Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with trojan


  • This topic is locked This topic is locked
29 replies to this topic

#1 rcboosted

rcboosted

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 01 June 2012 - 09:15 PM

I downloaded a screen saver(actually a win32 executable) disguised as a jpg and ran it by accident. virustotal.com says it's a trojan, I have a list of scan results below from virustotal. After initial infection, it installed something in the background, then after a reboot of my XP SP3, bsp_06.exe popped up in 3 command prompts during start up. My early efforts to clean it with cureit and Combix seems to have failed, but with the help of a malware removal expert(who closed the thread now eventhough the cleaning effort isn't finished yet) on another site, I think most of offending files, processes and registry entries were cleaned. But I don't know if my PC's trojan-free or not.

As of right now, if I run combofix.exe, it says Volsnap.sys is infected. But I do not even see the file in the location indicated by combofix nor can I find it with SystemLook. (instructed by the other expert) Also, I noticed new spam emails I've never seen before in 2 of my yahoo email accounts since the infection, I don't know if this trojan was responsible. (ie. did it steal my password? logged my keys? etc) What did it do to my system? Anything I need to worry about(identity theft?), and what should I do now as a clean up effort?

How can I make sure I'm trojan-free and/or virus/spyware/worm-free? Any help would be greatly appreciated! I was running an ancient version of Norton/Symantec anti virus when I got infected. I'm now running TrendMicro Internet Security 2012. Since virustotal says TrendMicro detected this Trojan. A full system scan with TrendMicro came up empty for this trojan in memory. But it did find the original file I downloaded and kept so I can scan it with virustotal. The file have since been removed by TrendMicro.


virustotal results for the trojan:

AntiVir TR/Jorik.Shakblades.gdw 20120526
Avast Win32:Malware-gen 20120526
DrWeb Trojan.DownLoader5.3395 20120527
Fortinet W32/Jorik_Shakblades.GDW!tr 20120527
GData Win32:Malware-gen 20120527
Kaspersky Trojan.Win32.Jorik.Shakblades.gdw 20120527
Symantec Trojan.Gen 20120527
TrendMicro TROJ_GEN.R47C8EQ 20120527
TrendMicro-HouseCall TROJ_GEN.R47C8EQ 20120526
VBA32 Trojan.Jorik.Shakblades.gdw 20120525
VIPRE Trojan.Win32.Generic!BT 20120527



ComboFix 12-05-31.03 - rcboosted 06/01/2012 0:28.13.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2528 [GMT -7:00]
Running from: c:\documents and settings\rcboosted\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Drivers\Volsnap.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-05-28 05:23 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 08:55 . 2012-05-27 08:55 -------- d-----w- c:\documents and settings\rcboosted\Local Settings\Application Data\Trend Micro
2012-05-27 08:54 . 2012-05-27 08:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro
2012-05-27 08:54 . 2011-08-02 20:44 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-27 08:54 . 2011-07-12 11:14 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-27 08:54 . 2011-07-12 11:13 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-27 08:54 . 2011-07-12 11:13 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-27 08:50 . 2012-05-27 08:50 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-05-27 08:49 . 2012-05-27 08:50 -------- d-----w- c:\program files\Trend Micro
2012-05-27 08:48 . 2012-05-27 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2012-05-26 04:17 . 2012-05-26 04:17 -------- d-----w- C:\_OTM
2012-05-21 04:56 . 2012-05-21 04:56 -------- d-----w- c:\program files\ESET
2012-05-13 19:36 . 2012-05-13 19:43 -------- d-----w- C:\Ascot Hills Park
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 23:27 . 2012-05-26 23:27 15736 ----a-w- C:\proxy_list_l1_l2_l3_2.zip
2012-04-11 13:14 . 2008-04-13 22:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-13 23:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-13 19:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-18 20:52 . 2011-09-18 14:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-13 02:53 . 2012-03-13 02:53 63080 ----a-r- c:\documents and settings\rcboosted\Application Data\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-21_04.49.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 05:32 . 2011-01-11 05:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 11:05 . 2011-01-11 11:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 11:23 . 2011-01-11 11:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-11 04:21 . 2011-01-11 04:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2012-06-01 02:10 . 2012-06-01 02:10 16384 c:\windows\Temp\Perflib_Perfdata_3cc.dat
+ 2001-08-23 12:00 . 2012-05-27 08:54 82538 c:\windows\system32\perfc009.dat
+ 2009-06-17 16:55 . 2009-06-17 16:55 20240 c:\windows\system32\drivers\L8042Kbd.sys
+ 2011-01-11 11:27 . 2011-01-11 11:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 11:24 . 2011-01-11 11:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 11:08 . 2011-01-11 11:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2001-08-23 12:00 . 2012-05-27 08:54 491010 c:\windows\system32\perfh009.dat
+ 2011-01-11 05:50 . 2011-01-11 05:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-11 05:50 . 2011-01-11 05:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2012-05-27 08:49 . 2012-05-27 08:49 1313280 c:\windows\Installer\5879d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pogoplug"="c:\program files\Pogoplug\PogoplugMonitor.exe" [2012-01-31 234304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-01-01 33636352]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-08-20 603136]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"MPlayerForWindows_UpdateReminder"="c:\program files\MPlayer for Windows\AutoUpdate.exe" [2010-02-06 254376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WTClient"="WTClient.exe" [2009-10-30 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\rcboosted\Start Menu\Programs\Startup\
hosts.bat [2010-10-18 84]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-23 813584]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2010-11-14 6144]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Pogoplug\\HBPLUG\\HBPLUG.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57221:TCP"= 57221:TCP:Pando Media Booster
"57221:UDP"= 57221:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [1/1/2010 2:44 AM 11448]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/27/2012 1:54 AM 68368]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [1/1/2010 4:36 PM 90112]
R2 DokanCEDriver;DokanCEDriver;c:\program files\Pogoplug\dokance.sys [1/30/2012 6:04 PM 54592]
R2 HBAdmin;HBAdmin;c:\program files\Pogoplug\HBPLUG\hbadmin.exe [1/30/2012 6:04 PM 738112]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [4/16/2008 2:00 PM 689416]
R2 UsbClientService;UsbClientService;c:\program files\Synology\Assistant\UsbClientService.exe [2/17/2011 11:18 PM 245760]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2/17/2011 11:20 PM 46304]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/1/2010 2:18 AM 1381632]
R3 xcetap0;XCETAP0 Adapter;c:\windows\system32\drivers\xcetap0.sys [11/3/2011 11:19 AM 34624]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [5/27/2012 1:49 AM 200632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/23/2010 11:35 PM 10384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [11/13/2010 12:04 AM 30312]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [4/16/2008 2:00 PM 894216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [11/13/2010 12:04 AM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [11/13/2010 12:04 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [11/13/2010 12:04 AM 121576]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - kwtdrpoc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-2000478354-682003330-1002Core.job
- c:\documents and settings\rcboosted\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 08:08]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-2000478354-682003330-1002UA.job
- c:\documents and settings\rcboosted\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 08:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: Interfaces\{B4309C5F-C7E9-4B11-A357-B2031DEF8307}: NameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-01 00:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3800)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-06-01 00:32:03
ComboFix-quarantined-files.txt 2012-06-01 07:32
ComboFix2.txt 2012-05-21 04:50
ComboFix3.txt 2012-05-19 07:11
.
Pre-Run: 130,573,377,536 bytes free
Post-Run: 130,620,387,328 bytes free
.
- - End Of File - - FFE5841E15495A280357471974758B23


