3400 IpFilterDriver - ok
18:20:18.0187 3400 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:20:18.0250 3400 IpInIp - ok
18:20:18.0281 3400 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:20:18.0343 3400 IpNat - ok
18:20:18.0359 3400 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:20:18.0421 3400 IPSec - ok
18:20:18.0437 3400 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:20:18.0515 3400 IRENUM - ok
18:20:18.0531 3400 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:20:18.0593 3400 isapnp - ok
18:20:18.0671 3400 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
18:20:18.0671 3400 JavaQuickStarterService - ok
18:20:18.0703 3400 JRAID (b07084095f8c03aadb9811c9df14b5e4) C:\WINDOWS\system32\DRIVERS\jraid.sys
18:20:18.0718 3400 JRAID - ok
18:20:18.0734 3400 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:20:18.0781 3400 Kbdclass - ok
18:20:18.0796 3400 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:20:18.0859 3400 kmixer - ok
18:20:18.0875 3400 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:20:18.0890 3400 KSecDD - ok
18:20:18.0921 3400 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:20:18.0921 3400 lanmanserver - ok
18:20:18.0953 3400 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:20:18.0968 3400 lanmanworkstation - ok
18:20:18.0968 3400 lbrtfdc - ok
18:20:18.0984 3400 libusb0 (bb90b64682d4108819947940bd7c4ea5) C:\WINDOWS\system32\DRIVERS\libusb0.sys
18:20:19.0015 3400 libusb0 - ok
18:20:19.0062 3400 LightScribeService (53710476495886d9961be46983a6a33f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:20:19.0078 3400 LightScribeService - ok
18:20:19.0078 3400 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:20:19.0156 3400 LmHosts - ok
18:20:19.0171 3400 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
18:20:19.0187 3400 LVUSBSta - ok
18:20:19.0312 3400 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
18:20:19.0406 3400 LVUVC - ok
18:20:19.0515 3400 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
18:20:19.0531 3400 MBAMProtector - ok
18:20:19.0656 3400 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:20:19.0671 3400 MBAMService - ok
18:20:19.0718 3400 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
18:20:19.0718 3400 McAfee SiteAdvisor Service - ok
18:20:19.0781 3400 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:20:19.0796 3400 McComponentHostService - ok
18:20:19.0812 3400 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:20:19.0875 3400 Messenger - ok
18:20:19.0953 3400 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:20:19.0953 3400 Microsoft Office Groove Audit Service - ok
18:20:19.0968 3400 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:20:20.0046 3400 mnmdd - ok
18:20:20.0062 3400 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:20:20.0125 3400 mnmsrvc - ok
18:20:20.0140 3400 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:20:20.0203 3400 Modem - ok
18:20:20.0250 3400 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
18:20:20.0265 3400 MotoHelper - ok
18:20:20.0265 3400 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:20:20.0328 3400 Mouclass - ok
18:20:20.0343 3400 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:20:20.0406 3400 MountMgr - ok
18:20:20.0421 3400 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:20:20.0437 3400 MozillaMaintenance - ok
18:20:20.0468 3400 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
18:20:20.0546 3400 MPE - ok
18:20:20.0578 3400 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:20:20.0578 3400 MpFilter - ok
18:20:20.0578 3400 mraid35x - ok
18:20:20.0609 3400 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:20:20.0671 3400 MRxDAV - ok
18:20:20.0703 3400 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:20:20.0718 3400 MRxSmb - ok
18:20:20.0734 3400 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:20:20.0812 3400 MSDTC - ok
18:20:20.0812 3400 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:20:20.0875 3400 Msfs - ok
18:20:20.0875 3400 MSIServer - ok
18:20:20.0890 3400 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:20:20.0937 3400 MSKSSRV - ok
18:20:20.0984 3400 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:20:21.0000 3400 MsMpSvc - ok
18:20:21.0000 3400 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:20:21.0062 3400 MSPCLOCK - ok
18:20:21.0062 3400 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:20:21.0125 3400 MSPQM - ok
18:20:21.0140 3400 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:20:21.0203 3400 mssmbios - ok
18:20:21.0218 3400 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:20:21.0281 3400 MSTEE - ok
18:20:21.0296 3400 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:20:21.0312 3400 Mup - ok
18:20:21.0343 3400 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:20:21.0406 3400 NABTSFEC - ok
18:20:21.0453 3400 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:20:21.0500 3400 napagent - ok
18:20:21.0593 3400 NBService (3bae2bfcb6d69e19c8373f635dd544dc) S:\Nero\Nero 7\Nero BackItUp\NBService.exe
18:20:21.0625 3400 NBService - ok
18:20:21.0625 3400 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:20:21.0687 3400 NDIS - ok
18:20:21.0703 3400 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:20:21.0781 3400 NdisIP - ok
18:20:21.0796 3400 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:20:21.0796 3400 NdisTapi - ok
18:20:21.0812 3400 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:20:21.0875 3400 Ndisuio - ok
18:20:21.0890 3400 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:20:21.0968 3400 NdisWan - ok
18:20:21.0984 3400 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:20:21.0984 3400 NDProxy - ok
18:20:22.0000 3400 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:20:22.0062 3400 NetBIOS - ok
18:20:22.0078 3400 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:20:22.0156 3400 NetBT - ok
18:20:22.0171 3400 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:20:22.0218 3400 NetDDE - ok
18:20:22.0218 3400 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:20:22.0281 3400 NetDDEdsdm - ok
18:20:22.0296 3400 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:20:22.0359 3400 Netlogon - ok
18:20:22.0375 3400 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:20:22.0453 3400 Netman - ok
18:20:22.0578 3400 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:20:22.0578 3400 NetTcpPortSharing - ok
18:20:22.0593 3400 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:20:22.0656 3400 NIC1394 - ok
18:20:22.0703 3400 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:20:22.0703 3400 Nla - ok
18:20:22.0812 3400 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:20:22.0828 3400 NMIndexingService - ok
18:20:22.0828 3400 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:20:22.0890 3400 Npfs - ok
18:20:22.0921 3400 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:20:22.0984 3400 Ntfs - ok
18:20:22.0984 3400 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:20:23.0031 3400 NtLmSsp - ok
18:20:23.0062 3400 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:20:23.0140 3400 NtmsSvc - ok
18:20:23.0156 3400 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:20:23.0234 3400 Null - ok
18:20:23.0250 3400 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:20:23.0312 3400 NwlnkFlt - ok
18:20:23.0312 3400 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:20:23.0375 3400 NwlnkFwd - ok
18:20:23.0500 3400 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:20:23.0515 3400 odserv - ok
18:20:23.0515 3400 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:20:23.0578 3400 ohci1394 - ok
18:20:23.0640 3400 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:20:23.0640 3400 ose - ok
18:20:23.0671 3400 ossrv (594f2968c741ca03e41e57e65f616351) C:\WINDOWS\system32\drivers\ctoss2k.sys
18:20:23.0687 3400 ossrv - ok
18:20:23.0687 3400 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:20:23.0750 3400 Parport - ok
18:20:23.0750 3400 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:20:23.0828 3400 PartMgr - ok
18:20:23.0843 3400 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:20:23.0890 3400 ParVdm - ok
18:20:23.0906 3400 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:20:23.0984 3400 PCI - ok
18:20:23.0984 3400 PCIDump - ok
