Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect virus/trojan


  • This topic is locked This topic is locked
31 replies to this topic

#1 bouncepass

bouncepass

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 01 July 2012 - 12:39 PM

hey guys,

i seem to be having the exact same problem as Fisticuffs in his thread here;
http://www.bleepingcomputer.com/forums/topic457789.html/page__pid__2738065#entry2738065

ive ran malware bytes, hijackthis and combofix. nothing seemed to get rid of it. i know this stuff is usually masked by random registry entries and such, and sometimes is pc specific, so rather than copy the steps in that thread id thought id start my own.

any help would be appreciated. this virus is a nasty one. ive also rolled back with windows recovery to no avail.

im on windows xp

thnx

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 01 July 2012 - 11:58 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bouncepass

bouncepass
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 03 July 2012 - 12:50 PM

thnx for helping me out with this gringo.

here are the logs

Security Check log;

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
TweakNow RegCleaner Professional
Java™ 6 Update 22
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.3.300.257
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 36% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


DDS LOG;

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2011 7:32:16 PM
System Uptime: 6/29/2012 4:55:17 PM (93 hours ago)
.
Motherboard: Dell Inc. | | 0M3849
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 4.533 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 82.567 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP562: 5/17/2012 12:45:07 AM - System Checkpoint
RP563: 5/18/2012 1:44:01 AM - System Checkpoint
RP564: 5/19/2012 2:03:49 AM - System Checkpoint
RP565: 5/20/2012 2:44:19 AM - System Checkpoint
RP566: 5/21/2012 3:44:20 AM - System Checkpoint
RP567: 5/22/2012 3:45:26 AM - System Checkpoint
RP568: 5/23/2012 4:44:20 AM - System Checkpoint
RP569: 5/24/2012 5:12:27 AM - System Checkpoint
RP570: 5/25/2012 5:44:22 AM - System Checkpoint
RP571: 5/26/2012 6:07:27 AM - System Checkpoint
RP572: 5/27/2012 7:07:13 AM - System Checkpoint
RP573: 5/28/2012 8:07:12 AM - System Checkpoint
RP574: 5/29/2012 9:08:16 AM - System Checkpoint
RP575: 5/30/2012 9:11:43 AM - System Checkpoint
RP576: 5/31/2012 11:09:16 AM - System Checkpoint
RP577: 5/31/2012 11:09:59 PM - Uninstall 'Missing'
RP578: 5/31/2012 11:10:08 PM -
RP579: 6/15/2012 12:46:56 AM - System Checkpoint
RP580: 6/15/2012 4:01:57 PM - Installed SBK™ Generations
RP581: 6/15/2012 5:05:28 PM - Installed DirectX
RP582: 6/16/2012 5:57:03 PM - System Checkpoint
RP583: 6/17/2012 6:45:06 PM - System Checkpoint
RP584: 6/18/2012 7:32:26 PM - System Checkpoint
RP585: 6/19/2012 7:45:06 PM - System Checkpoint
RP586: 6/20/2012 7:50:14 PM - System Checkpoint
RP587: 6/21/2012 8:27:26 PM - System Checkpoint
RP588: 6/21/2012 9:36:44 PM - Installed HiJackThis
RP589: 6/22/2012 9:49:25 PM - System Checkpoint
RP590: 6/23/2012 10:41:55 PM - System Checkpoint
RP591: 6/24/2012 11:52:03 PM - System Checkpoint
RP592: 6/25/2012 11:56:40 PM - System Checkpoint
RP593: 6/27/2012 12:31:51 AM - System Checkpoint
RP594: 6/29/2012 4:57:35 PM - Revo Uninstaller Pro's restore point - UEFA EURO 2012
RP595: 6/27/2012 6:13:59 PM - Software Distribution Service 3.0
RP596: 6/28/2012 7:12:30 PM - System Checkpoint
RP597: 6/29/2012 5:03:50 PM - Restore Operation
RP598: 6/30/2012 6:14:50 PM - System Checkpoint
RP599: 7/1/2012 7:04:03 PM - System Checkpoint
RP600: 7/2/2012 8:02:16 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Acoustica Beatcraft
Acoustica Effects Pack
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.3)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AiO_Scan
Audacity 1.3.14 (Unicode)
Belkin Wireless USB Utility
BitTorrent
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
C-Force
C-Force (C:\Program Files\C-Force\)
CCleaner
CDBurnerXP
CDex extraction audio
DAEMON Tools Lite
Dead Space™ 2
Director 8.5 Shockwave Studio
DiRT 3
Easy Video Splitter 1.28
FileZilla Client 3.5.3
Gears of War
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
ICatch (VI) PC Camera
IMG to ISO
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
Just Great Software EditPad Lite 6.6.4
Mad Skills Motocross
Major League Baseball 2K12
Malwarebytes Anti-Malware version 1.61.0.1400
MediaMonkey 3.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office FrontPage 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox 13.0.1 (x86 en-US)
Multiple Choice Quiz Maker 12.5.0
NBA 2K12
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.7.11
NVIDIA Update Components
OpenAL
OpenOffice.org 3.3
OpenSSL 0.9.8e
Opera 12.00
Orbit Downloader
PCSX2 - Playstation 2 Emulator
PDF Settings
Pinnacle Game Profiler
Pro Evolution Soccer 2012
PunkBuster Services
QFolder
QuickTime
Raptor 3
Rapture3D 2.4.8 Game
Revo Uninstaller Pro 2.5.8
SBK™ Generations
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shockwave
Snagit 10.0.2
SopCast 3.3.2
SoundMAX
Steam
System Requirements Lab
System Requirements Lab CYRI
The 13th Victim
The KMPlayer (remove only)
The Rosetta Stone
TVUPlayer 2.5.3.1
TweakNow RegCleaner Professional
TXTcollector 2.0.1
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV
VLC media player 1.1.7
WebFldrs XP
WebSite Downloader 1.1
Who Wants To Be A Millionaire? Special Editions
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.00 beta 4 (32-bit)
WinX Free WMV to 3GP Converter 2.0.10
WM Recorder 14
Yahoo! Messenger
zbattle.net 1.09 SR-1 beta
.
==== Event Viewer Messages From Past Week ========
.
7/2/2012 8:59:07 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer AMANDAJANE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3BCA52DE-FED7-. The master browser is stopping or an election is being forced.
6/27/2012 7:00:35 PM, error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
6/27/2012 6:59:05 PM, error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/27/2012 6:59:05 PM, error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
6/27/2012 6:59:05 PM, error: Service Control Manager [7000] - The Icatch(IV) Video Camera Device service failed to start due to the following error: The system cannot find the file specified.
6/27/2012 6:36:44 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
6/27/2012 5:47:10 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by vagprotector at 13:52:19 on 2012-07-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2359 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\vagprotector\Desktop\SecurityCheck.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340835013421
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340835005781
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{3BCA52DE-FED7-4D06-94E3-41594710B0BC} : NameServer = 192.168.0.1
TCP: Interfaces\{A2183A37-7625-4EE3-80DD-B9C6ECD5D948} : NameServer = 192.168.0.1
TCP: Interfaces\{D3388FB7-F2E7-4B21-AF12-85FD37379872} : NameServer = 192.168.0.1
TCP: Interfaces\{EA6BE12C-53F8-4E68-9EE7-DEF3F607E5F5} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EA9C357F-4A5B-4DDD-BCE1-360FCE647674} : NameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vagprotector\application data\mozilla\firefox\profiles\pdyjg4z6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 190.199.8.82
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\vagprotector\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-9 239168]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-3-8 61440]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-13 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-13 22344]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-6-27 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1"
.
=============== Created Last 30 ================
.
2012-06-29 21:02:05 -------- d-----w- c:\documents and settings\vagprotector\local settings\application data\PCHealth
2012-06-27 22:13:32 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-27 22:10:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-27 21:38:49 -------- d-----w- c:\documents and settings\vagprotector\local settings\application data\VS Revo Group
2012-06-27 21:38:40 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-27 21:38:36 -------- d-----w- c:\program files\VS Revo Group
2012-06-22 01:43:13 -------- d-----w- C:\ComboFix
2012-06-22 01:36:46 388096 ----a-r- c:\documents and settings\vagprotector\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-22 01:36:44 -------- d-----w- c:\program files\Trend Micro
2012-06-15 20:23:24 -------- d-----w- c:\documents and settings\vagprotector\application data\Fatshark
2012-06-15 20:10:22 -------- d-----w- c:\documents and settings\vagprotector\application data\Milestone
2012-06-09 19:38:46 -------- d-----w- c:\program files\WMV Cutter
2012-06-09 19:34:59 -------- d-----w- c:\program files\Easy Video Splitter
2012-06-09 02:34:05 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-09 02:34:04 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
.
==================== Find3M ====================
.
2012-06-29 21:03:36 119296 ----a-w- c:\windows\system32\zlib.dll
2012-06-15 02:03:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-15 02:03:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 18:37:37 2106216 ----a-w- c:\windows\system32\d3dcompiler_43.dll
2012-05-09 18:26:45 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-19 03:00:08 58668 --sha-w- c:\windows\pdesrv2.exe
.
============= FINISH: 13:53:08.39 ===============