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by rcboosted at 19:10:16 on 2012-06-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2227 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
svchost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synology\Assistant\UsbClientService.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Pogoplug\PogoplugMonitor.exe
svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Opera\opera.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Pogoplug] "c:\program files\pogoplug\PogoplugMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "c:\program files\asus\ai suite\CpuLevelUpHelp.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MPlayerForWindows_UpdateReminder] "c:\program files\mplayer for windows\AutoUpdate.exe" /L=1033 /TASK
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [WTClient] WTClient.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\documents and settings\rcboosted\start menu\programs\startup\hosts.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
TCP: Interfaces\{B4309C5F-C7E9-4B11-A357-B2031DEF8307} : NameServer = 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-1-1 11448]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-5-27 68368]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-1-1 90112]
R2 DokanCEDriver;DokanCEDriver;c:\program files\pogoplug\dokance.sys [2012-1-30 54592]
R2 HBAdmin;HBAdmin;c:\program files\pogoplug\hbplug\hbadmin.exe [2012-1-30 738112]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-4-16 689416]
R2 UsbClientService;UsbClientService;c:\program files\synology\assistant\UsbClientService.exe [2011-2-17 245760]
R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2011-2-17 46304]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-1-1 1381632]
R3 xcetap0;XCETAP0 Adapter;c:\windows\system32\drivers\xcetap0.sys [2011-11-3 34624]
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-5-27 200632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-1-23 10384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-11-13 30312]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-4-16 894216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-11-13 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-11-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-11-13 121576]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-01 07:26:49 98816 ----a-w- c:\windows\sed.exe
2012-06-01 07:26:49 518144 ----a-w- c:\windows\SWREG.exe
2012-06-01 07:26:49 256000 ----a-w- c:\windows\PEV.exe
2012-06-01 07:26:49 208896 ----a-w- c:\windows\MBR.exe
2012-05-28 05:23:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 08:55:02 -------- d-----w- c:\documents and settings\rcboosted\local settings\application data\Trend Micro
2012-05-27 08:54:27 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-27 08:54:24 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-27 08:54:24 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-27 08:54:24 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-27 08:50:51 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-05-27 08:49:14 -------- d-----w- c:\program files\Trend Micro
2012-05-27 08:48:40 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro
2012-05-26 04:17:42 -------- d-----w- C:\_OTM
2012-05-21 04:56:22 -------- d-----w- c:\program files\ESET
2012-05-13 19:36:55 -------- d-----w- C:\Ascot Hills Park
.
==================== Find3M ====================
.
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-18 20:52:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 19:10:39.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 07 June 2012 - 08:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 rcboosted

rcboosted
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 07 June 2012 - 10:06 PM

Thank you nasdaq, for the reply. Here are the logs.