18:20:24.0000 3400 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:20:24.0062 3400 PCIIde - ok
18:20:24.0078 3400 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:20:24.0156 3400 Pcmcia - ok
18:20:24.0156 3400 PDCOMP - ok
18:20:24.0156 3400 PDFRAME - ok
18:20:24.0156 3400 PDRELI - ok
18:20:24.0156 3400 PDRFRAME - ok
18:20:24.0156 3400 perc2 - ok
18:20:24.0156 3400 perc2hib - ok
18:20:24.0187 3400 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
18:20:24.0187 3400 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
18:20:24.0187 3400 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
18:20:24.0218 3400 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:20:24.0234 3400 PlugPlay - ok
18:20:24.0250 3400 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:20:24.0312 3400 PolicyAgent - ok
18:20:24.0312 3400 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:20:24.0375 3400 PptpMiniport - ok
18:20:24.0375 3400 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:20:24.0421 3400 ProtectedStorage - ok
18:20:24.0437 3400 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:20:24.0500 3400 PSched - ok
18:20:24.0515 3400 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:20:24.0593 3400 Ptilink - ok
18:20:24.0593 3400 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:20:24.0609 3400 PxHelp20 - ok
18:20:24.0609 3400 ql1080 - ok
18:20:24.0609 3400 Ql10wnt - ok
18:20:24.0609 3400 ql12160 - ok
18:20:24.0609 3400 ql1240 - ok
18:20:24.0609 3400 ql1280 - ok
18:20:24.0625 3400 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:20:24.0671 3400 RasAcd - ok
18:20:24.0703 3400 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:20:24.0750 3400 RasAuto - ok
18:20:24.0781 3400 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:20:24.0828 3400 Rasl2tp - ok
18:20:24.0859 3400 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:20:24.0921 3400 RasMan - ok
18:20:24.0921 3400 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:20:24.0984 3400 RasPppoe - ok
18:20:24.0984 3400 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:20:25.0046 3400 Raspti - ok
18:20:25.0046 3400 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:20:25.0109 3400 Rdbss - ok
18:20:25.0125 3400 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:20:25.0203 3400 RDPCDD - ok
18:20:25.0203 3400 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:20:25.0265 3400 rdpdr - ok
18:20:25.0296 3400 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:20:25.0312 3400 RDPWD - ok
18:20:25.0328 3400 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:20:25.0390 3400 RDSessMgr - ok
18:20:25.0437 3400 Rebit-SaveMe-Svc - ok
18:20:25.0484 3400 Rebit-SaveMe-SysMon (d3b3020a8cfd6dc99750e17b294f115c) C:\Program Files\Rebit-SaveMe\bin\Rebit-SaveMe-SysMon.exe
18:20:25.0500 3400 Rebit-SaveMe-SysMon - ok
18:20:25.0500 3400 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:20:25.0562 3400 redbook - ok
18:20:25.0578 3400 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:20:25.0625 3400 RemoteAccess - ok
18:20:25.0640 3400 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:20:25.0718 3400 RemoteRegistry - ok
18:20:25.0734 3400 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
18:20:25.0750 3400 RimUsb - ok
18:20:25.0906 3400 RoxMediaDBVHS (fbbdf0287fc22abac49c253e82c82f13) C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe
18:20:25.0937 3400 RoxMediaDBVHS - ok
18:20:25.0953 3400 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:20:26.0015 3400 RpcLocator - ok
18:20:26.0062 3400 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:20:26.0062 3400 RpcSs - ok
18:20:26.0109 3400 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:20:26.0171 3400 RSVP - ok
18:20:26.0218 3400 RTLE8023xp (eeb84629064abcb6198864d25bf15b1a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:20:26.0218 3400 RTLE8023xp - ok
18:20:26.0234 3400 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:20:26.0281 3400 SamSs - ok
18:20:26.0296 3400 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:20:26.0343 3400 SCardSvr - ok
18:20:26.0375 3400 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:20:26.0437 3400 Schedule - ok
18:20:26.0468 3400 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:20:26.0515 3400 Secdrv - ok
18:20:26.0531 3400 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:20:26.0593 3400 seclogon - ok
18:20:26.0609 3400 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:20:26.0671 3400 SENS - ok
18:20:26.0703 3400 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:20:26.0765 3400 Serial - ok
18:20:26.0796 3400 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:20:26.0859 3400 Sfloppy - ok
18:20:26.0890 3400 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:20:26.0953 3400 SharedAccess - ok
18:20:26.0984 3400 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:20:27.0000 3400 ShellHWDetection - ok
18:20:27.0000 3400 Simbad - ok
18:20:27.0015 3400 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:20:27.0078 3400 SLIP - ok
18:20:27.0093 3400 Sparrow - ok
18:20:27.0109 3400 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:20:27.0156 3400 splitter - ok
18:20:27.0187 3400 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:20:27.0187 3400 Spooler - ok
18:20:27.0218 3400 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:20:27.0265 3400 sr - ok
18:20:27.0296 3400 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:20:27.0359 3400 srservice - ok
18:20:27.0375 3400 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:20:27.0390 3400 Srv - ok
18:20:27.0421 3400 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:20:27.0484 3400 SSDPSRV - ok
18:20:27.0531 3400 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:20:27.0578 3400 stisvc - ok
18:20:27.0671 3400 stllssvr (ad989072596ab313d7fa13bcf69573f7) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:20:27.0687 3400 stllssvr - ok
18:20:27.0703 3400 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:20:27.0750 3400 streamip - ok
18:20:27.0781 3400 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:20:27.0843 3400 swenum - ok
18:20:27.0875 3400 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:20:27.0937 3400 swmidi - ok
18:20:27.0937 3400 SwPrv - ok
18:20:27.0937 3400 symc810 - ok
18:20:27.0937 3400 symc8xx - ok
18:20:27.0937 3400 sym_hi - ok
18:20:27.0937 3400 sym_u3 - ok
18:20:27.0968 3400 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:20:28.0031 3400 sysaudio - ok
18:20:28.0046 3400 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:20:28.0109 3400 SysmonLog - ok
18:20:28.0140 3400 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:20:28.0187 3400 TapiSrv - ok
18:20:28.0234 3400 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:20:28.0265 3400 Tcpip - ok
18:20:28.0281 3400 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:20:28.0328 3400 TDPIPE - ok
18:20:28.0343 3400 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:20:28.0390 3400 TDTCP - ok
18:20:28.0406 3400 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:20:28.0468 3400 TermDD - ok
18:20:28.0500 3400 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:20:28.0562 3400 TermService - ok
18:20:28.0593 3400 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:20:28.0609 3400 Themes - ok
18:20:28.0625 3400 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:20:28.0687 3400 TlntSvr - ok
18:20:28.0687 3400 TosIde - ok
18:20:28.0703 3400 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:20:28.0781 3400 TrkWks - ok
18:20:28.0781 3400 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:20:28.0843 3400 Udfs - ok
18:20:28.0843 3400 ultra - ok
18:20:28.0875 3400 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:20:28.0937 3400 Update - ok
18:20:28.0953 3400 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:20:29.0015 3400 upnphost - ok
18:20:29.0031 3400 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:20:29.0093 3400 UPS - ok
18:20:29.0140 3400 USB28xxBGA (66754eee4ad1a9896b094df64e13101a) C:\WINDOWS\system32\DRIVERS\emBDA.sys
18:20:29.0156 3400 USB28xxBGA - ok
18:20:29.0218 3400 USB28xxOEM (7736875610b20481c0cb64db53dff780) C:\WINDOWS\system32\DRIVERS\emOEM.sys
18:20:29.0234 3400 USB28xxOEM - ok
18:20:29.0265 3400 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:20:29.0312 3400 usbaudio - ok