Edited by bouncepass, 03 July 2012 - 12:53 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 03 July 2012 - 01:01 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bouncepass

bouncepass
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 03 July 2012 - 02:08 PM

heres the combofix log.

everything seems the same, still getting redirects.

ComboFix 12-07-02.01 - vagprotector 07/03/2012 15:00:44.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2434 [GMT -4:00]
Running from: c:\documents and settings\vagprotector\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-06-29 21:02 . 2012-06-29 21:02 -------- d-----w- c:\documents and settings\vagprotector\Local Settings\Application Data\PCHealth
2012-06-27 22:13 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-27 22:10 . 2012-06-02 19:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-27 21:38 . 2012-06-27 21:38 -------- d-----w- c:\documents and settings\vagprotector\Local Settings\Application Data\VS Revo Group
2012-06-27 21:38 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-27 21:38 . 2012-06-27 21:38 -------- d-----w- c:\program files\VS Revo Group
2012-06-22 01:36 . 2012-06-22 01:36 388096 ----a-r- c:\documents and settings\vagprotector\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-22 01:36 . 2012-06-22 01:36 -------- d-----w- c:\program files\Trend Micro
2012-06-15 20:23 . 2012-06-15 20:23 -------- d-----w- c:\documents and settings\vagprotector\Application Data\Fatshark
2012-06-15 20:10 . 2012-06-15 20:10 -------- d-----w- c:\documents and settings\vagprotector\Application Data\Milestone
2012-06-09 19:38 . 2012-06-15 20:28 -------- d-----w- c:\program files\WMV Cutter
2012-06-09 19:34 . 2012-06-09 19:34 -------- d-----w- c:\program files\Easy Video Splitter
2012-06-09 02:34 . 2012-06-09 02:34 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-09 02:34 . 2012-06-09 02:34 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 21:03 . 2011-11-17 21:56 119296 ----a-w- c:\windows\system32\zlib.dll
2012-06-15 02:03 . 2012-04-01 07:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 02:03 . 2011-05-16 18:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 21:35 . 2011-01-11 00:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 21:35 . 2009-08-06 23:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19 . 2011-01-11 13:10 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-01-11 13:10 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-01-11 00:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-01-11 00:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2011-01-11 13:10 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2011-01-11 00:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2011-01-11 00:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-12 13:17 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2011-01-11 13:10 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-01-11 00:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-01-11 00:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-12 13:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-12 13:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-12 13:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-12 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 18:37 . 2011-01-13 08:58 2106216 ----a-w- c:\windows\system32\d3dcompiler_43.dll
2012-05-09 18:26 . 2012-05-09 18:26 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-05-04 13:12 . 2004-08-12 13:25 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-01-11 00:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 19:56 . 2011-01-13 08:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 22:45 . 2011-05-15 23:25 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-19 03:00 58668 --sha-w- c:\windows\pdesrv2.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2F8C2B6E052A4C6EC5575EA10F8E5191 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-12 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2012-06-01_04.07.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 12:05 . 2008-07-29 12:05 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_8babbe9a\vcomp90.dll
+ 2012-06-29 21:03 . 2012-06-29 21:03 16384 c:\windows\Temp\Perflib_Perfdata_144.dat
+ 2012-06-27 22:10 . 2012-06-02 19:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-27 22:10 . 2012-06-02 19:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2004-08-12 13:26 . 2012-06-27 22:49 87288 c:\windows\system32\perfc009.dat
- 2004-08-12 13:26 . 2012-06-01 03:01 87288 c:\windows\system32\perfc009.dat
+ 2004-08-12 13:23 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-12 13:20 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
- 2004-08-12 13:20 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
- 2011-10-21 06:12 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-10-21 06:12 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-01-11 00:27 . 2012-06-02 19:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2011-01-11 00:27 . 2012-06-02 19:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-12 13:23 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-10-21 06:12 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-10-21 06:12 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-12 13:21 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-12 13:21 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-12 13:20 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-12 13:20 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-12 13:17 . 2012-06-02 19:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-17 04:33 . 2012-02-17 04:33 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-02-09 01:19 . 2012-06-27 22:27 27136 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2011-02-09 01:19 . 2012-01-26 02:02 27136 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2011-02-09 01:19 . 2012-01-26 02:02 12288 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-02-09 01:19 . 2012-06-27 22:27 12288 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-02-06 05:50 . 2012-06-27 22:26 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-02-06 05:50 . 2012-02-17 04:43 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\d0e566898e25f6b1b4cb399088d335d4\System.Xaml.Hosting.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\b9b7098a0488ac87026a0cadd2d7d972\System.Windows.Presentation.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\d8f7bf8ce78d0785e68c589c1e64a6dd\System.Web.Routing.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\87537faa8565dfedaac7f75d68388def\System.Web.DynamicData.Design.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\e5cf7be6b9deee73d674f2bc43752fed\System.Web.ApplicationServices.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\31ec874a9482ad1a99ba24ca4a6ec914\System.Web.Abstractions.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ecf399e8d134430078d35927ba352639\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\c1f0119b6a48a5e5741506ad6fc03d3f\Microsoft.Workflow.Compiler.ni.exe
+ 2012-06-27 22:57 . 2012-06-27 22:57 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
+ 2012-06-27 22:46 . 2012-06-27 22:46 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-06-27 22:44 . 2012-06-27 22:44 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-06-27 22:41 . 2012-06-27 22:41 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-06-27 22:48 . 2012-06-27 22:48 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-02-09 01:19 . 2012-01-26 02:02 4096 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-02-09 01:19 . 2012-06-27 22:27 4096 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2012-06-27 22:57 . 2012-06-27 22:57 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fd866b4158c3bd2a26c875f2896c5573\dfsvc.ni.exe
- 2012-02-17 04:30 . 2012-02-17 04:30 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-06 03:13 . 2012-04-06 03:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
- 2004-08-12 13:33 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2004-08-12 13:33 . 2012-02-29 14:10 177664 c:\windows\system32\wintrust.dll
+ 2004-08-12 13:31 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
- 2004-08-12 13:31 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
+ 2012-06-27 22:10 . 2012-06-02 19:19 577048 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.6.7600.256\wuapi.dll
+ 2004-08-12 13:26 . 2012-06-27 22:49 501382 c:\windows\system32\perfh009.dat
- 2004-08-12 13:26 . 2012-06-01 03:01 501382 c:\windows\system32\perfh009.dat
+ 2004-08-12 13:25 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
- 2004-08-12 13:25 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
- 2004-08-12 13:23 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
+ 2004-08-12 13:23 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2012-06-15 02:03 . 2012-06-15 02:03 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe
+ 2012-04-01 07:10 . 2012-06-15 02:03 257224 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2004-08-12 13:20 . 2012-02-29 14:10 148480 c:\windows\system32\imagehlp.dll
+ 2004-08-12 13:19 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
- 2004-08-12 13:19 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
+ 2004-08-12 13:19 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-12 13:19 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-12 13:19 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