19:36:47.0062 1760 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:36:47.0500 1760 ============================================================
19:36:47.0500 1760 Current date / time: 2012/06/07 19:36:47.0500
19:36:47.0500 1760 SystemInfo:
19:36:47.0500 1760
19:36:47.0500 1760 OS Version: 5.1.2600 ServicePack: 3.0
19:36:47.0500 1760 Product type: Workstation
19:36:47.0500 1760 ComputerName: I5-750
19:36:47.0500 1760 UserName: rcboosted
19:36:47.0500 1760 Windows directory: C:\WINDOWS
19:36:47.0500 1760 System windows directory: C:\WINDOWS
19:36:47.0500 1760 Processor architecture: Intel x86
19:36:47.0500 1760 Number of processors: 4
19:36:47.0500 1760 Page size: 0x1000
19:36:47.0500 1760 Boot type: Normal boot
19:36:47.0500 1760 ============================================================
19:36:48.0796 1760 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:36:48.0796 1760 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:36:48.0796 1760 Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:36:48.0843 1760 ============================================================
19:36:48.0843 1760 \Device\Harddisk0\DR0:
19:36:48.0843 1760 MBR partitions:
19:36:48.0843 1760 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:36:48.0843 1760 \Device\Harddisk1\DR1:
19:36:48.0843 1760 MBR partitions:
19:36:48.0843 1760 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF92800
19:36:48.0843 1760 \Device\Harddisk2\DR2:
19:36:48.0843 1760 MBR partitions:
19:36:48.0843 1760 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF92800
19:36:48.0843 1760 ============================================================
19:36:48.0953 1760 C: <-> \Device\Harddisk0\DR0\Partition0
19:36:48.0953 1760 E: <-> \Device\Harddisk2\DR2\Partition0
19:36:48.0953 1760 D: <-> \Device\Harddisk1\DR1\Partition0
19:36:48.0953 1760 ============================================================
19:36:48.0953 1760 Initialize success
19:36:48.0953 1760 ============================================================
19:36:52.0843 3648 ============================================================
19:36:52.0843 3648 Scan started
19:36:52.0843 3648 Mode: Manual;
19:36:52.0843 3648 ============================================================
19:36:55.0015 3648 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
19:36:55.0015 3648 61883 - ok
19:36:55.0015 3648 Abiosdsk - ok
19:36:55.0015 3648 abp480n5 - ok
19:36:55.0046 3648 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:36:55.0046 3648 ACPI - ok
19:36:55.0062 3648 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:36:55.0078 3648 ACPIEC - ok
19:36:55.0078 3648 adpu160m - ok
19:36:55.0109 3648 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:36:55.0109 3648 aec - ok
19:36:55.0125 3648 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:36:55.0125 3648 AFD - ok
19:36:55.0125 3648 Aha154x - ok
19:36:55.0125 3648 aic78u2 - ok
19:36:55.0140 3648 aic78xx - ok
19:36:55.0140 3648 AliIde - ok
19:36:55.0140 3648 amsint - ok
19:36:55.0265 3648 Amsp (feb0b5022c012a4a68dabcb711faff03) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
19:36:55.0265 3648 Amsp - ok
19:36:55.0281 3648 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
19:36:55.0281 3648 androidusb - ok
19:36:55.0296 3648 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:36:55.0312 3648 AppMgmt - ok
19:36:55.0328 3648 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:36:55.0328 3648 Arp1394 - ok
19:36:55.0328 3648 asc - ok
19:36:55.0328 3648 asc3350p - ok
19:36:55.0328 3648 asc3550 - ok
19:36:55.0343 3648 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys
19:36:55.0343 3648 AsIO - ok
19:36:55.0593 3648 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:36:55.0593 3648 aspnet_state - ok
19:36:55.0656 3648 AsSysCtrlService (798a87b2d7ad73b16b7cd968c5d1f18f) C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
19:36:55.0656 3648 AsSysCtrlService - ok
19:36:55.0656 3648 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
19:36:55.0656 3648 AsUpIO - ok
19:36:55.0656 3648 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:36:55.0656 3648 AsyncMac - ok
19:36:55.0687 3648 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:36:55.0687 3648 atapi - ok
19:36:55.0687 3648 Atdisk - ok
19:36:55.0687 3648 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:36:55.0687 3648 Atmarpc - ok
19:36:55.0703 3648 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:36:55.0703 3648 AudioSrv - ok
19:36:55.0734 3648 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:36:55.0734 3648 audstub - ok
19:36:55.0781 3648 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
19:36:55.0781 3648 Avc - ok
19:36:55.0781 3648 Beep - ok
19:36:55.0843 3648 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:36:55.0859 3648 BITS - ok
19:36:55.0859 3648 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:36:55.0859 3648 Browser - ok
19:36:55.0890 3648 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:36:55.0890 3648 BthEnum - ok
19:36:55.0906 3648 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:36:55.0906 3648 BthPan - ok
19:36:55.0937 3648 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
19:36:55.0937 3648 BTHPORT - ok
19:36:55.0953 3648 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
19:36:55.0953 3648 BthServ - ok
19:36:55.0968 3648 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:36:55.0968 3648 BTHUSB - ok
19:36:56.0000 3648 busenum (cec1dbed5ea31801cdeb12833234f139) C:\WINDOWS\system32\DRIVERS\busenum.sys
19:36:56.0000 3648 busenum - ok
19:36:56.0062 3648 catchme - ok
19:36:56.0078 3648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:36:56.0078 3648 cbidf2k - ok
19:36:56.0218 3648 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe
19:36:56.0234 3648 CCALib8 - ok
19:36:56.0265 3648 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:36:56.0265 3648 CCDECODE - ok
19:36:56.0265 3648 cd20xrnt - ok
19:36:56.0265 3648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:36:56.0265 3648 Cdaudio - ok
19:36:56.0296 3648 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:36:56.0296 3648 Cdfs - ok
19:36:56.0296 3648 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:36:56.0296 3648 Cdrom - ok
19:36:56.0296 3648 Changer - ok
19:36:56.0296 3648 CiSvc - ok
19:36:56.0312 3648 ClipSrv - ok
19:36:56.0546 3648 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:56.0546 3648 clr_optimization_v2.0.50727_32 - ok
19:36:56.0750 3648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:56.0750 3648 clr_optimization_v4.0.30319_32 - ok
19:36:56.0750 3648 CmdIde - ok
19:36:56.0750 3648 COMSysApp - ok
19:36:56.0750 3648 Cpqarray - ok
19:36:56.0781 3648 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:36:56.0781 3648 CryptSvc - ok
19:36:56.0796 3648 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
19:36:56.0796 3648 CVirtA - ok
19:36:56.0968 3648 CVPND (f432260e59aae3284ed7e795264c16d0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
19:36:56.0968 3648 CVPND - ok
19:36:58.0125 3648 CVPNDRVA (8a15d7bd4cf1a8ccd7c65f7349f22e35) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
19:36:58.0140 3648 CVPNDRVA - ok
19:36:58.0140 3648 dac2w2k - ok
19:36:58.0140 3648 dac960nt - ok
19:36:58.0187 3648 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:36:58.0187 3648 DcomLaunch - ok
19:36:58.0218 3648 DefragFS (17a46b27607c133ddec3217831059d27) C:\WINDOWS\system32\drivers\DefragFS.sys
19:36:58.0234 3648 DefragFS - ok
19:36:58.0250 3648 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:36:58.0250 3648 Dhcp - ok
19:36:58.0265 3648 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:36:58.0265 3648 Disk - ok
19:36:58.0265 3648 dmadmin - ok
19:36:58.0296 3648 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:36:58.0296 3648 dmboot - ok
19:36:58.0328 3648 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:36:58.0328 3648 dmio - ok
19:36:58.0343 3648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:36:58.0343 3648 dmload - ok
19:36:58.0343 3648 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:36:58.0343 3648 dmserver - ok
19:36:58.0359 3648 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:36:58.0359 3648 DMusic - ok
19:36:58.0390 3648 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
19:36:58.0406 3648 DNE - ok
19:36:58.0421 3648 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:36:58.0421 3648 Dnscache - ok
19:36:58.0546 3648 DokanCEDriver (fa744970715eae807998988def31966f) C:\Program Files\Pogoplug\dokance.sys
19:36:58.0562 3648 DokanCEDriver - ok
19:36:58.0593 3648 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:36:58.0593 3648 Dot3svc - ok
19:36:58.0593 3648 dpti2o - ok
19:36:58.0609 3648 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:36:58.0609 3648 drmkaud - ok
19:36:58.0609 3648 dwshd - ok
19:36:58.0625 3648 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:36:58.0625 3648 EapHost - ok
19:36:58.0625 3648 ERSvc - ok
19:36:58.0640 3648 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:36:58.0640 3648 Eventlog - ok
19:36:58.0671 3648 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:36:58.0671 3648 EventSystem - ok
19:36:58.0687 3648 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:36:58.0687 3648 Fastfat - ok
19:36:58.0703 3648 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:36:58.0703 3648 FastUserSwitchingCompatibility - ok
19:36:58.0718 3648 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:36:58.0718 3648 Fdc - ok
19:36:58.0734 3648 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:36:58.0734 3648 Fips - ok
19:36:58.0734 3648 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:36:58.0734 3648 Flpydisk - ok
19:36:58.0781 3648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:36:58.0781 3648 FltMgr - ok
19:36:58.0890 3648 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:58.0890 3648 FontCache3.0.0.0 - ok
19:36:58.0906 3648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:36:58.0906 3648 Fs_Rec - ok
19:36:58.0968 3648 FTDIBUS (f8c2888b12253d8390c94887ffb699f2) C:\WINDOWS\system32\drivers\ftdibus.sys
19:36:58.0968 3648 FTDIBUS - ok
19:36:58.0984 3648 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:36:58.0984 3648 Ftdisk - ok
19:36:59.0000 3648 FTSER2K (f0ca4e7bc5af32080069c2df83ba6690) C:\WINDOWS\system32\drivers\ftser2k.sys
19:36:59.0015 3648 FTSER2K - ok
19:36:59.0031 3648 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:36:59.0031 3648 Gpc - ok
19:36:59.0234 3648 HBAdmin (6c4245954dc7a3e3cabd02d5ccded60e) C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe
19:36:59.0234 3648 HBAdmin - ok
19:36:59.0265 3648 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:36:59.0265 3648 HDAudBus - ok
19:36:59.0281 3648 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
19:36:59.0281 3648 HidBth - ok
19:36:59.0296 3648 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:36:59.0312 3648 HidServ - ok
19:36:59.0328 3648 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:36:59.0328 3648 hidusb - ok
19:36:59.0343 3648 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:36:59.0343 3648 hkmsvc - ok
19:36:59.0343 3648 hpn - ok
19:36:59.0375 3648 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:36:59.0390 3648 HTTP - ok
19:36:59.0406 3648 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:36:59.0406 3648 HTTPFilter - ok
19:36:59.0406 3648 i2omgmt - ok
19:36:59.0421 3648 i2omp - ok
19:36:59.0437 3648 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:36:59.0437 3648 i8042prt - ok
19:36:59.0640 3648 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:59.0656 3648 idsvc - ok
19:36:59.0671 3648 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:36:59.0671 3648 Imapi - ok
19:36:59.0671 3648 ini910u - ok
19:36:59.0671 3648 IntelIde - ok
19:36:59.0687 3648 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:36:59.0687 3648 intelppm - ok
19:36:59.0703 3648 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:36:59.0703 3648 Ip6Fw - ok
19:36:59.0718 3648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:59.0718 3648 IpFilterDriver - ok
19:36:59.0718 3648 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:36:59.0718 3648 IpInIp - ok
19:36:59.0734 3648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:36:59.0750 3648 IpNat - ok
19:36:59.0765 3648 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:36:59.0765 3648 IPSec - ok
19:36:59.0796 3648 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:36:59.0796 3648 IRENUM - ok
19:36:59.0796 3648 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:36:59.0796 3648 isapnp - ok
19:36:59.0968 3648 JavaQuickStarterService (91061352084424820ac6268808cb8ee3) C:\Program Files\Java\jre6\bin\jqs.exe
19:36:59.0968 3648 JavaQuickStarterService - ok
19:37:00.0000 3648 JRAID (dc8e2779cdf0348a35aaffa3a1bde0c9) C:\WINDOWS\system32\DRIVERS\jraid.sys
19:37:00.0015 3648 JRAID - ok
19:37:00.0031 3648 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:37:00.0031 3648 Kbdclass - ok
19:37:00.0031 3648 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:37:00.0031 3648 kbdhid - ok
19:37:00.0062 3648 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:37:00.0062 3648 kmixer - ok
19:37:00.0078 3648 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:37:00.0078 3648 KSecDD - ok
19:37:00.0109 3648 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
19:37:00.0109 3648 L8042Kbd - ok
19:37:00.0140 3648 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:37:00.0140 3648 LanmanServer - ok
19:37:00.0171 3648 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:37:00.0171 3648 lanmanworkstation - ok
19:37:00.0187 3648 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
19:37:00.0203 3648 LBeepKE - ok
19:37:00.0203 3648 lbrtfdc - ok
19:37:00.0265 3648 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
19:37:00.0265 3648 LBTServ - ok
19:37:00.0281 3648 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:37:00.0281 3648 LHidFilt - ok
19:37:00.0296 3648 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:37:00.0296 3648 LMouFilt - ok
19:37:00.0312 3648 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
19:37:00.0328 3648 LUsbFilt - ok
19:37:00.0328 3648 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
19:37:00.0343 3648 ManyCam - ok
19:37:00.0359 3648 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:37:00.0359 3648 Modem - ok
19:37:00.0375 3648 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:37:00.0375 3648 Mouclass - ok
19:37:00.0421 3648 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:37:00.0421 3648 mouhid - ok
19:37:00.0421 3648 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:37:00.0421 3648 MountMgr - ok
19:37:00.0421 3648 mraid35x - ok
19:37:00.0453 3648 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:37:00.0453 3648 MRxDAV - ok
19:37:00.0484 3648 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:37:00.0500 3648 MRxSmb - ok
19:37:00.0515 3648 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:37:00.0515 3648 MSDTC - ok
19:37:00.0593 3648 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
19:37:00.0593 3648 MSDV - ok
19:37:00.0593 3648 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:37:00.0593 3648 Msfs - ok
19:37:00.0609 3648 MSIServer - ok
19:37:00.0609 3648 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:37:00.0609 3648 MSKSSRV - ok
19:37:00.0625 3648 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:37:00.0625 3648 MSPCLOCK - ok
19:37:00.0625 3648 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:37:00.0625 3648 MSPQM - ok
19:37:00.0640 3648 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:37:00.0640 3648 mssmbios - ok
19:37:00.0671 3648 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:37:00.0671 3648 MSTEE - ok
19:37:00.0687 3648 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:37:00.0687 3648 MTsensor - ok
19:37:00.0718 3648 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:37:00.0718 3648 Mup - ok
19:37:00.0750 3648 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:37:00.0750 3648 NABTSFEC - ok
19:37:00.0781 3648 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:37:00.0781 3648 napagent - ok
19:37:00.0796 3648 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:37:00.0796 3648 NDIS - ok
19:37:00.0812 3648 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:37:00.0812 3648 NdisIP - ok