18:20:29.0328 3400 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:20:29.0390 3400 usbccgp - ok
18:20:29.0406 3400 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:20:29.0468 3400 usbehci - ok
18:20:29.0484 3400 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:20:29.0546 3400 usbhub - ok
18:20:29.0562 3400 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:20:29.0625 3400 usbprint - ok
18:20:29.0640 3400 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:20:29.0718 3400 usbscan - ok
18:20:29.0734 3400 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:20:29.0812 3400 USBSTOR - ok
18:20:29.0828 3400 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:20:29.0890 3400 usbuhci - ok
18:20:29.0906 3400 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:20:29.0953 3400 VgaSave - ok
18:20:29.0953 3400 ViaIde - ok
18:20:29.0968 3400 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:20:30.0015 3400 VolSnap - ok
18:20:30.0046 3400 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:20:30.0093 3400 VSS - ok
18:20:30.0109 3400 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:20:30.0171 3400 W32Time - ok
18:20:30.0171 3400 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:20:30.0234 3400 Wanarp - ok
18:20:30.0265 3400 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:20:30.0281 3400 Wdf01000 - ok
18:20:30.0281 3400 WDICA - ok
18:20:30.0312 3400 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:20:30.0359 3400 wdmaud - ok
18:20:30.0375 3400 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:20:30.0437 3400 WebClient - ok
18:20:30.0500 3400 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
18:20:30.0500 3400 WinDefend - ok
18:20:30.0562 3400 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:20:30.0609 3400 winmgmt - ok
18:20:30.0640 3400 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
18:20:30.0656 3400 WinUSB - ok
18:20:30.0671 3400 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:20:30.0671 3400 WmdmPmSN - ok
18:20:30.0734 3400 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:20:30.0750 3400 Wmi - ok
18:20:30.0781 3400 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:20:30.0859 3400 WmiApSrv - ok
18:20:30.0937 3400 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:20:30.0968 3400 WMPNetworkSvc - ok
18:20:31.0062 3400 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) C:\Program Files\Zune\WMZuneComm.exe
18:20:31.0078 3400 WMZuneComm - ok
18:20:31.0312 3400 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:20:31.0328 3400 WPFFontCache_v0400 - ok
18:20:31.0406 3400 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:20:31.0484 3400 WS2IFSL - ok
18:20:31.0500 3400 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:20:31.0562 3400 wscsvc - ok
18:20:31.0593 3400 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:20:31.0656 3400 WSTCODEC - ok
18:20:31.0671 3400 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:20:31.0734 3400 wuauserv - ok
18:20:31.0765 3400 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:20:31.0781 3400 WudfPf - ok
18:20:31.0796 3400 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:20:31.0796 3400 WudfRd - ok
18:20:31.0828 3400 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
18:20:31.0843 3400 WudfSvc - ok
18:20:31.0890 3400 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:20:31.0984 3400 WZCSVC - ok
18:20:32.0000 3400 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:20:32.0062 3400 xmlprov - ok
18:20:32.0078 3400 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
18:20:32.0078 3400 zumbus - ok
18:20:32.0140 3400 ZuneBusEnum (dee869820c3483ec7b92a9fd9ba332a7) C:\Program Files\Zune\ZuneBusEnum.exe
18:20:32.0156 3400 ZuneBusEnum - ok
18:20:32.0593 3400 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) C:\Program Files\Zune\ZuneNss.exe
18:20:32.0750 3400 ZuneNetworkSvc - ok
18:20:32.0875 3400 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
18:20:32.0890 3400 ZuneWlanCfgSvc - ok
18:20:32.0906 3400 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
18:20:32.0937 3400 \Device\Harddisk0\DR0 - ok
18:20:32.0937 3400 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:20:33.0187 3400 \Device\Harddisk1\DR1 - ok
18:20:33.0187 3400 Boot (0x1200) (d45b2604aad11f99eb0cf69cdbf1a7f9) \Device\Harddisk0\DR0\Partition0
18:20:33.0187 3400 \Device\Harddisk0\DR0\Partition0 - ok
18:20:33.0187 3400 Boot (0x1200) (f4fae31be2548205b16661f319a9074e) \Device\Harddisk1\DR1\Partition0
18:20:33.0187 3400 \Device\Harddisk1\DR1\Partition0 - ok
18:20:33.0218 3400 Boot (0x1200) (29a25e2a172d2c3a2433a8ee80e56a92) \Device\Harddisk1\DR1\Partition1
18:20:33.0218 3400 \Device\Harddisk1\DR1\Partition1 - ok
18:20:33.0218 3400 ============================================================
18:20:33.0218 3400 Scan finished
18:20:33.0218 3400 ============================================================
18:20:33.0328 3392 Detected object count: 8
18:20:33.0328 3392 Actual detected object count: 8
18:20:37.0171 3392 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:37.0171 3392 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:37.0187 3392 ArcCD ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:37.0187 3392 ArcCD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:37.0187 3392 ArcRec ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:37.0187 3392 ArcRec ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:37.0187 3392 ArcUdfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:37.0187 3392 ArcUdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:37.0187 3392 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:37.0187 3392 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:37.0187 3392 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:37.0187 3392 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:37.0187 3392 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:37.0187 3392 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:37.0187 3392 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:37.0187 3392 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-10 18:08:31
-----------------------------
18:08:31.796 OS Version: Windows 5.1.2600 Service Pack 3
18:08:31.796 Number of processors: 2 586 0x170A
18:08:31.796 ComputerName: MAIN UserName:
18:08:32.421 Initialize success
18:09:24.781 AVAST engine defs: 12051001
18:09:30.921 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port4Path0Target0Lun0
18:09:30.921 Disk 0 Vendor: SATA____ 0000 Size: 1430798MB BusType: 8
18:09:30.921 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\JRAID1Port4Path0Target1Lun0
18:09:30.921 Disk 1 Vendor: SATA____ 0000 Size: 476940MB BusType: 8
18:09:30.921 Disk 1 MBR read successfully
18:09:30.921 Disk 1 MBR scan
18:09:30.937 Disk 1 Windows XP default MBR code
18:09:30.937 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28003 MB offset 63
18:09:30.953 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 440077 MB offset 57352050
18:09:30.953 Disk 1 Partition - 00 05 Extended 8856 MB offset 958630680
18:09:31.000 Disk 1 Partition 3 00 82 Linux swap 8856 MB offset 958630743
18:09:31.000 Disk 1 scanning sectors +976768065
18:09:31.062 Disk 1 scanning C:\WINDOWS\system32\drivers
18:09:38.093 Service scanning
18:09:50.546 Modules scanning
18:09:57.796 Disk 1 trace - called modules:
18:09:57.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS jraid.sys
18:09:57.812 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ac77030]
18:09:57.812 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000078[0x8ac5ec80]
18:09:57.828 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Scsi\JRAID1Port4Path0Target1Lun0[0x8ac59030]
18:09:58.171 AVAST engine scan C:\WINDOWS
18:10:14.765 AVAST engine scan C:\WINDOWS\system32
18:12:16.734 AVAST engine scan C:\WINDOWS\system32\drivers
18:12:26.343 AVAST engine scan C:\Documents and Settings\Parents
18:16:53.781 AVAST engine scan C:\Documents and Settings\All Users
18:17:43.187 Scan finished successfully
18:19:44.812 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Parents\Desktop\MBR.dat"
18:19:44.812 The log file has been saved successfully to "C:\Documents and Settings\Parents\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 10 May 2012 - 06:05 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Lippy2950