- 2004-08-12 13:19 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2011-01-11 00:27 . 2012-06-04 21:35 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2011-01-11 00:27 . 2012-06-02 19:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2011-01-11 00:27 . 2012-06-02 19:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2004-08-12 13:33 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
- 2004-08-12 13:33 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
- 2004-08-12 13:31 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-12 13:31 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2011-10-21 06:11 . 2012-05-02 13:46 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2011-10-21 06:11 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2004-08-12 13:25 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-12 13:25 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-12 13:23 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-12 13:23 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
+ 2011-10-21 06:12 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2011-10-21 06:12 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2011-10-21 06:12 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-12 13:19 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-12 13:19 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-10-21 06:12 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-10-21 06:12 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-12 13:19 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-12 13:19 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-12 13:19 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-12 13:19 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2011-09-09 09:12 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-09 09:12 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 917272 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 182056 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 156440 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 386824 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2012-04-06 03:52 . 2012-04-06 03:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2012-04-21 11:15 . 2012-04-21 11:15 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-15 20:05 . 2012-06-15 20:05 199680 c:\windows\Installer\3dfcfb6.msi
+ 2012-04-22 01:55 . 2012-04-22 01:55 980480 c:\windows\Installer\19b4b8bb.msp
+ 2011-12-22 20:50 . 2011-12-22 20:50 256000 c:\windows\Installer\19b4b880.msp
- 2011-02-09 01:19 . 2012-01-26 02:02 135168 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-02-09 01:19 . 2012-06-27 22:27 135168 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-02-09 01:19 . 2012-06-27 22:27 282624 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
- 2011-02-09 01:19 . 2012-01-26 02:02 282624 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 1998-06-17 15:52 . 1998-06-17 15:52 401462 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSVCP60.DLL
+ 2010-03-18 18:16 . 2010-03-18 18:16 915800 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\wpftxt_x86.dll
+ 2010-03-18 14:09 . 2010-03-18 14:09 158048 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\UIAutomationCore_x86.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 181096 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationHostDLL_X86.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2699988-IE8\wininet.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll
+ 2012-06-27 22:41 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll
+ 2012-06-27 22:41 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe
+ 2012-06-27 22:41 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2699988-IE8\occache.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll
+ 2012-06-27 22:41 . 2009-03-08 09:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll
+ 2012-06-27 22:41 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe
+ 2012-06-27 23:16 . 2012-06-27 23:16 404480 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\af016c61241c5f656987befbe2bd3877\XamlBuildTask.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\0f2ca934e561d299029ace93471f6f5d\WsatConfig.ni.exe
+ 2012-06-27 23:16 . 2012-06-27 23:16 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\9d59cf7eb15733ca09736eaaa2acaef6\WindowsFormsIntegration.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
+ 2012-06-27 23:16 . 2012-06-27 23:16 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\9b0ac8d84952a581adf18051bb60bea1\UIAutomationClient.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\59fb92c38f1035e7b11a23fc6e82c992\System.Windows.Input.Manipulations.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\35ae354015bbea717591396b8cb200e0\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\6c381bad9ad26135eb47fd9420808ae1\System.Web.RegularExpressions.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\9bf194d3dc351177a09ab80b73d61623\System.Web.Extensions.Design.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\c6be1dc25956f18918a6c476b480f2e8\System.Web.Entity.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\a8e5b803f72f24a9b0c8bfa52022ccc4\System.Web.Entity.Design.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\f6811d5d914393045f5bd6fb75aeed86\System.Web.DynamicData.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\8b3da072423813c5953a50a53934ccfb\System.Web.DataVisualization.Design.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
+ 2012-06-27 23:14 . 2012-06-27 23:14 425472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9b58b34c78a2ee10db91790197269962\System.ServiceModel.Activation.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll
+ 2012-06-27 22:23 . 2012-06-27 22:23 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6a37764b2df9b3f9c7775701027ef779\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\082473bbeed448eb13a7f348cf33e98f\System.Runtime.Remoting.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 241664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\0c4ec58f70e0fe6e74458c35fb260e2d\System.Runtime.Caching.ni.dll
+ 2012-06-27 22:23 . 2012-06-27 22:23 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 652800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\b0a7e53e8aaaca2d2ae065e85f959ff4\System.Net.ni.dll
+ 2012-06-27 23:14 . 2012-06-27 23:14 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\e7c4c4b181cff7c86388da8af37dc521\System.Messaging.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\d7cba8bd14e7352bc6b1f7cd35b7fd43\System.Management.Instrumentation.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\100d056c9dc360ec5a25ff227a14840b\System.IO.Log.ni.dll
+ 2012-06-27 23:14 . 2012-06-27 23:14 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\5e38634854f36e1aff7500a351830427\System.IdentityModel.Selectors.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.Wrapper.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
+ 2012-06-27 22:23 . 2012-06-27 22:23 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1203e60a51fe0f726fbeaf0456f938a5\System.Dynamic.ni.dll
+ 2012-06-27 22:44 . 2012-06-27 22:44 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\67723532200d3aeaeab174dbb3d7cc0c\System.Drawing.Design.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\c75c07a581ad459c8474cd83aa7dabf4\System.DirectoryServices.Protocols.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\80373cd811bf63ae93af1733a6c7e1c5\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\6fbe438983c9ca94c80d64225ad2e5ce\System.Device.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 508416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\d506d749f8876ce54d2873f821ed71d0\System.Data.Services.Design.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\950c346ef6261ecc93ced8d995914a1d\System.Data.DataSetExtensions.ni.dll
+ 2012-06-27 22:23 . 2012-06-27 22:23 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\909306caa69b55ffdce3ae5a7f6baa20\System.Configuration.Install.ni.dll
+ 2012-06-27 22:24 . 2012-06-27 22:24 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\f7099031cfac8ec61b948bb09b07b1a1\System.ComponentModel.Composition.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\bcbd0e714127d69a895ef80afa5dfd78\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\41d68b79da934255ca82b466b93d7938\System.AddIn.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2d00f7297e070e69c1cb44b25503b1c3\System.Activities.DurableInstancing.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\0ae347a9076db27075e06a63f2123186\SMSvcHost.ni.exe
+ 2012-06-27 23:11 . 2012-06-27 23:11 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
+ 2012-06-27 22:24 . 2012-06-27 22:24 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ee6e30c355ec2ffab1525b42253f7aef\PresentationFramework.Aero.ni.dll
+ 2012-06-27 22:23 . 2012-06-27 22:23 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c0f724e8231a71eb4d062d4f5233ff7f\PresentationFramework.Royale.ni.dll
+ 2012-06-27 22:24 . 2012-06-27 22:24 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\45d2307fb0898a18dec5a04ff9f8b85c\PresentationFramework.Classic.ni.dll
+ 2012-06-27 22:24 . 2012-06-27 22:24 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\190e1740c9b998105a47ec31df0b6f11\PresentationFramework.Luna.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\9721e2b6b8c609ca6e1cc4421fe21aab\MSBuild.ni.exe