19:37:00.0828 3648 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:37:00.0828 3648 NdisTapi - ok
19:37:00.0843 3648 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:37:00.0843 3648 Ndisuio - ok
19:37:00.0843 3648 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:37:00.0843 3648 NdisWan - ok
19:37:00.0875 3648 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:37:00.0875 3648 NDProxy - ok
19:37:00.0890 3648 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:37:00.0890 3648 NetBIOS - ok
19:37:00.0906 3648 NetBT (0b23e758b04223537247cc83ba457965) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:37:00.0906 3648 NetBT - ok
19:37:00.0921 3648 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:37:00.0921 3648 Netlogon - ok
19:37:00.0937 3648 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:37:00.0937 3648 Netman - ok
19:37:01.0093 3648 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:37:01.0093 3648 NetTcpPortSharing - ok
19:37:01.0093 3648 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:37:01.0093 3648 NIC1394 - ok
19:37:01.0125 3648 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:37:01.0125 3648 Nla - ok
19:37:01.0140 3648 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:37:01.0140 3648 Npfs - ok
19:37:01.0171 3648 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:37:01.0171 3648 Ntfs - ok
19:37:01.0171 3648 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:37:01.0171 3648 NtLmSsp - ok
19:37:01.0203 3648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:37:01.0203 3648 Null - ok
19:37:01.0718 3648 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:37:01.0937 3648 nv - ok
19:37:02.0828 3648 nvsvc (a86a2f2b2bf5d5eed075b6417de5cf1c) C:\WINDOWS\system32\nvsvc32.exe
19:37:02.0828 3648 nvsvc - ok
19:37:02.0921 3648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:37:02.0921 3648 NwlnkFlt - ok
19:37:02.0937 3648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:37:02.0937 3648 NwlnkFwd - ok
19:37:02.0953 3648 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:37:02.0953 3648 ohci1394 - ok
19:37:03.0000 3648 OVT511Plus (947f5360f44eb9b7ed5d13231ffe5a9d) C:\WINDOWS\system32\Drivers\omcamvid.sys
19:37:03.0046 3648 OVT511Plus - ok
19:37:03.0078 3648 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:37:03.0078 3648 Parport - ok
19:37:03.0093 3648 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:37:03.0093 3648 PartMgr - ok
19:37:03.0093 3648 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:37:03.0093 3648 ParVdm - ok
19:37:03.0125 3648 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:37:03.0125 3648 PCI - ok
19:37:03.0125 3648 PCIDump - ok
19:37:03.0125 3648 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:37:03.0125 3648 PCIIde - ok
19:37:03.0140 3648 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:37:03.0140 3648 Pcmcia - ok
19:37:03.0281 3648 PD91Agent (8adda5b68e3d5d23ca2de0456fcbde28) C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
19:37:03.0281 3648 PD91Agent - ok
19:37:03.0343 3648 PD91Engine (2c490dacf6f949b2fd1a41667e762890) C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
19:37:03.0359 3648 PD91Engine - ok
19:37:04.0250 3648 PDCOMP - ok
19:37:04.0250 3648 PDFRAME - ok
19:37:04.0250 3648 PDRELI - ok
19:37:04.0250 3648 PDRFRAME - ok
19:37:04.0250 3648 perc2 - ok
19:37:04.0250 3648 perc2hib - ok
19:37:04.0296 3648 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:37:04.0296 3648 PlugPlay - ok
19:37:04.0328 3648 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:37:04.0328 3648 PolicyAgent - ok
19:37:04.0328 3648 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:37:04.0328 3648 PptpMiniport - ok
19:37:04.0343 3648 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:37:04.0343 3648 ProtectedStorage - ok
19:37:04.0343 3648 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:37:04.0359 3648 PSched - ok
19:37:04.0375 3648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:37:04.0375 3648 Ptilink - ok
19:37:04.0406 3648 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:37:04.0406 3648 PxHelp20 - ok
19:37:04.0406 3648 ql1080 - ok
19:37:04.0406 3648 Ql10wnt - ok
19:37:04.0406 3648 ql12160 - ok
19:37:04.0406 3648 ql1240 - ok
19:37:04.0406 3648 ql1280 - ok
19:37:04.0421 3648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:37:04.0421 3648 RasAcd - ok
19:37:04.0437 3648 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:37:04.0437 3648 RasAuto - ok
19:37:04.0453 3648 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:37:04.0453 3648 Rasl2tp - ok
19:37:04.0468 3648 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:37:04.0468 3648 RasMan - ok
19:37:04.0468 3648 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:37:04.0468 3648 RasPppoe - ok
19:37:04.0484 3648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:37:04.0484 3648 Raspti - ok
19:37:04.0484 3648 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:37:04.0484 3648 Rdbss - ok
19:37:04.0500 3648 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:37:04.0500 3648 RDPCDD - ok
19:37:04.0531 3648 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:37:04.0531 3648 rdpdr - ok
19:37:04.0562 3648 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:37:04.0578 3648 RDPWD - ok
19:37:04.0609 3648 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:37:04.0609 3648 RDSessMgr - ok
19:37:04.0625 3648 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:37:04.0625 3648 redbook - ok
19:37:04.0640 3648 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:37:04.0640 3648 RemoteAccess - ok
19:37:04.0656 3648 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:37:04.0656 3648 RFCOMM - ok
19:37:04.0687 3648 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:37:04.0687 3648 RpcSs - ok
19:37:04.0703 3648 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:37:04.0703 3648 RSVP - ok
19:37:04.0734 3648 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:37:04.0734 3648 RTL8023xp - ok
19:37:04.0765 3648 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:37:04.0765 3648 RTLE8023xp - ok
19:37:04.0765 3648 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:37:04.0765 3648 SamSs - ok
19:37:04.0781 3648 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:37:04.0781 3648 SCardSvr - ok
19:37:04.0812 3648 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:37:04.0812 3648 Schedule - ok
19:37:04.0828 3648 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:37:04.0828 3648 Secdrv - ok
19:37:04.0828 3648 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:37:04.0828 3648 seclogon - ok
19:37:04.0843 3648 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:37:04.0843 3648 SENS - ok
19:37:04.0843 3648 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:37:04.0843 3648 serenum - ok
19:37:04.0843 3648 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:37:04.0843 3648 Serial - ok
19:37:04.0859 3648 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:37:04.0859 3648 Sfloppy - ok
19:37:04.0890 3648 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:37:04.0890 3648 SharedAccess - ok
19:37:04.0921 3648 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:37:04.0921 3648 ShellHWDetection - ok
19:37:04.0921 3648 Simbad - ok
19:37:04.0953 3648 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:37:04.0953 3648 SLIP - ok
19:37:04.0953 3648 Sparrow - ok
19:37:04.0984 3648 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:37:04.0984 3648 splitter - ok
19:37:05.0015 3648 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:37:05.0015 3648 Spooler - ok
19:37:05.0046 3648 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:37:05.0046 3648 Sr - ok
19:37:05.0078 3648 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:37:05.0078 3648 srservice - ok
19:37:05.0093 3648 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:37:05.0093 3648 Srv - ok
19:37:05.0156 3648 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
19:37:05.0156 3648 ssadbus - ok
19:37:05.0187 3648 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
19:37:05.0187 3648 ssadmdfl - ok
19:37:05.0203 3648 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
19:37:05.0203 3648 ssadmdm - ok
19:37:05.0234 3648 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
19:37:05.0250 3648 sscdbus - ok
19:37:05.0281 3648 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
19:37:05.0296 3648 sscdmdfl - ok
19:37:05.0296 3648 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
19:37:05.0312 3648 sscdmdm - ok
19:37:05.0328 3648 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:37:05.0328 3648 SSDPSRV - ok
19:37:05.0359 3648 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:37:05.0359 3648 stisvc - ok
19:37:05.0375 3648 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:37:05.0375 3648 streamip - ok
19:37:05.0390 3648 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:37:05.0390 3648 swenum - ok
19:37:05.0578 3648 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:37:05.0593 3648 SwitchBoard - ok
19:37:05.0625 3648 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:37:05.0625 3648 swmidi - ok
19:37:05.0625 3648 symc810 - ok
19:37:05.0625 3648 symc8xx - ok
19:37:05.0625 3648 sym_hi - ok
19:37:05.0625 3648 sym_u3 - ok
19:37:05.0640 3648 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:37:05.0656 3648 sysaudio - ok
19:37:05.0671 3648 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:37:05.0671 3648 SysmonLog - ok
19:37:05.0671 3648 Tablet2k - ok
19:37:05.0687 3648 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:37:05.0687 3648 TapiSrv - ok
19:37:05.0718 3648 TClass2k (9b10f2be724d8e978e21a5da498ff5c1) C:\WINDOWS\system32\DRIVERS\TClass2k.sys
19:37:05.0718 3648 TClass2k - ok
19:37:05.0734 3648 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:37:05.0734 3648 Tcpip - ok
19:37:05.0765 3648 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:37:05.0781 3648 TDPIPE - ok
19:37:05.0781 3648 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:37:05.0781 3648 TDTCP - ok
19:37:05.0796 3648 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:37:05.0796 3648 TermDD - ok
19:37:05.0843 3648 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:37:05.0843 3648 TermService - ok
19:37:05.0875 3648 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:37:05.0875 3648 Themes - ok
19:37:05.0890 3648 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:37:05.0890 3648 TlntSvr - ok
19:37:05.0906 3648 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
19:37:05.0906 3648 tmactmon - ok
19:37:05.0937 3648 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
19:37:05.0937 3648 tmcomm - ok
19:37:05.0953 3648 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
19:37:05.0953 3648 tmevtmgr - ok
19:37:05.0968 3648 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
19:37:05.0968 3648 tmtdi - ok
19:37:05.0984 3648 TosIde - ok
19:37:05.0984 3648 UCTblHid (915a53a87cf9b3bc27359846ecd6a547) C:\WINDOWS\system32\DRIVERS\UCTblHid.sys
19:37:05.0984 3648 UCTblHid - ok
19:37:06.0000 3648 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:37:06.0000 3648 Udfs - ok
19:37:06.0015 3648 ultra - ok
19:37:06.0046 3648 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:37:06.0046 3648 Update - ok
19:37:06.0093 3648 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:37:06.0093 3648 upnphost - ok
19:37:06.0093 3648 UPS - ok
19:37:06.0140 3648 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:37:06.0156 3648 usbaudio - ok
19:37:06.0156 3648 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:37:06.0156 3648 usbccgp - ok
19:37:06.0296 3648 UsbClientService (6af12011c88c80920d0543616e107cff) C:\Program Files\Synology\Assistant\UsbClientService.exe
19:37:06.0296 3648 UsbClientService - ok
19:37:06.0312 3648 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:37:06.0312 3648 usbehci - ok
19:37:06.0328 3648 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:37:06.0343 3648 usbhub - ok
19:37:06.0359 3648 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:37:06.0359 3648 usbscan - ok
19:37:06.0390 3648 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
19:37:06.0390 3648 usbser - ok
19:37:06.0390 3648 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:37:06.0406 3648 usbstor - ok
19:37:06.0453 3648 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:37:06.0453 3648 usbvideo - ok
19:37:06.0468 3648 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:37:06.0468 3648 VgaSave - ok
19:37:06.0531 3648 VIAHdAudAddService (3cf5faf72b43bc9bc196a98946f53a0e) C:\WINDOWS\system32\drivers\viahduaa.sys
19:37:06.0546 3648 VIAHdAudAddService - ok
19:37:06.0546 3648 ViaIde - ok
19:37:06.0609 3648 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
19:37:06.0625 3648 vsdatant - ok
19:37:06.0640 3648 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:37:06.0656 3648 W32Time - ok
19:37:06.0656 3648 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:37:06.0656 3648 Wanarp - ok
19:37:06.0703 3648 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:37:06.0703 3648 Wdf01000 - ok
19:37:06.0703 3648 WDICA - ok
19:37:06.0734 3648 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:37:06.0734 3648 wdmaud - ok
19:37:06.0734 3648 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:37:06.0750 3648 WebClient - ok
19:37:06.0843 3648 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:37:06.0843 3648 winmgmt - ok
19:37:06.0875 3648 WinTabService (37eba86e2089b9e1fd98a3e98cc81554) C:\WINDOWS\System32\Drivers\WTSRV.EXE
19:37:06.0875 3648 WinTabService - ok
19:37:06.0890 3648 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
19:37:06.0890 3648 WmdmPmSN - ok
19:37:06.0937 3648 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:37:06.0937 3648 Wmi - ok
19:37:06.0953 3648 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:37:06.0953 3648 WmiAcpi - ok
19:37:06.0984 3648 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:37:06.0984 3648 WmiApSrv - ok
19:37:07.0109 3648 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:37:07.0125 3648 WMPNetworkSvc - ok
19:37:07.0437 3648 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:37:07.0453 3648 WPFFontCache_v0400 - ok
19:37:08.0140 3648 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:37:08.0156 3648 WS2IFSL - ok
19:37:08.0156 3648 wscsvc - ok
19:37:08.0171 3648 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:37:08.0171 3648 WSTCODEC - ok
19:37:08.0203 3648 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:37:08.0218 3648 wuauserv - ok
19:37:08.0234 3648 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:37:08.0234 3648 WudfPf - ok
19:37:08.0234 3648 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:37:08.0250 3648 WudfRd - ok
19:37:08.0250 3648 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:37:08.0250 3648 WudfSvc - ok
19:37:08.0281 3648 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:37:08.0281 3648 WZCSVC - ok
19:37:08.0328 3648 xcetap0 (f1b0d70c41a7e604e5a4ef62dd2c65f6) C:\WINDOWS\system32\DRIVERS\xcetap0.sys
19:37:08.0343 3648 xcetap0 - ok
19:37:08.0359 3648 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:37:08.0359 3648 xmlprov - ok
19:37:08.0375 3648 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:37:08.0656 3648 \Device\Harddisk0\DR0 - ok
19:37:08.0656 3648 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:37:10.0437 3648 \Device\Harddisk1\DR1 - ok
19:37:10.0437 3648 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
19:37:10.0437 3648 \Device\Harddisk2\DR2 - ok
19:37:10.0437 3648 Boot (0x1200) (9682b218c9f39854060a7d377cea5c66) \Device\Harddisk0\DR0\Partition0
19:37:10.0453 3648 \Device\Harddisk0\DR0\Partition0 - ok
19:37:10.0453 3648 Boot (0x1200) (1d729ad683c402df96fb2e9b577d2945) \Device\Harddisk1\DR1\Partition0
19:37:10.0453 3648 \Device\Harddisk1\DR1\Partition0 - ok
19:37:10.0453 3648 Boot (0x1200) (bdcd1e7f0ad6e0871ec69c4624a8685e) \Device\Harddisk2\DR2\Partition0
19:37:10.0453 3648 \Device\Harddisk2\DR2\Partition0 - ok
19:37:10.0453 3648 ============================================================
19:37:10.0453 3648 Scan finished
19:37:10.0453 3648 ============================================================
19:37:10.0453 3772 Detected object count: 0
19:37:10.0453 3772 Actual detected object count19:38:34.0078 1900 Deinitialize success