Lippy2950
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 10 May 2012 - 07:29 PM

OTL logfile created on: 5/10/2012 8:22:21 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Parents\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 80.76% Memory free
4.84 Gb Paging File | 4.48 Gb Available in Paging File | 92.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.35 Gb Total Space | 3.53 Gb Free Space | 12.91% Space Free | Partition Type: NTFS
Drive E: | 119.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 429.76 Gb Total Space | 363.16 Gb Free Space | 84.50% Space Free | Partition Type: NTFS
Drive S: | 1397.25 Gb Total Space | 1379.42 Gb Free Space | 98.72% Space Free | Partition Type: NTFS

Computer Name: MAIN | User Name: Parents | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Parents\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTXFISPI.EXE (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Rebit-SaveMe\bin\QtSqlRebit4.dll ()
MOD - C:\Program Files\Rebit-SaveMe\bin\QtCoreRebit4.dll ()
MOD - C:\Program Files\Rebit-SaveMe\bin\zlib1.dll ()
MOD - C:\WINDOWS\CTXFIRES.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- C:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (Rebit-SaveMe-Svc) -- C:\Program Files\Rebit-SaveMe\bin\Rebit-SaveMe-Svc.exe (Rebit, Inc.)
SRV - (Rebit-SaveMe-SysMon) -- C:\Program Files\Rebit-SaveMe\bin\Rebit-SaveMe-SysMon.exe (Rebit, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (RoxMediaDBVHS) -- C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe (Sonic Solutions)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (GEST Service) -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\Parents\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (hitmanpro35) -- C:\WINDOWS\system32\drivers\hitmanpro36.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (DigiartyVirtualCDBus) -- C:\WINDOWS\system32\drivers\DigiartyVirtualCDBus.sys (Digiarty Software, Inc.)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (ArcCD) -- C:\WINDOWS\System32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (ArcUdfs) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (ArcRec) -- C:\WINDOWS\System32\drivers\ArcRec.sys (ArcSoft Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-492894223-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-507921405-492894223-725345543-1003\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-507921405-492894223-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-507921405-492894223-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-507921405-492894223-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-492894223-725345543-1003\..\SearchScopes\{5F4764C9-A953-44D8-BA81-4C334ADB8090}: "URL" = http://rover.ebay.com/rover/1/711-53200-19255-0/1?satitle={searchTerms}&ext={searchTerms}&customid=&toolid=10001&campid=5336017972&type=3
IE - HKU\S-1-5-21-507921405-492894223-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_en
IE - HKU\S-1-5-21-507921405-492894223-725345543-1003\..\SearchScopes\{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035}: "URL" = http://www.amazon.com/gp/search?keywords={searchTerms}&index=blended&tag=dffx-20&camp=1789&creative=9325&linkCode=ur2&ie=UTF-8
IE - HKU\S-1-5-21-507921405-492894223-725345543-1003\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKU\S-1-5-21-507921405-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/27 19:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/10 17:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/10 17:56:56 | 000,000,000 | ---D | M]

[2009/10/10 15:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Parents\Application Data\Mozilla\Extensions
[2012/05/01 21:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Parents\Application Data\Mozilla\Firefox\Profiles\38mwhmuf.default\extensions
[2010/04/28 20:19:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Parents\Application Data\Mozilla\Firefox\Profiles\38mwhmuf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/30 08:14:21 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Parents\Application Data\Mozilla\Firefox\Profiles\38mwhmuf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/02/29 20:21:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Parents\Application Data\Mozilla\Firefox\Profiles\38mwhmuf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/09/28 20:38:46 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Parents\Application Data\Mozilla\Firefox\Profiles\38mwhmuf.default\searchplugins\bing.xml
[2011/11/09 18:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/27 19:44:43 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/05/03 13:45:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/09/24 19:33:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/13 22:23:15 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/09 18:22:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: EPAFactory Endpoint Analysis Plugin 4.5.4.0 (Enabled) = C:\Documents and Settings\Parents\Application Data\Mozilla\plugins\np7ADD0059-A3D7-4650-9384-36F75EE23A85.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Autoplayer for Mafia Wars (Facebook) = C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgagpckjofhomehafhognmangbjdiaap\1.1.855_0\
CHR - Extension: Pixlr-o-matic = C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Poppit = C:\Documents and Settings\Parents\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/05/10 10:57:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://portal.tsachoice.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://paychextraining.webex.com/client/T26L/training/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE98F609-E821-4A2A-BDB4-A902F201235F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE98F609-E821-4A2A-BDB4-A902F201235F}: NameServer = 68.115.71.53,66.189.0.29
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Parents\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Parents\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/03 14:12:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/12 13:59:03 | 000,000,169 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a45bb3f5-0c94-11e0-8c9b-001fd09a948d}\Shell\AutoRun\command - "" = K:\.\Vado\Vado.exe
O33 - MountPoints2\{b91238de-5bc9-11df-8c7f-001fd09a948d}\Shell - "" = AutoRun
O33 - MountPoints2\{b91238de-5bc9-11df-8c7f-001fd09a948d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b91238de-5bc9-11df-8c7f-001fd09a948d}\Shell\AutoRun\command - "" = M:\MI.exe
O33 - MountPoints2\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\Shell - "" = AutoRun
O33 - MountPoints2\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\Shell\AutoRun\command - "" = M:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/10 20:21:01 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Parents\Desktop\OTL.exe
[2012/05/10 18:08:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Parents\Desktop\aswMBR.exe
[2012/05/10 18:00:06 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Parents\Desktop\tdsskiller.exe
[2012/05/10 10:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/10 09:07:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/05/10 09:04:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/10 09:04:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/10 09:04:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/10 09:04:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/10 09:04:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/10 09:03:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/10 08:37:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/09 00:42:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Parents\Recent
[2012/05/08 22:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/05/08 22:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/05/08 19:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/08 18:03:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/08 17:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parents\Start Menu\Programs\Data Recovery
[2012/05/06 18:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parents\My Documents\Downloads
[2012/05/03 13:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/03 13:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/24 07:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parents\My Documents\AdobeStockPhotos
[2012/04/21 20:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parents\My Documents\CyberLink
[2012/04/21 17:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterActual
[2012/04/21 17:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2012/04/19 20:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parents\My Documents\New Folder
[2012/04/19 20:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parents\My Documents\My Music
[2012/04/19 20:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parents\My Documents\Podcast
[2012/04/14 15:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parents\My Documents\H&R Block Business
[2012/04/14 12:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parents\Start Menu\Programs\H&R Block Business 2011
[2012/04/14 12:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/04/14 12:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2011
[2012/04/14 12:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2011
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/10 20:21:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parents\Desktop\OTL.exe
[2012/05/10 20:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/10 20:05:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/10 20:00:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-725345543-1003UA.job
[2012/05/10 18:19:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Parents\Desktop\MBR.dat
[2012/05/10 18:08:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Parents\Desktop\aswMBR.exe
[2012/05/10 18:00:11 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Parents\Desktop\tdsskiller.exe
[2012/05/10 17:55:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/10 17:55:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/10 17:54:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/10 17:54:41 | 000,178,544 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/05/10 17:54:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/05/10 11:31:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/10 10:57:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/10 09:15:07 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-00311102}.rfx
[2012/05/10 09:15:07 | 000,054,632 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00311102}.rfx
[2012/05/10 09:15:07 | 000,054,632 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-00311102}.rfx
[2012/05/10 09:15:07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/05/10 09:15:07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/05/10 09:14:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/09 07:46:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/09 01:11:23 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/09 01:11:23 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/09 00:52:02 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/09 00:51:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/05/09 00:46:27 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-S6b3aizdRfmdmJr
[2012/05/09 00:46:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-S6b3aizdRfmdmJ
[2012/05/09 00:42:07 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2012/05/09 00:41:54 | 000,026,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/05/09 00:39:55 | 000,000,972 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2012/05/08 19:17:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 17:55:33 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Parents\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/08 10:44:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\MotoCast Update.job
[2012/05/08 10:43:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2012/05/07 22:00:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-725345543-1003Core.job
[2012/05/06 18:07:56 | 000,039,880 | ---- | M] () -- C:\Documents and Settings\Parents\Desktop\golden-retriever-puppy2.jpg
[2012/05/06 10:43:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2012/05/01 21:45:26 | 000,345,774 | ---- | M] () -- C:\Documents and Settings\Parents\Desktop\Beer City 5-1-12 2140.psd
[2012/05/01 21:42:27 | 000,497,246 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/01 21:42:27 | 000,085,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/01 21:41:14 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/01 21:35:24 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/01 07:01:33 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Parents\Desktop\Google Chrome.lnk
[2012/04/21 21:01:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Parents\My Documents\PDVD_MediaDisc.PlayList
[2012/04/21 20:57:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iplayer.INI
[2012/04/21 17:51:59 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2012/04/18 07:13:46 | 000,470,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/18 06:02:11 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2012/04/14 12:58:51 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\Parents\Desktop\H&R Block Business 2011.lnk
[2012/04/14 12:10:17 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2011.lnk
[2012/04/11 21:11:10 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/10 18:19:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Parents\Desktop\MBR.dat
[2012/05/10 09:04:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/10 09:04:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/10 09:04:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/10 09:04:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/10 09:04:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/10 09:04:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/10 09:04:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/09 00:39:55 | 000,000,972 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2012/05/08 22:15:57 | 000,026,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/05/08 21:22:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/08 19:17:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 17:55:33 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Parents\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/08 17:50:51 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-S6b3aizdRfmdmJr
[2012/05/08 17:50:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-S6b3aizdRfmdmJ
[2012/05/06 18:04:14 | 000,039,880 | ---- | C] () -- C:\Documents and Settings\Parents\Desktop\golden-retriever-puppy2.jpg
[2012/05/01 21:51:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/01 21:45:24 | 000,345,774 | ---- | C] () -- C:\Documents and Settings\Parents\Desktop\Beer City 5-1-12 2140.psd
[2012/04/21 21:00:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Parents\My Documents\PDVD_MediaDisc.PlayList
[2012/04/21 20:57:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2012/04/21 17:51:59 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2012/04/14 12:58:51 | 000,000,573 | ---- | C] () -- C:\Documents and Settings\Parents\Desktop\H&R Block Business 2011.lnk
[2012/04/14 12:10:17 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2011.lnk
[2012/02/20 08:46:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/23 20:57:44 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Parents\Local Settings\Application Data\rx_audio.Cache
[2011/01/30 18:45:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/20 12:38:35 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ContextMenu.dll
[2010/07/22 18:19:11 | 000,634,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/22 18:15:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 10 May 2012 - 08:49 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
    O33 - MountPoints2\{a45bb3f5-0c94-11e0-8c9b-001fd09a948d}\Shell\AutoRun\command - "" = K:\.\Vado\Vado.exe
    O33 - MountPoints2\{b91238de-5bc9-11df-8c7f-001fd09a948d}\Shell - "" = AutoRun
    O33 - MountPoints2\{b91238de-5bc9-11df-8c7f-001fd09a948d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b91238de-5bc9-11df-8c7f-001fd09a948d}\Shell\AutoRun\command - "" = M:\MI.exe
    O33 - MountPoints2\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\Shell - "" = AutoRun
    O33 - MountPoints2\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\Shell\AutoRun\command - "" = M:\MotoCastSetup.exe -a
    [2012/05/09 00:46:27 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-S6b3aizdRfmdmJr
    [2012/05/09 00:46:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-S6b3aizdRfmdmJ
    [2012/05/08 17:55:33 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Parents\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
    [2012/05/08 17:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parents\Start Menu\Programs\Data Recovery
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Lippy2950