+ 2012-06-27 22:57 . 2012-06-27 22:57 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0f95232d74169e3ba54d82d782938441\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\10d7bd563bd71306375c6887ddd9de46\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\6a85603698b482431ee32be6bbb9dc17\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\36d04a30117557a021b77148dee9b6ad\Microsoft.Build.Framework.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\d7434f17d4dc794989bbfc452830ba53\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\b1b54defb7aa37ea943d218f3adc3d02\ComSvcConfig.ni.exe
+ 2012-06-27 22:57 . 2012-06-27 22:57 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\4118350bf8ae0958ed696751a47dfac8\AspNetMMCExt.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-06-27 22:51 . 2012-06-27 22:51 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll
+ 2012-06-27 22:46 . 2012-06-27 22:46 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-06-27 22:46 . 2012-06-27 22:46 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-06-27 22:48 . 2012-06-27 22:48 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-06-27 22:48 . 2012-06-27 22:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-06-27 22:51 . 2012-06-27 22:51 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-06-27 22:54 . 2012-06-27 22:54 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-06-27 22:45 . 2012-06-27 22:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-06-27 22:45 . 2012-06-27 22:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-06-27 22:45 . 2012-06-27 22:45 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-06-27 22:45 . 2012-06-27 22:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-06-27 22:54 . 2012-06-27 22:54 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-06-27 22:53 . 2012-06-27 22:53 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-07-01 02:23 . 2011-07-01 02:23 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-27 22:14 . 2012-06-27 22:14 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-27 22:40 . 2012-06-27 22:40 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-07-01 02:23 . 2011-07-01 02:23 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-27 22:40 . 2012-06-27 22:40 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-06-27 22:12 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2004-08-12 13:31 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
- 2004-08-12 13:31 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2012-06-29 21:01 . 2012-06-29 21:02 5122696 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-12 13:23 . 2012-05-11 14:42 6007808 c:\windows\system32\mshtml.dll
+ 2012-06-15 02:03 . 2012-06-15 02:03 9459912 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
+ 2009-03-08 09:32 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
- 2009-03-08 09:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2011-01-10 18:22 . 2012-06-27 22:58 1437768 c:\windows\system32\FNTCACHE.DAT
- 2011-01-10 18:22 . 2012-04-24 12:35 1437768 c:\windows\system32\FNTCACHE.DAT
+ 2011-01-11 00:27 . 2012-06-02 19:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-05-02 05:22 . 2012-05-15 13:20 1863168 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-12 13:31 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-12 13:31 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2011-01-11 13:13 . 2012-05-04 13:12 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-01-11 13:13 . 2012-05-04 12:32 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2012-05-04 12:32 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2011-01-11 13:13 . 2012-05-04 13:16 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-12 13:23 . 2012-05-11 14:42 6007808 c:\windows\system32\dllcache\mshtml.dll
+ 2011-10-21 06:12 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2011-10-21 06:12 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 1369872 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 6429992 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 3790112 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2012-03-20 09:23 . 2012-03-20 09:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-10-26 08:39 . 2011-10-26 08:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-03-20 09:23 . 2012-03-20 09:23 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-07-07 09:18 . 2011-07-07 09:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-27 22:43 . 2012-06-27 22:43 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-02-17 04:33 . 2012-02-17 04:33 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-22 01:36 . 2012-06-22 01:36 1094656 c:\windows\Installer\4cd0827.msi
+ 2012-03-21 03:57 . 2012-03-21 03:57 6188544 c:\windows\Installer\19b4b8fb.msp
+ 2012-03-15 17:43 . 2012-03-15 17:43 4216320 c:\windows\Installer\19b4b8f3.msp
+ 2012-04-23 02:37 . 2012-04-23 02:37 1182720 c:\windows\Installer\19b4b8c3.msp
+ 2012-03-20 02:02 . 2012-03-20 02:02 6695936 c:\windows\Installer\19b4b8b3.msp
+ 2012-01-19 17:37 . 2012-01-19 17:37 8999936 c:\windows\Installer\19b4b88b.msp
+ 2010-03-18 18:16 . 2010-03-18 18:16 1303896 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\WindowsBase_x86.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 6346600 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationFramework_x86.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 3545952 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationCore_x86.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
+ 2012-06-27 22:41 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll
+ 2011-01-11 13:13 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-01-11 13:13 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2011-01-11 13:13 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-06-27 22:32 . 2012-06-27 22:32 3856896 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\62f103f9e662d263ec2ecacc49d4525b\WindowsBase.ni.dll
+ 2012-06-27 23:16 . 2012-06-27 23:16 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\2cf35797a56eba020ed629b395ad2daa\UIAutomationClientsideProviders.ni.dll
+ 2012-06-27 22:22 . 2012-06-27 22:22 9090560 c:\windows\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
+ 2012-06-27 22:23 . 2012-06-27 22:23 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9b6f1bcb2cf4e6ad429cd721b942f30f\System.Xaml.ni.dll
+ 2012-06-27 23:16 . 2012-06-27 23:16 1211904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\c6dd1cf1d4982499cd88f936b1af25c2\System.WorkflowServices.ni.dll
+ 2012-06-27 23:16 . 2012-06-27 23:16 1969152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\98f298152a32f3771c76a67ee232d62c\System.Workflow.Runtime.ni.dll
+ 2012-06-27 23:16 . 2012-06-27 23:16 4475904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\e50dc7c5112b5e01f93f7334f8b41936\System.Workflow.ComponentModel.ni.dll
+ 2012-06-27 23:16 . 2012-06-27 23:16 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\7f3f4c9d37a97b42559a5a11d5368c5a\System.Workflow.Activities.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\90c878d9bfdfa68644d6fd70d105a57d\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 1897472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\65f64efe2aec0291c18453af0c3eb19b\System.Web.Services.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\8eddc2c1475d8ba5dd7f848fcba2cf69\System.Web.Mobile.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\fe9c24faeca855940b69bbefd3419d09\System.Web.Extensions.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 4574720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\05b5d6f3c719f40d2611edcf6b70d07b\System.Web.DataVisualization.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 2010624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\7ebd25fd0282e19eba65f4da70ab5a0b\System.Speech.ni.dll
+ 2012-06-27 23:14 . 2012-06-27 23:14 1051648 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d6efd98958647b0a5b224393605f30da\System.ServiceModel.Web.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\5874aff524c86d029d38a874be9702b2\System.Printing.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\1409dc3832b37f850569c69a795f834b\System.Management.ni.dll
+ 2012-06-27 23:14 . 2012-06-27 23:14 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
+ 2012-06-27 22:33 . 2012-06-27 22:33 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8d978e3524c0bd870ce63db289c4de6d\System.DirectoryServices.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\49fa1b6f067c7c93b309581083e5fac0\System.Deployment.ni.dll
+ 2012-06-27 22:24 . 2012-06-27 22:24 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
+ 2012-06-27 22:23 . 2012-06-27 22:23 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\6cdfd96214b74cdf4984ae8ee076f421\System.Data.SqlXml.ni.dll
+ 2012-06-27 23:14 . 2012-06-27 23:14 2018304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\3b487559f07993f2752c0db036a82042\System.Data.Services.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\65444428f83ba9e46053e46d2341655f\System.Data.Services.Client.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\c033d23b1273f660948b2d5773256518\System.Data.OracleClient.ni.dll
+ 2012-06-27 22:24 . 2012-06-27 22:24 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\867ce3db3528f36121841762a19da61d\System.Data.Linq.ni.dll
+ 2012-06-27 23:14 . 2012-06-27 23:14 1408000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\22db388405f6082f8a9403891705912b\System.Data.Entity.Design.ni.dll