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 19:38:39
-----------------------------
19:38:39.171 OS Version: Windows 5.1.2600 Service Pack 3
19:38:39.171 Number of processors: 4 586 0x1E05
19:38:39.171 ComputerName: I5-750 UserName: rcboosted
19:38:46.093 Initialize success
19:39:28.125 AVAST engine defs: 12060701
19:39:34.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
19:39:34.843 Disk 0 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
19:39:34.843 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
19:39:34.843 Disk 1 Vendor: OCZ_VERTEX-PLUS 3.55 Size: 114473MB BusType: 3
19:39:34.859 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-17
19:39:34.859 Disk 2 Vendor: OCZ-VERTEX3 2.15 Size: 114473MB BusType: 3
19:39:34.875 Disk 0 MBR read successfully
19:39:34.875 Disk 0 MBR scan
19:39:34.906 Disk 0 Windows XP default MBR code
19:39:34.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
19:39:34.906 Disk 0 scanning sectors +976752000
19:39:34.984 Disk 0 scanning C:\WINDOWS\system32\drivers
19:39:39.812 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-FZ
19:39:44.625 Disk 0 trace - called modules:
19:39:44.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:39:44.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aee4ab8]
19:39:44.640 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000079[0x8af149e8]
19:39:44.640 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8af2dd98]
19:39:47.093 AVAST engine scan C:\WINDOWS
19:40:19.296 AVAST engine scan C:\WINDOWS\system32
19:42:28.843 AVAST engine scan C:\WINDOWS\system32\drivers
19:42:33.703 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-FZ
19:42:51.906 AVAST engine scan C:\Documents and Settings\rcboosted
19:44:12.171 File: C:\Documents and Settings\rcboosted\DoctorWeb\Quarantine\A0000120.com **INFECTED** Win32:Malware-gen
19:44:12.765 File: C:\Documents and Settings\rcboosted\DoctorWeb\Quarantine\rkill.com **INFECTED** Win32:Malware-gen
19:51:30.250 AVAST engine scan C:\Documents and Settings\All Users
19:54:57.453 Scan finished successfully
19:58:46.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\rcboosted\Desktop\MBR.dat"
19:58:46.546 The log file has been saved successfully to "C:\Documents and Settings\rcboosted\Desktop\aswMBR.txt"