Lippy2950
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 11 May 2012 - 06:17 AM

Ran script and rebooted. The 'Data_Recovery' icon is gone from the Quicklaunch toolbar but so are all the other icons that were on it.

========== OTL ==========
Prefs.js: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 removed from extensions.enabledItems
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a45bb3f5-0c94-11e0-8c9b-001fd09a948d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a45bb3f5-0c94-11e0-8c9b-001fd09a948d}\ not found.
File K:\.\Vado\Vado.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b91238de-5bc9-11df-8c7f-001fd09a948d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b91238de-5bc9-11df-8c7f-001fd09a948d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b91238de-5bc9-11df-8c7f-001fd09a948d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b91238de-5bc9-11df-8c7f-001fd09a948d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b91238de-5bc9-11df-8c7f-001fd09a948d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b91238de-5bc9-11df-8c7f-001fd09a948d}\ not found.
File M:\MI.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1f1925a-4a0c-11e1-8cb6-001fd09a948d}\ not found.
File M:\MotoCastSetup.exe -a not found.
C:\Documents and Settings\All Users\Application Data\-S6b3aizdRfmdmJr moved successfully.
C:\Documents and Settings\All Users\Application Data\-S6b3aizdRfmdmJ moved successfully.
C:\Documents and Settings\Parents\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
C:\Documents and Settings\Parents\Start Menu\Programs\Data Recovery folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Parents\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Parents\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Molly

User: NetworkService

User: Parents
->Java cache emptied: 43183770 bytes

Total Java Files Cleaned = 41.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 60575 bytes

User: All Users

User: Default User
->Flash cache emptied: 56502 bytes

User: LocalService

User: Molly
->Flash cache emptied: 59215 bytes

User: NetworkService

User: Parents
->Flash cache emptied: 2018136 bytes

Total Flash Files Cleaned = 2.00 mb


OTL by OldTimer - Version 3.2.42.3 log created on 05112012_070021

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 11 May 2012 - 07:38 AM

ello


I would like you to run this first to see if they are hidden - http://download.bleepingcomputer.com/grinler/unhide.exe



Now I would like you to run this next to replace the defualt folders in the start menu

http://download.bleepingcomputer.com/grinler/fakehdd/winxp-pro-32bit-sm-reset.exe - XP


if this does not help the you will have to put the icons back yourself
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Lippy2950

Lippy2950
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 11 May 2012 - 08:07 AM

Ran both. Put the icons back on myself.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 11 May 2012 - 12:59 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Lippy2950

Lippy2950
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 11 May 2012 - 08:58 PM

Ran fine. Was able to remove Microsoft Security Essentials before ComboFix this time. Haven't noticed anything unusual with the system but I haven't really done anything with it since all the protections are turned off.