+ 2012-06-27 22:23 . 2012-06-27 22:23 7052800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\95b5ece57120cb7363e69e5fbd4616b7\System.Activities.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 3755008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\cf95f30a1bb7a5456070520d2b111436\System.Activities.Presentation.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 1544192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\f0c4476258c5336a3d950e588fbeb853\System.Activities.Core.Presentation.ni.dll
+ 2012-06-27 23:12 . 2012-06-27 23:12 2904576 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\a2f341812e09a99a6deab48b9b4c482f\ReachFramework.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\0cb224b8f7bd962c1c57f9c1242c2e47\PresentationUI.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 1478144 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\a9ce167b63b51be01900e93e4ada5f2f\PresentationBuildTasks.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b108894c04c131e1f84cb50a5dd99142\Microsoft.VisualBasic.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\434583d8e633570da52da83faea4a758\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0ea089340d65c882670a55cd1435910d\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\50ca1cf4491136871b732062c412bad0\Microsoft.Transactions.Bridge.ni.dll
+ 2012-06-27 23:15 . 2012-06-27 23:15 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\78e5704cfbbec26947e2e1ff07f647bf\Microsoft.JScript.ni.dll
+ 2012-06-27 22:24 . 2012-06-27 22:24 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\9c3ba92c4fce8efd41b59a0243415408\Microsoft.CSharp.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 4243456 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\88db74e692bdaca666bdcf3f4e30b3f1\Microsoft.Build.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\980d59b4cf1702de0a964e24ac5b9537\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-27 22:57 . 2012-06-27 22:57 1929216 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\fda8ded0b4047a590e4ab17af42c2cfc\Microsoft.Build.Engine.ni.dll
+ 2012-06-27 22:42 . 2012-06-27 22:42 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-06-27 22:46 . 2012-06-27 22:46 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-06-27 22:38 . 2012-06-27 22:38 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1644.tmp\System.Deployment.dll
+ 2012-06-27 22:41 . 2012-06-27 22:41 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-06-27 22:46 . 2012-06-27 22:46 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-06-27 22:46 . 2012-06-27 22:46 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-06-27 22:48 . 2012-06-27 22:48 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-06-27 22:46 . 2012-06-27 22:46 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll
+ 2012-06-27 22:48 . 2012-06-27 22:48 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-06-27 22:46 . 2012-06-27 22:46 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-06-27 22:45 . 2012-06-27 22:45 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-06-27 22:45 . 2012-06-27 22:45 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\ca63096c1ecf977f509e2a565f4bcdac\System.Data.Entity.ni.dll
+ 2012-06-27 22:45 . 2012-06-27 22:45 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-06-27 22:45 . 2012-06-27 22:45 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll
+ 2012-06-27 22:50 . 2012-06-27 22:50 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll
+ 2012-06-27 22:41 . 2012-06-27 22:41 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\4ff6600c1fd3415ef0b058cf28814cb6\PresentationBuildTasks.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-06-27 22:55 . 2012-06-27 22:55 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-27 22:54 . 2012-06-27 22:54 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
- 2011-10-21 06:25 . 2011-10-21 06:25 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-27 22:40 . 2012-06-27 22:40 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-27 22:40 . 2012-06-27 22:40 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-27 22:40 . 2012-06-27 22:40 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-27 22:49 . 2012-06-27 22:49 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-17 04:30 . 2012-02-17 04:30 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-15 21:05 . 2012-06-15 21:05 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-05-11 00:13 . 2012-05-11 00:13 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-11 13:28 . 2012-06-04 03:35 56731752 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2012-05-12 00:12 11111424 c:\windows\system32\ieframe.dll
+ 2011-08-23 21:48 . 2012-05-12 00:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-04-06 07:13 . 2012-04-06 07:13 16527872 c:\windows\Installer\19b4b8eb.msp
+ 2012-04-06 06:12 . 2012-04-06 06:12 15709696 c:\windows\Installer\19b4b8e2.msp
+ 2012-01-04 06:25 . 2012-01-04 06:25 17751552 c:\windows\Installer\19b4b8d6.msp
+ 2012-06-27 22:25 . 2012-06-27 22:25 20343808 c:\windows\Installer\19b4b8a7.msp
+ 2011-12-15 17:40 . 2011-12-15 17:40 23374336 c:\windows\Installer\19b4b89c.msp
+ 2012-03-28 22:10 . 2012-03-28 22:10 12098048 c:\windows\Installer\19b4b878.msp
+ 2012-06-27 22:41 . 2011-12-18 19:46 11082240 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll
+ 2012-06-27 22:44 . 2012-06-27 22:44 13197824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
+ 2012-06-27 23:11 . 2012-06-27 23:11 12076544 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\06694670b427e38e8f3df4b7b0ff8e0d\System.Web.ni.dll
+ 2012-06-27 23:14 . 2012-06-27 23:14 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
+ 2012-06-27 22:44 . 2012-06-27 22:44 11002880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\e2fb9536a5cdf2c136b1c2f2c65cee11\System.Design.ni.dll
+ 2012-06-27 23:14 . 2012-06-27 23:14 13324288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\65d0d6f4cdbc47ecd5cce9e959827fe8\System.Data.Entity.ni.dll
+ 2012-06-27 22:34 . 2012-06-27 22:34 17998848 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5d585d5428ce69abc28238ffa9f4d3a2\PresentationFramework.ni.dll
+ 2012-06-27 22:33 . 2012-06-27 22:33 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\fe068ba4be8f6cb7d6a58bccff05c75e\PresentationCore.ni.dll
+ 2012-06-27 22:22 . 2012-06-27 22:22 14412800 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
+ 2012-06-27 22:51 . 2012-06-27 22:51 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
+ 2012-06-27 22:56 . 2012-06-27 22:56 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
+ 2012-06-27 22:53 . 2012-06-27 22:54 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-06-27 22:51 . 2012-06-27 22:51 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll
+ 2012-06-27 22:45 . 2012-06-27 22:45 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
+ 2012-06-27 22:44 . 2012-06-27 22:44 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
+ 2012-06-27 22:41 . 2012-06-27 22:41 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Icatch(VI) SnapDetect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Icatch(VI) SnapDetect.lnk
backup=c:\windows\pss\Icatch(VI) SnapDetect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-01-30 05:10 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-02-12 03:19 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\redIRC\\mirc.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"e:\\Program Files\\EA Games\\Dead Space 2\\deadspace2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"e:\\Program Files\\2K Sports\\Major League Baseball 2K12\\mlb2k12.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"e:\\Program Files\\Who Wants To Be A Millionaire Special Editions\\Binaries\\Win32\\ShippingPC-WWTBAMGame.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/9/2012 6:33 PM 239168]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/8/2005 7:46 PM 61440]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/13/2011 4:29 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/13/2011 4:29 AM 22344]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2/22/2012 12:36 AM 2348352]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/27/2012 5:38 PM 27064]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1788223648-725345543-1003Core.job
- c:\documents and settings\vagprotector\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-05 22:21]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1788223648-725345543-1003UA.job
- c:\documents and settings\vagprotector\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-05 22:21]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
TCP: Interfaces\{3BCA52DE-FED7-4D06-94E3-41594710B0BC}: NameServer = 192.168.0.1
TCP: Interfaces\{A2183A37-7625-4EE3-80DD-B9C6ECD5D948}: NameServer = 192.168.0.1
TCP: Interfaces\{D3388FB7-F2E7-4B21-AF12-85FD37379872}: NameServer = 192.168.0.1
TCP: Interfaces\{EA9C357F-4A5B-4DDD-BCE1-360FCE647674}: NameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\vagprotector\Application Data\Mozilla\Firefox\Profiles\pdyjg4z6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 190.199.8.82
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
txtfile="c:\program files\JGsoft\EditPadLite\EditPadLite.exe" "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-03 15:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3328)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-03 15:08:37
ComboFix-quarantined-files.txt 2012-07-03 19:08
ComboFix2.txt 2012-06-22 01:54
ComboFix3.txt 2012-06-01 04:09
ComboFix4.txt 2012-04-27 01:20
ComboFix5.txt 2012-07-03 18:59
.
Pre-Run: 4,839,882,752 bytes free
Post-Run: 4,817,100,800 bytes free
.
- - End Of File - - 3DFA74927B5E6DF7CE3ABB30CF6C52E6