One thing, I forgot to stop the TrendMicro 2012 I installed before posting here a week ago, and it caught a virus while avast was scanning, this is what it found and removed:

6/7/2012 7:43 PM,C:\Documents and Settings\rcboosted\Local Settings\temp\av49E5.tmp,TROJ_HIDEFIL.BMC,Removed

Attached Files

  • Attached File  MBR.zip   624bytes   0 downloads

Edited by rcboosted, 07 June 2012 - 11:26 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 08 June 2012 - 09:20 AM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    netbt.sys
    Volsnap.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

#5 rcboosted

rcboosted
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 08 June 2012 - 09:29 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 07:25 on 08/06/2012 by rcboosted
Administrator - Elevation successful

========== filefind ==========

Searching for " netbt.sys"
No files found.

Searching for " Volsnap.sys"
No files found.

-= EOF =-

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 08 June 2012 - 10:00 AM

Strange. Can you please run ComboFix again.

If ask to update please do so.

#7 rcboosted

rcboosted
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 08 June 2012 - 11:01 AM

That's the issue I've had. Combofix says volsnap.sys is infected, but systemlook couldn't find the file. I will run the combofix when I get home tonight.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 08 June 2012 - 12:03 PM

Do you have access to a good XP Computer?

Can you get hold of both files?

#9 rcboosted

rcboosted
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 08 June 2012 - 03:30 PM

I can. I'll get a copy the two files home. What should I do with them?

Edited by rcboosted, 08 June 2012 - 03:33 PM.


#10 rcboosted

rcboosted
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 08 June 2012 - 09:35 PM

Here's the combofix log:

ComboFix 12-06-08.02 - rcboosted 06/08/2012 19:19:48.14.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2466 [GMT -7:00]
Running from: c:\documents and settings\rcboosted\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Drivers\Volsnap.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-05-28 05:23 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 08:55 . 2012-05-27 08:55 -------- d-----w- c:\documents and settings\rcboosted\Local Settings\Application Data\Trend Micro
2012-05-27 08:54 . 2012-05-27 08:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro
2012-05-27 08:54 . 2011-08-02 20:44 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-27 08:54 . 2011-07-12 11:14 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-27 08:54 . 2011-07-12 11:13 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-27 08:54 . 2011-07-12 11:13 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-27 08:50 . 2012-05-27 08:50 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-05-27 08:49 . 2012-05-27 08:50 -------- d-----w- c:\program files\Trend Micro
2012-05-27 08:48 . 2012-05-27 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2012-05-26 04:17 . 2012-05-26 04:17 -------- d-----w- C:\_OTM
2012-05-21 04:56 . 2012-05-21 04:56 -------- d-----w- c:\program files\ESET
2012-05-13 19:36 . 2012-05-13 19:43 -------- d-----w- C:\Ascot Hills Park
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 23:27 . 2012-05-26 23:27 15736 ----a-w- C:\proxy_list_l1_l2_l3_2.zip
2012-04-11 13:14 . 2008-04-13 22:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-13 23:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-13 19:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-18 20:52 . 2011-09-18 14:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-13 02:53 . 2012-03-13 02:53 63080 ----a-r- c:\documents and settings\rcboosted\Application Data\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-21_04.49.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 05:32 . 2011-01-11 05:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 11:05 . 2011-01-11 11:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 11:23 . 2011-01-11 11:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-11 04:21 . 2011-01-11 04:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2012-06-09 01:46 . 2012-06-09 01:46 16384 c:\windows\Temp\Perflib_Perfdata_3d4.dat
- 2010-03-18 17:15 . 2010-03-18 17:15 51024 c:\windows\system32\vcomp100.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 51024 c:\windows\system32\vcomp100.dll
+ 2001-08-23 12:00 . 2012-06-07 14:28 82538 c:\windows\system32\perfc009.dat
- 2010-03-18 17:15 . 2010-03-18 17:15 80720 c:\windows\system32\mfcm100u.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 80720 c:\windows\system32\mfcm100u.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 80208 c:\windows\system32\mfcm100.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 80208 c:\windows\system32\mfcm100.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 60752 c:\windows\system32\mfc100rus.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 60752 c:\windows\system32\mfc100rus.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 43344 c:\windows\system32\mfc100kor.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 43344 c:\windows\system32\mfc100kor.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 43856 c:\windows\system32\mfc100jpn.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 43856 c:\windows\system32\mfc100jpn.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 62288 c:\windows\system32\mfc100ita.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 62288 c:\windows\system32\mfc100ita.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 64336 c:\windows\system32\mfc100fra.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 64336 c:\windows\system32\mfc100fra.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 63824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 63824 c:\windows\system32\mfc100esn.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 55120 c:\windows\system32\mfc100enu.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 55120 c:\windows\system32\mfc100enu.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 64336 c:\windows\system32\mfc100deu.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 64336 c:\windows\system32\mfc100deu.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 36176 c:\windows\system32\mfc100cht.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 36176 c:\windows\system32\mfc100cht.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 36176 c:\windows\system32\mfc100chs.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 36176 c:\windows\system32\mfc100chs.dll
+ 2009-06-17 16:55 . 2009-06-17 16:55 20240 c:\windows\system32\drivers\L8042Kbd.sys
- 2012-05-13 10:01 . 2012-05-13 10:01 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-07 14:29 . 2012-06-07 14:29 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_a5cbc8b8\System.Drawing.Design.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-13 10:03 . 2012-05-13 10:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-01-11 11:27 . 2011-01-11 11:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 11:24 . 2011-01-11 11:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 11:08 . 2011-01-11 11:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2001-08-23 12:00 . 2012-06-07 14:28 491010 c:\windows\system32\perfh009.dat
+ 2011-01-07 22:39 . 2011-01-07 22:39 768848 c:\windows\system32\msvcr100.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 421200 c:\windows\system32\msvcp100.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 421200 c:\windows\system32\msvcp100.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 137544 c:\windows\system32\atl100.dll
+ 2012-01-22 00:40 . 2012-01-22 00:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-01-31 10:38 . 2012-01-31 10:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-01-28 00:35 . 2012-01-28 00:35 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-03 06:56 . 2012-02-03 06:56 963584 c:\windows\Installer\28346f3.msp
+ 2012-06-07 14:29 . 2012-06-07 14:29 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_15214bdc\System.Drawing.dll
+ 2012-06-07 14:29 . 2012-06-07 14:29 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f575f915\System.Drawing.Design.dll
+ 2012-06-08 02:29 . 2012-06-08 02:29 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a5b389ddffcb10f23884f01c0e1954d9\WindowsFormsIntegration.ni.dll
+ 2012-06-08 02:29 . 2012-06-08 02:29 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\371591225ee369c94784e24dc22f2e45\System.ServiceProcess.ni.dll
+ 2012-06-08 02:29 . 2012-06-08 02:29 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\d1699452fcccc4ac0b6e86be4ec2ed35\System.Messaging.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\3feff5c65196e9e985da693ea38ec5e7\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-08 02:20 . 2012-06-08 02:20 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
+ 2012-06-08 02:20 . 2012-06-08 02:20 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 472064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\dc3e1a4a5dfb11035c5c4ed7e2e839f3\Microsoft.MapPoint.Rendering3D.Utility.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 840192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\b20ee4ea441052508994a878dceb8bd7\Microsoft.MapPoint.Geometry.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 766976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\96ff73ad6a7d3ddc197b897fb05b1400\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 438272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\3738f90eb6d47ad47eab1ca280c2010a\Microsoft.MapPoint.MapControl3D.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e414683ec4cff1cac0c77aaefd67144e\AspNetMMCExt.ni.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-07 14:28 . 2012-06-07 14:28 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-01-11 05:50 . 2011-01-11 05:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-11 05:50 . 2011-01-11 05:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 4368720 c:\windows\system32\mfc100u.dll
- 2010-03-18 17:15 . 2010-03-18 17:15 4368720 c:\windows\system32\mfc100u.dll
+ 2011-01-07 22:39 . 2011-01-07 22:39 4342600 c:\windows\system32\mfc100.dll
+ 2012-01-31 11:46 . 2012-01-31 11:46 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp
- 2012-05-13 10:01 . 2012-05-13 10:01 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 5029160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 5029160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-07 14:24 . 2012-06-07 14:24 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-13 10:01 . 2012-05-13 10:01 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-27 08:49 . 2012-05-27 08:49 1313280 c:\windows\Installer\5879d.msi
+ 2011-01-08 03:10 . 2011-01-08 03:10 3991040 c:\windows\Installer\2834716.msp
+ 2012-06-07 14:28 . 2012-06-07 14:28 7069184 c:\windows\Installer\28346fd.msp
+ 2012-01-22 17:09 . 2012-01-22 17:09 1700352 c:\windows\Installer\28346eb.msp
+ 2012-06-07 14:29 . 2012-06-07 14:29 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_bdb36293\System.Windows.Forms.dll
+ 2012-06-07 14:29 . 2012-06-07 14:29 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b6c82ac0\System.Windows.Forms.dll
+ 2012-06-08 02:18 . 2012-06-08 02:18 2248704 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_fd5fcab0\System.Drawing.dll
+ 2012-06-07 14:29 . 2012-06-07 14:29 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8d121170\System.Design.dll
+ 2012-06-08 02:18 . 2012-06-08 02:18 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_07dc9e91\System.Design.dll
+ 2012-06-07 14:25 . 2012-06-07 14:25 3856896 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\933e8e44a2b9361822b29aae6070e2a2\WindowsBase.ni.dll
+ 2012-06-08 02:29 . 2012-06-08 02:29 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\29675002751f30ff53d8d35d53d9f619\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\251af94314c9427595f307aa885e8987\System.Printing.ni.dll
+ 2012-06-07 14:25 . 2012-06-07 14:25 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c821be068070b07a9a339ab7152bc95e\System.Drawing.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\fb446c68554dea86b92a232efb137fbb\System.Deployment.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 3755008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\07235f805d53920f5ffc3c9ecd96f69a\System.Activities.Presentation.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 2904576 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\6e0842ab7fd23a744a82f3afdee39cfd\ReachFramework.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\668da716f8830ae35cbe97b63126a720\PresentationUI.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ea8618fd346aa17b909cd8700d7218d8\Microsoft.VisualBasic.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\36b485e974db300c3ba6fb6707b83fca\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
+ 2012-06-08 02:20 . 2012-06-08 02:20 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
+ 2012-06-08 02:20 . 2012-06-08 02:20 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
+ 2012-06-07 14:29 . 2012-06-07 14:29 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
+ 2012-06-07 14:29 . 2012-06-07 14:29 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 4094976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\83bcc458362dac96b1937dffec199665\Microsoft.MapPoint.Rendering3D.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 1524224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\45fb9e63cc9919760079fb72fcb64543\Microsoft.MapPoint.GraphicsAPI.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 1949184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\3cf1fbf5f0fd84e619373ded1646e307\Microsoft.MapPoint.Modeling.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 1524736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\37478cb3b39062b876df7c966f0fa98b\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 2766336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\1a435871307f3d5042ad29140b098878\Microsoft.MapPoint.Graphics3D.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-08 02:28 . 2012-06-08 02:28 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-05-13 10:03 . 2012-05-13 10:03 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-13 10:04 . 2012-05-13 10:04 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-07 14:27 . 2012-06-07 14:27 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-07 14:25 . 2012-06-07 14:25 13196800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3290e9cf0eced36ca662cf67df4a939\System.Windows.Forms.ni.dll
+ 2012-06-07 14:25 . 2012-06-07 14:25 17998848 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\52f7c62736eb9b6370632e7eb99bec83\PresentationFramework.ni.dll
+ 2012-06-07 14:25 . 2012-06-07 14:25 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9eebaf24f66d6f75e35bb3df6af1c9aa\PresentationCore.ni.dll
+ 2012-06-08 02:20 . 2012-06-08 02:20 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
+ 2012-06-08 02:27 . 2012-06-08 02:27 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
+ 2012-06-08 02:20 . 2012-06-08 02:20 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
+ 2012-06-07 14:29 . 2012-06-07 14:29 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
+ 2012-06-07 14:28 . 2012-06-07 14:28 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pogoplug"="c:\program files\Pogoplug\PogoplugMonitor.exe" [2012-01-31 234304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-01-01 33636352]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-08-20 603136]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"MPlayerForWindows_UpdateReminder"="c:\program files\MPlayer for Windows\AutoUpdate.exe" [2010-02-06 254376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WTClient"="WTClient.exe" [2009-10-30 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\rcboosted\Start Menu\Programs\Startup\
hosts.bat [2010-10-18 84]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-23 813584]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2010-11-14 6144]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Pogoplug\\HBPLUG\\HBPLUG.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57221:TCP"= 57221:TCP:Pando Media Booster
"57221:UDP"= 57221:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [1/1/2010 2:44 AM 11448]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/27/2012 1:54 AM 68368]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [1/1/2010 4:36 PM 90112]
R2 DokanCEDriver;DokanCEDriver;c:\program files\Pogoplug\dokance.sys [1/30/2012 6:04 PM 54592]
R2 HBAdmin;HBAdmin;c:\program files\Pogoplug\HBPLUG\hbadmin.exe [1/30/2012 6:04 PM 738112]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [4/16/2008 2:00 PM 689416]
R2 UsbClientService;UsbClientService;c:\program files\Synology\Assistant\UsbClientService.exe [2/17/2011 11:18 PM 245760]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2/17/2011 11:20 PM 46304]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/1/2010 2:18 AM 1381632]
R3 xcetap0;XCETAP0 Adapter;c:\windows\system32\drivers\xcetap0.sys [11/3/2011 11:19 AM 34624]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [5/27/2012 1:49 AM 200632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/23/2010 11:35 PM 10384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [11/13/2010 12:04 AM 30312]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [4/16/2008 2:00 PM 894216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [11/13/2010 12:04 AM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [11/13/2010 12:04 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [11/13/2010 12:04 AM 121576]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-2000478354-682003330-1002Core.job
- c:\documents and settings\rcboosted\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 08:08]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-2000478354-682003330-1002UA.job
- c:\documents and settings\rcboosted\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 08:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: Interfaces\{B4309C5F-C7E9-4B11-A357-B2031DEF8307}: NameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-08 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-06-08 19:24:27
ComboFix-quarantined-files.txt 2012-06-09 02:24
ComboFix2.txt 2012-05-21 04:50
ComboFix3.txt 2012-05-19 07:11
.
Pre-Run: 128,722,329,600 bytes free
Post-Run: 128,840,630,272 bytes free
.
- - End Of File - - 1EC1525B1C4B084615859710BDA662EE

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 09 June 2012 - 06:34 AM

I can. I'll get a copy the two files home. What should I do with them?