ComboFix 12-05-12.01 - Parents 05/12/2012 8:07.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2277 [GMT -4:00]
Running from: c:\documents and settings\Parents\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Parents\Desktop\CFScript
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-11 13:04 . 2011-11-12 02:57 18367336 ----a-w- c:\documents and settings\Parents\Application Data\Microsoft\Internet Explorer\Quick Launch\EXCEL.EXE
2012-05-11 13:03 . 2011-09-16 00:41 408936 ----a-w- c:\documents and settings\Parents\Application Data\Microsoft\Internet Explorer\Quick Launch\WINWORD.EXE
2012-05-11 11:00 . 2012-05-11 11:00 -------- d-----w- C:\_OTL
2012-05-09 02:15 . 2012-05-09 04:41 26400 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-05-09 02:15 . 2012-05-09 02:15 -------- d-----w- c:\program files\HitmanPro
2012-05-09 02:15 . 2012-05-09 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-08 22:04 . 2012-05-09 23:00 -------- d-----w- c:\documents and settings\Administrator
2012-05-03 17:45 . 2012-05-03 17:45 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 17:45 . 2012-05-03 17:45 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 17:45 . 2012-05-03 17:45 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-21 21:51 . 2012-04-21 21:52 -------- d-----w- c:\program files\InterActual
2012-04-14 16:54 . 2012-04-14 16:54 -------- d-----w- c:\program files\Microsoft.NET
2012-04-14 16:08 . 2012-04-14 16:09 -------- d-----w- c:\program files\HRBlock2011
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 04:54 . 2012-04-06 13:41 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-12 04:54 . 2011-06-17 00:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 04:42 . 2009-07-03 18:39 16608 ----a-w- c:\windows\gdrv.sys
2012-04-11 13:14 . 2004-08-04 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2009-07-13 12:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-05-03 17:45 . 2011-03-26 16:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-10_14.57.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2012-05-02 01:42 85604 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2012-05-12 02:11 85604 c:\windows\system32\perfc009.dat
+ 2011-12-15 17:08 . 2011-12-15 17:08 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-02 01:38 . 2012-05-02 01:38 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-10 21:56 . 2012-05-10 21:56 77824 c:\windows\Installer\{B124E6D3-91B4-4E3C-AD03-BA959B223537}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
- 2012-05-03 00:10 . 2012-05-03 00:10 77824 c:\windows\Installer\{B124E6D3-91B4-4E3C-AD03-BA959B223537}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
+ 2009-07-17 13:02 . 2012-05-12 02:16 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-17 13:02 . 2012-05-02 01:43 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-07-17 13:02 . 2012-05-12 02:16 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-17 13:02 . 2012-05-02 01:43 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-17 13:02 . 2012-05-02 01:43 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-17 13:02 . 2012-05-12 02:16 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-11 07:09 . 2012-05-12 02:14 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-11 07:09 . 2012-02-27 23:37 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\d0e566898e25f6b1b4cb399088d335d4\System.Xaml.Hosting.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\b9b7098a0488ac87026a0cadd2d7d972\System.Windows.Presentation.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\d8f7bf8ce78d0785e68c589c1e64a6dd\System.Web.Routing.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\79c0c2e11b29975231a4a33afcd5cc74\System.Web.DynamicData.Design.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\e5cf7be6b9deee73d674f2bc43752fed\System.Web.ApplicationServices.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\31ec874a9482ad1a99ba24ca4a6ec914\System.Web.Abstractions.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ecf399e8d134430078d35927ba352639\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\c1f0119b6a48a5e5741506ad6fc03d3f\Microsoft.Workflow.Compiler.ni.exe
+ 2012-05-12 02:21 . 2012-05-12 02:21 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\UIXControls\e16d25a68afefcb714b8508812583b4c\UIXControls.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-05-12 02:11 . 2012-05-12 02:11 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-05-12 02:19 . 2012-05-12 02:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-05-12 02:19 . 2012-05-12 02:19 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-05-12 02:19 . 2012-05-12 02:19 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fd866b4158c3bd2a26c875f2896c5573\dfsvc.ni.exe
+ 2012-05-12 02:10 . 2012-05-12 02:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-06 03:13 . 2012-04-06 03:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
- 2004-08-04 12:00 . 2012-05-02 01:42 497246 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2012-05-12 02:11 497246 c:\windows\system32\perfh009.dat
+ 2012-05-09 00:31 . 2012-05-12 04:54 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
- 2012-05-09 00:31 . 2012-05-09 00:31 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
- 2012-05-09 00:31 . 2012-05-09 00:31 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-05-09 00:31 . 2012-05-12 04:54 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-04-06 13:41 . 2012-05-12 04:54 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-06 13:41 . 2012-05-09 05:11 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-07-03 17:55 . 2012-04-18 11:13 470784 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-03 17:55 . 2012-05-12 02:26 470784 c:\windows\system32\FNTCACHE.DAT
+ 2012-01-19 17:08 . 2012-01-19 17:08 917272 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 182056 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2012-01-21 21:40 . 2012-01-21 21:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 156440 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 386824 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2012-04-06 03:52 . 2012-04-06 03:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-12-22 20:50 . 2011-12-22 20:50 256000 c:\windows\Installer\2d62d92.msp
+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\2d62d7c.msp
+ 2009-07-17 13:02 . 2012-05-12 02:16 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-07-17 13:02 . 2012-05-02 01:43 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-17 13:02 . 2012-05-12 02:16 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-07-17 13:02 . 2012-05-02 01:43 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-07-17 13:02 . 2012-05-12 02:16 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-17 13:02 . 2012-05-02 01:43 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-17 13:02 . 2012-05-02 01:43 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-07-17 13:02 . 2012-05-12 02:16 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-17 13:02 . 2012-05-02 01:43 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-17 13:02 . 2012-05-12 02:16 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-07-17 13:02 . 2012-05-02 01:43 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-07-17 13:02 . 2012-05-12 02:16 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-17 13:02 . 2012-05-02 01:43 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-07-17 13:02 . 2012-05-12 02:16 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 915800 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\wpftxt_x86.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 181096 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationHostDLL_X86.dll
+ 2011-09-16 00:41 . 2011-09-16 00:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2012-05-12 02:24 . 2012-05-12 02:24 404480 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\af016c61241c5f656987befbe2bd3877\XamlBuildTask.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\0f2ca934e561d299029ace93471f6f5d\WsatConfig.ni.exe
+ 2012-05-12 02:24 . 2012-05-12 02:24 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a5b389ddffcb10f23884f01c0e1954d9\WindowsFormsIntegration.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
+ 2012-05-12 02:24 . 2012-05-12 02:24 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\9b0ac8d84952a581adf18051bb60bea1\UIAutomationClient.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\59fb92c38f1035e7b11a23fc6e82c992\System.Windows.Input.Manipulations.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\3fc4093effe88b94c28d185979d97cbb\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\6c381bad9ad26135eb47fd9420808ae1\System.Web.RegularExpressions.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\fa6bab64629905b85451dbee37e4851f\System.Web.Extensions.Design.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\c2a4f81c13b1441b9fe7e1aacc2afb5b\System.Web.Entity.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\15492df7ca32620bec0039384b4690c6\System.Web.Entity.Design.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\a2f42d2d83d497bfb4826a172fa669c0\System.Web.DynamicData.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\d4ac742a56206e3532159cabc176fca2\System.Web.DataVisualization.Design.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\371591225ee369c94784e24dc22f2e45\System.ServiceProcess.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 425472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9b58b34c78a2ee10db91790197269962\System.ServiceModel.Activation.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6a37764b2df9b3f9c7775701027ef779\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\082473bbeed448eb13a7f348cf33e98f\System.Runtime.Remoting.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 241664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\0c4ec58f70e0fe6e74458c35fb260e2d\System.Runtime.Caching.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 652800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\b0a7e53e8aaaca2d2ae065e85f959ff4\System.Net.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\d1699452fcccc4ac0b6e86be4ec2ed35\System.Messaging.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\d7cba8bd14e7352bc6b1f7cd35b7fd43\System.Management.Instrumentation.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\100d056c9dc360ec5a25ff227a14840b\System.IO.Log.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\5e38634854f36e1aff7500a351830427\System.IdentityModel.Selectors.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.Wrapper.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1203e60a51fe0f726fbeaf0456f938a5\System.Dynamic.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\68621e2bf91028ee9da6f195cd817603\System.Drawing.Design.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\c75c07a581ad459c8474cd83aa7dabf4\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\80373cd811bf63ae93af1733a6c7e1c5\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\6fbe438983c9ca94c80d64225ad2e5ce\System.Device.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 508416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\d506d749f8876ce54d2873f821ed71d0\System.Data.Services.Design.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\950c346ef6261ecc93ced8d995914a1d\System.Data.DataSetExtensions.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\5f1677711612f8920a01bd480b5d163f\System.Configuration.Install.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\f7099031cfac8ec61b948bb09b07b1a1\System.ComponentModel.Composition.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\bcbd0e714127d69a895ef80afa5dfd78\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\41d68b79da934255ca82b466b93d7938\System.AddIn.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2d00f7297e070e69c1cb44b25503b1c3\System.Activities.DurableInstancing.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\0ae347a9076db27075e06a63f2123186\SMSvcHost.ni.exe