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 03 July 2012 - 02:59 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bouncepass

bouncepass
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 03 July 2012 - 04:15 PM

here u go

16:43:55.0953 3504 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
16:43:56.0234 3504 ============================================================
16:43:56.0234 3504 Current date / time: 2012/07/03 16:43:56.0234
16:43:56.0234 3504 SystemInfo:
16:43:56.0234 3504
16:43:56.0234 3504 OS Version: 5.1.2600 ServicePack: 3.0
16:43:56.0234 3504 Product type: Workstation
16:43:56.0234 3504 ComputerName: JIMMY-DE0C57A72
16:43:56.0234 3504 UserName: vagprotector
16:43:56.0234 3504 Windows directory: C:\WINDOWS
16:43:56.0234 3504 System windows directory: C:\WINDOWS
16:43:56.0234 3504 Processor architecture: Intel x86
16:43:56.0234 3504 Number of processors: 1
16:43:56.0234 3504 Page size: 0x1000
16:43:56.0234 3504 Boot type: Normal boot
16:43:56.0234 3504 ============================================================
16:43:56.0609 3504 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:43:57.0046 3504 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:43:57.0078 3504 ============================================================
16:43:57.0078 3504 \Device\Harddisk0\DR0:
16:43:57.0078 3504 MBR partitions:
16:43:57.0078 3504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x4A69BB9
16:43:57.0078 3504 \Device\Harddisk1\DR1:
16:43:57.0078 3504 MBR partitions:
16:43:57.0078 3504 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:43:57.0078 3504 ============================================================
16:43:57.0109 3504 C: <-> \Device\Harddisk0\DR0\Partition0
16:43:57.0203 3504 E: <-> \Device\Harddisk1\DR1\Partition0
16:43:57.0203 3504 ============================================================
16:43:57.0203 3504 Initialize success
16:43:57.0203 3504 ============================================================
16:44:06.0000 1572 ============================================================
16:44:06.0000 1572 Scan started
16:44:06.0000 1572 Mode: Manual;
16:44:06.0000 1572 ============================================================
16:44:07.0015 1572 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
16:44:07.0015 1572 61883 - ok
16:44:07.0015 1572 Abiosdsk - ok
16:44:07.0015 1572 abp480n5 - ok
16:44:07.0062 1572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:44:07.0078 1572 ACPI - ok
16:44:07.0109 1572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:44:07.0109 1572 ACPIEC - ok
16:44:07.0109 1572 adpu160m - ok
16:44:07.0125 1572 aeaudio - ok
16:44:07.0140 1572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:44:07.0140 1572 aec - ok
16:44:07.0187 1572 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:44:07.0203 1572 AFD - ok
16:44:07.0203 1572 Aha154x - ok
16:44:07.0203 1572 aic78u2 - ok
16:44:07.0218 1572 aic78xx - ok
16:44:07.0250 1572 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:44:07.0250 1572 Alerter - ok
16:44:07.0281 1572 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:44:07.0281 1572 ALG - ok
16:44:07.0296 1572 AliIde - ok
16:44:07.0296 1572 amsint - ok
16:44:07.0359 1572 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:44:07.0359 1572 AppMgmt - ok
16:44:07.0390 1572 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:44:07.0390 1572 Arp1394 - ok
16:44:07.0406 1572 asc - ok
16:44:07.0406 1572 asc3350p - ok
16:44:07.0421 1572 asc3550 - ok
16:44:07.0484 1572 ASFIPmon (00a70bac21f71e5a1fbf328ff5ffed46) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
16:44:07.0484 1572 ASFIPmon - ok
16:44:07.0531 1572 ASPI32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\ASPI32.sys
16:44:07.0531 1572 ASPI32 - ok
16:44:07.0625 1572 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:44:07.0625 1572 aspnet_state - ok
16:44:07.0656 1572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:44:07.0656 1572 AsyncMac - ok
16:44:07.0703 1572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:44:07.0718 1572 atapi - ok
16:44:07.0718 1572 Atdisk - ok
16:44:07.0781 1572 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
16:44:07.0781 1572 atksgt - ok
16:44:07.0812 1572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:44:07.0812 1572 Atmarpc - ok
16:44:07.0875 1572 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:44:07.0875 1572 AudioSrv - ok
16:44:07.0906 1572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:44:07.0906 1572 audstub - ok
16:44:07.0937 1572 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
16:44:07.0937 1572 Avc - ok
16:44:07.0984 1572 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:44:07.0984 1572 b57w2k - ok
16:44:08.0015 1572 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
16:44:08.0015 1572 BASFND - ok
16:44:08.0062 1572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:44:08.0062 1572 Beep - ok
16:44:08.0125 1572 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:44:08.0125 1572 BITS - ok
16:44:08.0187 1572 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
16:44:08.0187 1572 BLKWGU(Belkin) - ok
16:44:08.0234 1572 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
16:44:08.0234 1572 Bonjour Service - ok
16:44:08.0281 1572 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:44:08.0281 1572 Browser - ok
16:44:08.0281 1572 Ca533av - ok
16:44:08.0296 1572 CA561 - ok
16:44:08.0421 1572 catchme - ok
16:44:08.0468 1572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:44:08.0468 1572 cbidf2k - ok
16:44:08.0500 1572 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:44:08.0500 1572 CCDECODE - ok
16:44:08.0500 1572 cd20xrnt - ok
16:44:08.0546 1572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:44:08.0546 1572 Cdaudio - ok
16:44:08.0578 1572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:44:08.0578 1572 Cdfs - ok
16:44:08.0593 1572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:44:08.0593 1572 Cdrom - ok
16:44:08.0609 1572 Changer - ok
16:44:08.0640 1572 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:44:08.0640 1572 CiSvc - ok
16:44:08.0656 1572 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:44:08.0656 1572 ClipSrv - ok
16:44:08.0750 1572 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:44:08.0750 1572 clr_optimization_v2.0.50727_32 - ok