Run the SystemLook tool on the good computer and search for these files.

:filefind
netbt.sys
Volsnap.sys

Post the log for my review.

I want to make sure they are clean.

#12 rcboosted

rcboosted
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 09 June 2012 - 02:48 PM

Here it is:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:38 on 09/06/2012 by 12345

Administrator - Elevation successful



========== filefind ==========



Searching for "netbt.sys"

C:\WINDOWS\ServicePackFiles\i386\netbt.sys --a---- 162816 bytes [23:17 06/12/2004] [07:51 14/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [12:00 31/03/2003] [07:51 14/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D



Searching for "Volsnap.sys"

C:\WINDOWS\ServicePackFiles\i386\volsnap.sys --a---- 52352 bytes [23:19 06/12/2004] [07:11 14/04/2008] 4C8FCB5CC53AAB716D810740FE59D025

C:\WINDOWS\system32\drivers\volsnap.sys --a---- 52352 bytes [12:00 31/03/2003] [07:11 14/04/2008] 4C8FCB5CC53AAB716D810740FE59D025



-= EOF =-

Edited by rcboosted, 09 June 2012 - 02:49 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 10 June 2012 - 08:08 AM

Copy the files in bold from the good computer to the problem computer.

C:\WINDOWS\system32\drivers\netbt.sys
C:\WINDOWS\system32\drivers\volsnap.sys

How:

Create a new folder in your C:\ drive and name it MyFileCopy

When the files are copied to the C:\MyFileCopy folder execute this script.

Open notepad and copy/paste the text in the quote box below into it:

FCOPY::
C:\MyFileCopy\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys
C:\MyFileCopy\volsnap.sys | C:\WINDOWS\system32\drivers\volsnap.sys


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

Restart the computer normally.

Then post the resultant log.

Let me know what problem persists.

#14 rcboosted

rcboosted
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 10 June 2012 - 12:05 PM

Here's the log. Combofix.exe asked if I wanted to update, I said yes. Then while combofix is running, windows file protection came up saying I chose not to replace the file?(3 times) I clicked yes. I forgot the exact verbage. I do see the 2 files in systems32\drivers directory after restarting windows.


ComboFix 12-06-09.02 - rcboosted 06/10/2012 9:50.15.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2441 [GMT -7:00]
Running from: c:\documents and settings\rcboosted\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\rcboosted\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Drivers\Volsnap.sys . . . is infected!!
.
.
--------------- FCopy ---------------
.
c:\myfilecopy\netbt.sys --> c:\windows\system32\drivers\netbt.sys
c:\myfilecopy\volsnap.sys --> c:\windows\system32\drivers\volsnap.sys
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-10 16:50 . 2008-04-14 07:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-06-10 16:45 . 2012-06-10 16:45 -------- d-----w- C:\MyFileCopy
2012-05-28 05:23 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 08:55 . 2012-05-27 08:55 -------- d-----w- c:\documents and settings\rcboosted\Local Settings\Application Data\Trend Micro
2012-05-27 08:54 . 2012-05-27 08:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro
2012-05-27 08:54 . 2011-08-02 20:44 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-27 08:54 . 2011-07-12 11:14 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-27 08:54 . 2011-07-12 11:13 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-27 08:54 . 2011-07-12 11:13 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-27 08:50 . 2012-05-27 08:50 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-05-27 08:49 . 2012-05-27 08:50 -------- d-----w- c:\program files\Trend Micro
2012-05-27 08:48 . 2012-05-27 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2012-05-26 04:17 . 2012-05-26 04:17 -------- d-----w- C:\_OTM
2012-05-21 04:56 . 2012-05-21 04:56 -------- d-----w- c:\program files\ESET
2012-05-13 19:36 . 2012-05-13 19:43 -------- d-----w- C:\Ascot Hills Park
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 23:27 . 2012-05-26 23:27 15736 ----a-w- C:\proxy_list_l1_l2_l3_2.zip
2012-04-11 13:14 . 2008-04-13 22:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-13 23:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-13 19:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-18 20:52 . 2011-09-18 14:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-13 02:53 . 2012-03-13 02:53 63080 ----a-r- c:\documents and settings\rcboosted\Application Data\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-09_02.23.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-10 16:41 . 2012-06-10 16:41 16384 c:\windows\Temp\Perflib_Perfdata_3d4.dat
- 2012-06-09 01:46 . 2012-06-09 01:46 16384 c:\windows\Temp\Perflib_Perfdata_3d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pogoplug"="c:\program files\Pogoplug\PogoplugMonitor.exe" [2012-01-31 234304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-01-01 33636352]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-08-20 603136]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"MPlayerForWindows_UpdateReminder"="c:\program files\MPlayer for Windows\AutoUpdate.exe" [2010-02-06 254376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WTClient"="WTClient.exe" [2009-10-30 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\rcboosted\Start Menu\Programs\Startup\
hosts.bat [2010-10-18 84]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-23 813584]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2010-11-14 6144]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Pogoplug\\HBPLUG\\HBPLUG.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57221:TCP"= 57221:TCP:Pando Media Booster
"57221:UDP"= 57221:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [1/1/2010 2:44 AM 11448]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/27/2012 1:54 AM 68368]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [1/1/2010 4:36 PM 90112]
R2 DokanCEDriver;DokanCEDriver;c:\program files\Pogoplug\dokance.sys [1/30/2012 6:04 PM 54592]
R2 HBAdmin;HBAdmin;c:\program files\Pogoplug\HBPLUG\hbadmin.exe [1/30/2012 6:04 PM 738112]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [4/16/2008 2:00 PM 689416]
R2 UsbClientService;UsbClientService;c:\program files\Synology\Assistant\UsbClientService.exe [2/17/2011 11:18 PM 245760]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2/17/2011 11:20 PM 46304]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/1/2010 2:18 AM 1381632]
R3 xcetap0;XCETAP0 Adapter;c:\windows\system32\drivers\xcetap0.sys [11/3/2011 11:19 AM 34624]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [5/27/2012 1:49 AM 200632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/23/2010 11:35 PM 10384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [11/13/2010 12:04 AM 30312]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [4/16/2008 2:00 PM 894216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [11/13/2010 12:04 AM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [11/13/2010 12:04 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [11/13/2010 12:04 AM 121576]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-2000478354-682003330-1002Core.job
- c:\documents and settings\rcboosted\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 08:08]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-2000478354-682003330-1002UA.job
- c:\documents and settings\rcboosted\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 08:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: Interfaces\{B4309C5F-C7E9-4B11-A357-B2031DEF8307}: NameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-10 09:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1436)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-06-10 09:54:28
ComboFix-quarantined-files.txt 2012-06-10 16:54
ComboFix2.txt 2012-06-09 02:24
ComboFix3.txt 2012-05-21 04:50
ComboFix4.txt 2012-05-19 07:11
.
Pre-Run: 130,419,318,784 bytes free
Post-Run: 130,395,955,200 bytes free
.
- - End Of File - - 9584D3142F497E11F1F079D2E94AD46B

Edited by rcboosted, 10 June 2012 - 12:08 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 11 June 2012 - 08:19 AM

Please run the aswMBR tool and post a fresh log.

Run ComboFix one more time and post the log also.

Let me know if the problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users