+ 2012-05-12 02:21 . 2012-05-12 02:21 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ee6e30c355ec2ffab1525b42253f7aef\PresentationFramework.Aero.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c0f724e8231a71eb4d062d4f5233ff7f\PresentationFramework.Royale.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\45d2307fb0898a18dec5a04ff9f8b85c\PresentationFramework.Classic.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\190e1740c9b998105a47ec31df0b6f11\PresentationFramework.Luna.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\9721e2b6b8c609ca6e1cc4421fe21aab\MSBuild.ni.exe
+ 2012-05-12 02:21 . 2012-05-12 02:21 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\3feff5c65196e9e985da693ea38ec5e7\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\10d7bd563bd71306375c6887ddd9de46\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\6a85603698b482431ee32be6bbb9dc17\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\36d04a30117557a021b77148dee9b6ad\Microsoft.Build.Framework.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\d7434f17d4dc794989bbfc452830ba53\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\b1b54defb7aa37ea943d218f3adc3d02\ComSvcConfig.ni.exe
+ 2012-05-12 02:21 . 2012-05-12 02:21 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\956ba9061ea395593dd2944b60786186\AspNetMMCExt.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-05-12 02:13 . 2012-05-12 02:13 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-05-12 02:19 . 2012-05-12 02:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-05-12 02:19 . 2012-05-12 02:19 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\bf7d6af03e1230ccad546a8659245ae9\System.Configuration.Install.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-05-12 02:18 . 2012-05-12 02:18 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-05-12 02:13 . 2012-05-12 02:13 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-05-12 02:19 . 2012-05-12 02:19 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-05-12 02:18 . 2012-05-12 02:18 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-05-12 02:19 . 2012-05-12 02:19 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e414683ec4cff1cac0c77aaefd67144e\AspNetMMCExt.ni.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-11-02 11:35 . 2012-02-27 23:42 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2009-09-12 14:56 . 2009-09-12 14:56 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-12 02:17 . 2012-05-12 02:17 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-09-12 14:55 . 2009-09-12 14:55 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-12 02:17 . 2012-05-12 02:17 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-05-09 04:46 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2009-04-17 12:26 . 2012-04-11 13:12 1862272 c:\windows\system32\dllcache\win32k.sys
+ 2009-07-03 19:14 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-07-03 19:14 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 23:02 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-07-03 19:14 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2012-01-19 17:08 . 2012-01-19 17:08 1369872 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 6429992 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 3790112 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 5029160 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-10-26 08:39 . 2011-10-26 08:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-07-07 09:18 . 2011-07-07 09:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 5029160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-02 01:38 . 2012-05-02 01:38 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-29 01:44 . 2012-04-29 01:44 9101824 c:\windows\Installer\2d62e89.msp
+ 2012-04-29 01:44 . 2012-04-29 01:44 9586176 c:\windows\Installer\2d62e71.msp
+ 2012-04-29 01:43 . 2012-04-29 01:43 8459264 c:\windows\Installer\2d62e58.msp
+ 2012-04-30 18:38 . 2012-04-30 18:38 5011456 c:\windows\Installer\2d62e40.msp
+ 2012-04-05 02:38 . 2012-04-05 02:38 3620864 c:\windows\Installer\2d62e28.msp
+ 2012-02-17 12:45 . 2012-02-17 12:45 2299392 c:\windows\Installer\2d62e10.msp
+ 2012-03-15 06:24 . 2012-03-15 06:24 1795584 c:\windows\Installer\2d62df9.msp
+ 2012-04-05 02:38 . 2012-04-05 02:38 2831360 c:\windows\Installer\2d62de1.msp
+ 2012-01-19 17:37 . 2012-01-19 17:37 8999936 c:\windows\Installer\2d62d9e.msp
+ 2012-01-22 14:09 . 2012-01-22 14:09 1700352 c:\windows\Installer\2d62d74.msp
+ 2010-12-19 23:21 . 2012-05-12 02:16 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-12-19 23:21 . 2012-05-02 01:43 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-12-19 23:21 . 2012-05-02 01:43 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-12-19 23:21 . 2012-05-12 02:16 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 1303896 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\WindowsBase_x86.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6346600 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationFramework_x86.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 3545952 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationCore_x86.dll
+ 2011-08-17 13:49 . 2011-08-17 13:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-07 06:58 . 2011-07-07 06:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2009-07-03 19:14 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-07-03 19:14 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 23:02 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-07-03 19:14 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-05-12 02:12 . 2012-05-12 02:12 3856896 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\933e8e44a2b9361822b29aae6070e2a2\WindowsBase.ni.dll
+ 2012-05-12 02:24 . 2012-05-12 02:24 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\2cf35797a56eba020ed629b395ad2daa\UIAutomationClientsideProviders.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 9090560 c:\windows\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9b6f1bcb2cf4e6ad429cd721b942f30f\System.Xaml.ni.dll
+ 2012-05-12 02:24 . 2012-05-12 02:24 1211904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\5da8f19f85c97e6a3a2a0dc257d0b327\System.WorkflowServices.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 1969152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\98f298152a32f3771c76a67ee232d62c\System.Workflow.Runtime.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 4475904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\da1295163d9dd38318c7d9405ed94d78\System.Workflow.ComponentModel.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\7f0934255a54a2a0cebe8dd152c72647\System.Workflow.Activities.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\29675002751f30ff53d8d35d53d9f619\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1897472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\65f64efe2aec0291c18453af0c3eb19b\System.Web.Services.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\4edc91f0fa0ff905acbcabcd2e5f7854\System.Web.Mobile.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\157a20c673d67bd0f8e28600de870a42\System.Web.Extensions.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 4574720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\38e02be6052fe6b5bea6e0812b0d5783\System.Web.DataVisualization.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 2010624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\7ebd25fd0282e19eba65f4da70ab5a0b\System.Speech.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 1051648 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d6efd98958647b0a5b224393605f30da\System.ServiceModel.Web.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\251af94314c9427595f307aa885e8987\System.Printing.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\1409dc3832b37f850569c69a795f834b\System.Management.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c821be068070b07a9a339ab7152bc95e\System.Drawing.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8d978e3524c0bd870ce63db289c4de6d\System.DirectoryServices.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\fb446c68554dea86b92a232efb137fbb\System.Deployment.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\6cdfd96214b74cdf4984ae8ee076f421\System.Data.SqlXml.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 2018304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\3b487559f07993f2752c0db036a82042\System.Data.Services.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\65444428f83ba9e46053e46d2341655f\System.Data.Services.Client.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\c033d23b1273f660948b2d5773256518\System.Data.OracleClient.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\867ce3db3528f36121841762a19da61d\System.Data.Linq.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 1408000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\22db388405f6082f8a9403891705912b\System.Data.Entity.Design.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 7052800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\95b5ece57120cb7363e69e5fbd4616b7\System.Activities.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 3755008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\07235f805d53920f5ffc3c9ecd96f69a\System.Activities.Presentation.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 1544192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\f0c4476258c5336a3d950e588fbeb853\System.Activities.Core.Presentation.