16:44:08.0812 1572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:44:08.0812 1572 clr_optimization_v4.0.30319_32 - ok
16:44:08.0812 1572 CmdIde - ok
16:44:08.0812 1572 COMSysApp - ok
16:44:08.0828 1572 Cpqarray - ok
16:44:08.0875 1572 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:44:08.0875 1572 CryptSvc - ok
16:44:08.0875 1572 dac2w2k - ok
16:44:08.0890 1572 dac960nt - ok
16:44:08.0953 1572 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:44:08.0953 1572 DcomLaunch - ok
16:44:09.0000 1572 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:44:09.0000 1572 Dhcp - ok
16:44:09.0015 1572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:44:09.0015 1572 Disk - ok
16:44:09.0031 1572 dmadmin - ok
16:44:09.0093 1572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:44:09.0109 1572 dmboot - ok
16:44:09.0125 1572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:44:09.0125 1572 dmio - ok
16:44:09.0140 1572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:44:09.0140 1572 dmload - ok
16:44:09.0171 1572 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:44:09.0187 1572 dmserver - ok
16:44:09.0218 1572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:44:09.0218 1572 DMusic - ok
16:44:09.0250 1572 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:44:09.0250 1572 Dnscache - ok
16:44:09.0296 1572 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:44:09.0296 1572 Dot3svc - ok
16:44:09.0312 1572 dpti2o - ok
16:44:09.0328 1572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:44:09.0328 1572 drmkaud - ok
16:44:09.0375 1572 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
16:44:09.0375 1572 dtsoftbus01 - ok
16:44:09.0421 1572 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:44:09.0421 1572 EapHost - ok
16:44:09.0453 1572 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:44:09.0453 1572 ERSvc - ok
16:44:09.0500 1572 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:44:09.0515 1572 Eventlog - ok
16:44:09.0562 1572 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:44:09.0562 1572 EventSystem - ok
16:44:09.0609 1572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:44:09.0609 1572 Fastfat - ok
16:44:09.0656 1572 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:44:09.0671 1572 FastUserSwitchingCompatibility - ok
16:44:09.0687 1572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:44:09.0687 1572 Fdc - ok
16:44:09.0687 1572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:44:09.0703 1572 Fips - ok
16:44:09.0812 1572 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:44:09.0812 1572 FLEXnet Licensing Service - ok
16:44:09.0828 1572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:44:09.0828 1572 Flpydisk - ok
16:44:09.0875 1572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:44:09.0875 1572 FltMgr - ok
16:44:09.0984 1572 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:44:09.0984 1572 FontCache3.0.0.0 - ok
16:44:10.0015 1572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:44:10.0015 1572 Fs_Rec - ok
16:44:10.0062 1572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:44:10.0062 1572 Ftdisk - ok
16:44:10.0093 1572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:44:10.0109 1572 Gpc - ok
16:44:10.0171 1572 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:44:10.0187 1572 helpsvc - ok
16:44:10.0187 1572 HidServ - ok
16:44:10.0234 1572 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:44:10.0234 1572 hidusb - ok
16:44:10.0250 1572 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:44:10.0250 1572 hkmsvc - ok
16:44:10.0265 1572 hpn - ok
16:44:10.0296 1572 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:44:10.0296 1572 HPZid412 - ok
16:44:10.0328 1572 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:44:10.0328 1572 HPZipr12 - ok
16:44:10.0359 1572 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:44:10.0359 1572 HPZius12 - ok
16:44:10.0421 1572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:44:10.0421 1572 HTTP - ok
16:44:10.0468 1572 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:44:10.0468 1572 HTTPFilter - ok
16:44:10.0484 1572 i2omgmt - ok
16:44:10.0484 1572 i2omp - ok
16:44:10.0531 1572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
16:44:10.0531 1572 i8042prt - ok
16:44:10.0593 1572 iastor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:44:10.0609 1572 iastor - ok
16:44:10.0734 1572 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:44:10.0734 1572 idsvc - ok
16:44:10.0781 1572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:44:10.0781 1572 Imapi - ok
16:44:10.0828 1572 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:44:10.0828 1572 ImapiService - ok
16:44:10.0843 1572 ini910u - ok
16:44:10.0859 1572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:44:10.0859 1572 IntelIde - ok
16:44:10.0890 1572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:44:10.0890 1572 intelppm - ok
16:44:10.0906 1572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:44:10.0906 1572 Ip6Fw - ok
16:44:10.0937 1572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:44:10.0937 1572 IpFilterDriver - ok
16:44:10.0953 1572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:44:10.0953 1572 IpInIp - ok
16:44:10.0984 1572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:44:10.0984 1572 IpNat - ok
16:44:11.0031 1572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:44:11.0031 1572 IPSec - ok
16:44:11.0046 1572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:44:11.0046 1572 IRENUM - ok
16:44:11.0062 1572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:44:11.0062 1572 isapnp - ok
16:44:11.0187 1572 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
16:44:11.0187 1572 JavaQuickStarterService - ok
16:44:11.0218 1572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:44:11.0218 1572 Kbdclass - ok
16:44:11.0234 1572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:44:11.0234 1572 kbdhid - ok
16:44:11.0265 1572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:44:11.0265 1572 kmixer - ok
16:44:11.0312 1572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:44:11.0312 1572 KSecDD - ok
16:44:11.0359 1572 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:44:11.0359 1572 lanmanserver - ok