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 2904576 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\6e0842ab7fd23a744a82f3afdee39cfd\ReachFramework.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\668da716f8830ae35cbe97b63126a720\PresentationUI.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1478144 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\a9ce167b63b51be01900e93e4ada5f2f\PresentationBuildTasks.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ea8618fd346aa17b909cd8700d7218d8\Microsoft.VisualBasic.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\434583d8e633570da52da83faea4a758\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1d809314514d59526809d05c5b7372ca\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\50ca1cf4491136871b732062c412bad0\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\78e5704cfbbec26947e2e1ff07f647bf\Microsoft.JScript.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\9c3ba92c4fce8efd41b59a0243415408\Microsoft.CSharp.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 4243456 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\88db74e692bdaca666bdcf3f4e30b3f1\Microsoft.Build.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\256534e4eee640978f41ad6b7050220b\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1929216 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\fda8ded0b4047a590e4ab17af42c2cfc\Microsoft.Build.Engine.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 4265984 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneShell\fb7d4fddcc90da95f863d93a66f71128\ZuneShell.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 2511872 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneDBApi\865d4dfa1333b2fea4e073989c4ae3fb\ZuneDBApi.ni.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 4566016 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX\a5ba7e19103dff328937318885607664\UIX.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1831936 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX.RenderApi\72543791b6b5c2480ed932b099e9b3f0\UIX.RenderApi.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5eccf6fef6bee8a2f93bc65ff33699bb\System.Workflow.Runtime.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\293cca6baaa682383daf5f31a4fe0014\System.Printing.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\ca63096c1ecf977f509e2a565f4bcdac\System.Data.Entity.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\1121966e9755a168a35364764adfe90e\ReachFramework.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\87302164fd2a624feba2e449b4e34445\PresentationUI.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\4ff6600c1fd3415ef0b058cf28814cb6\PresentationBuildTasks.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
+ 2012-05-12 02:19 . 2012-05-12 02:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
+ 2010-06-25 07:02 . 2012-05-12 02:07 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-25 07:02 . 2010-06-25 07:02 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-27 23:42 . 2012-02-27 23:42 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-25 07:02 . 2012-05-12 02:07 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-11-02 11:35 . 2012-02-27 23:42 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-07-03 22:43 . 2012-05-12 02:16 55656824 c:\windows\system32\MRT.exe
+ 2012-04-06 07:13 . 2012-04-06 07:13 16527872 c:\windows\Installer\2d62e93.msp
+ 2012-05-12 02:14 . 2012-05-12 02:14 20343808 c:\windows\Installer\2d62dca.msp
+ 2011-12-15 17:40 . 2011-12-15 17:40 23374336 c:\windows\Installer\2d62dbf.msp
+ 2012-01-04 06:25 . 2012-01-04 06:25 17751552 c:\windows\Installer\2d62dac.msp
+ 2012-04-06 06:12 . 2012-04-06 06:12 15709696 c:\windows\Installer\2d62d89.msp
+ 2011-09-16 00:42 . 2011-09-16 00:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2012-05-12 02:12 . 2012-05-12 02:12 13196800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3290e9cf0eced36ca662cf67df4a939\System.Windows.Forms.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 12076544 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\e9f1e1c33ec639a0945a6a4f2458b7b4\System.Web.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 11002880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\51dfa58af4a59e4af2a4c2363246af21\System.Design.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 13324288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\65d0d6f4cdbc47ecd5cce9e959827fe8\System.Data.Entity.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 17998848 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\52f7c62736eb9b6370632e7eb99bec83\PresentationFramework.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9eebaf24f66d6f75e35bb3df6af1c9aa\PresentationCore.ni.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 14412800 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\88bb6af76d27af11f95f8c630396408f\PresentationFramework.ni.dll
+ 2012-05-12 02:18 . 2012-05-12 02:18 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\documents and settings\Parents\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2012-05-10 13805568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Parents^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Parents\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Parents^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Parents\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Parents^Start Menu^Programs^Startup^Jawbone Updater.lnk]
path=c:\documents and settings\Parents\Start Menu\Programs\Startup\Jawbone Updater.lnk
backup=c:\windows\pss\Jawbone Updater.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|\ü [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-11-19 03:28 1966080 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ------r- c:\windows\alcwzrd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 23:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]
2010-12-15 22:03 80448 ----a-w- c:\program files\Kodak\MediaImpression\ArcMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 02:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-05-12 21:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-14 23:45 136176 ----atw- c:\documents and settings\Parents\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 22:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotoCast]
2012-03-07 15:44 1704 ----a-w- c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]
2012-05-10 19:09 13805568 ----a-w- c:\documents and settings\Parents\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 23:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-05-20 20:24 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 18:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ACDaemon"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"WinDefend"=2 (0x2)
"stllssvr"=3 (0x3)
"RoxMediaDBVHS"=3 (0x3)
"PLFlash DeviceIoControl Service"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"MsMpSvc"=2 (0x2)
"MotoHelper"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"GEST Service"=2 (0x2)
"DeviceMonitorService"=2 (0x2)
"ATI Smart"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"McComponentHostService"=3 (0x3)
"McAfee SiteAdvisor Service"=2 (0x2)
"MBAMService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=
"c:\\Documents and Settings\\Parents\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Motorola Media Link\\Lite\\MML.exe"=
"c:\\Program Files\\Motorola Mobility\\MotoCast\\MotoCast.exe"=
"c:\\Program Files\\Motorola Mobility\\MotoCast\\bin\\MotoCast-thumbnailer.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [5/16/2010 8:32 AM 36224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Rebit-SaveMe-Svc;Rebit SaveMe Svc;c:\program files\Rebit-SaveMe\bin\Rebit-SaveMe-Svc.exe [5/20/2010 9:20 PM 2213400]
S2 Rebit-SaveMe-SysMon;Rebit SaveMe SysMon;c:\program files\Rebit-SaveMe\bin\Rebit-SaveMe-SysMon.exe [5/20/2010 9:20 PM 608280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 9:41 AM 257696]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [1/6/2012 11:14 AM 163616]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [5/8/2012 10:15 PM 26400]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\drivers\libusb0.sys [8/5/2010 4:09 PM 20992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/13/2009 8:16 AM 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 1:45 PM 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [5/16/2010 8:32 AM 134912]
S4 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2/16/2012 4:02 PM 87368]
S4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [7/3/2009 2:40 PM 80392]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2010 12:35 PM 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2010 12:35 PM 135664]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/13/2009 8:17 AM 654408]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/21/2010 1:38 PM 95200]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2/1/2012 5:55 PM 214896]
S4 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2/19/2010 6:44 AM 1116656]
S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 2:57 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:54]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 16:35]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 16:35]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-725345543-1003Core.job
- c:\documents and settings\Parents\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-14 23:45]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-725345543-1003UA.job
- c:\documents and settings\Parents\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-14 23:45]
.
2012-05-11 c:\windows\Tasks\MotoCast Update.job
- c:\program files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-03-07 18:07]
.
2012-05-11 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01 21:55]
.
2012-05-06 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01 21:55]
.
2012-05-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CE98F609-E821-4A2A-BDB4-A902F201235F}: NameServer = 68.115.71.53,66.189.0.29
FF - ProfilePath - c:\documents and settings\Parents\Application Data\Mozilla\Firefox\Profiles\38mwhmuf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-12 08:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rebit-SaveMe-Svc]
"ImagePath"="c:\program files\Rebit-SaveMe\bin\Rebit-SaveMe-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-12 08:11:22
ComboFix-quarantined-files.txt 2012-05-12 12:11
ComboFix2.txt 2012-05-12 01:56
ComboFix3.txt 2012-05-12 01:45
ComboFix4.txt 2012-05-10 14:58
.
Pre-Run: 2,880,225,280 bytes free
Post-Run: 2,916,134,912 bytes free
.
- - End Of File - - FBFB4CD0609429C4E664598FCC6AE095

Edited by Lippy2950, 12 May 2012 - 07:19 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users