16:44:11.0406 1572 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:44:11.0406 1572 lanmanworkstation - ok
16:44:11.0421 1572 lbrtfdc - ok
16:44:11.0453 1572 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
16:44:11.0453 1572 lirsgt - ok
16:44:11.0500 1572 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:44:11.0500 1572 LmHosts - ok
16:44:11.0531 1572 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
16:44:11.0531 1572 MBAMProtector - ok
16:44:11.0656 1572 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:44:11.0656 1572 MBAMService - ok
16:44:11.0703 1572 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:44:11.0703 1572 Messenger - ok
16:44:11.0734 1572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:44:11.0734 1572 mnmdd - ok
16:44:11.0781 1572 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:44:11.0781 1572 mnmsrvc - ok
16:44:11.0812 1572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:44:11.0812 1572 Modem - ok
16:44:11.0843 1572 motmodem (37e5a8c7f9a3b38f113b71ec7ce34f92) C:\WINDOWS\system32\DRIVERS\motmodem.sys
16:44:11.0843 1572 motmodem - ok
16:44:11.0859 1572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:44:11.0859 1572 Mouclass - ok
16:44:11.0890 1572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:44:11.0890 1572 mouhid - ok
16:44:11.0906 1572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:44:11.0906 1572 MountMgr - ok
16:44:11.0906 1572 mraid35x - ok
16:44:11.0953 1572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:44:11.0953 1572 MRxDAV - ok
16:44:12.0015 1572 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:44:12.0015 1572 MRxSmb - ok
16:44:12.0046 1572 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:44:12.0062 1572 MSDTC - ok
16:44:12.0093 1572 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
16:44:12.0093 1572 MSDV - ok
16:44:12.0109 1572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:44:12.0109 1572 Msfs - ok
16:44:12.0125 1572 MSIServer - ok
16:44:12.0156 1572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:44:12.0156 1572 MSKSSRV - ok
16:44:12.0156 1572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:44:12.0156 1572 MSPCLOCK - ok
16:44:12.0171 1572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:44:12.0171 1572 MSPQM - ok
16:44:12.0203 1572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:44:12.0203 1572 mssmbios - ok
16:44:12.0218 1572 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:44:12.0218 1572 MSTEE - ok
16:44:12.0265 1572 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:44:12.0265 1572 Mup - ok
16:44:12.0312 1572 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:44:12.0312 1572 NABTSFEC - ok
16:44:12.0390 1572 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:44:12.0390 1572 napagent - ok
16:44:12.0453 1572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:44:12.0453 1572 NDIS - ok
16:44:12.0484 1572 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:44:12.0484 1572 NdisIP - ok
16:44:12.0515 1572 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:44:12.0515 1572 NdisTapi - ok
16:44:12.0531 1572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:44:12.0531 1572 Ndisuio - ok
16:44:12.0546 1572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:44:12.0546 1572 NdisWan - ok
16:44:12.0578 1572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:44:12.0578 1572 NDProxy - ok
16:44:12.0625 1572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:44:12.0625 1572 NetBIOS - ok
16:44:12.0671 1572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:44:12.0671 1572 NetBT - ok
16:44:12.0718 1572 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:44:12.0718 1572 NetDDE - ok
16:44:12.0718 1572 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:44:12.0718 1572 NetDDEdsdm - ok
16:44:12.0765 1572 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:44:12.0765 1572 Netlogon - ok
16:44:12.0812 1572 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:44:12.0812 1572 Netman - ok
16:44:12.0906 1572 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:44:12.0906 1572 NetTcpPortSharing - ok
16:44:12.0937 1572 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:44:12.0937 1572 NIC1394 - ok
16:44:12.0968 1572 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:44:12.0984 1572 Nla - ok
16:44:13.0078 1572 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
16:44:13.0078 1572 NMSAccess - ok
16:44:13.0109 1572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:44:13.0109 1572 Npfs - ok
16:44:13.0187 1572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:44:13.0203 1572 Ntfs - ok
16:44:13.0234 1572 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:44:13.0234 1572 NtLmSsp - ok
16:44:13.0312 1572 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:44:13.0312 1572 NtmsSvc - ok
16:44:13.0343 1572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:44:13.0343 1572 Null - ok
16:44:14.0703 1572 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:44:14.0781 1572 nv - ok
16:44:14.0906 1572 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
16:44:14.0906 1572 NVSvc - ok
16:44:15.0187 1572 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:44:15.0187 1572 nvUpdatusService - ok
16:44:15.0312 1572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:44:15.0312 1572 NwlnkFlt - ok
16:44:15.0343 1572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:44:15.0343 1572 NwlnkFwd - ok
16:44:15.0390 1572 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:44:15.0390 1572 ohci1394 - ok
16:44:15.0468 1572 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:44:15.0468 1572 ose - ok
16:44:15.0515 1572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:44:15.0515 1572 Parport - ok
16:44:15.0562 1572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:44:15.0562 1572 PartMgr - ok
16:44:15.0593 1572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:44:15.0593 1572 ParVdm - ok
16:44:15.0609 1572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:44:15.0609 1572 PCI - ok
16:44:15.0609 1572 PCIDump - ok
16:44:15.0640 1572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:44:15.0640 1572 PCIIde - ok
16:44:15.0687 1572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:44:15.0687 1572 Pcmcia - ok
16:44:15.0687 1572 PDCOMP - ok
16:44:15.0703 1572 PDFRAME - ok
16:44:15.0703 1572 PDRELI - ok
16:44:15.0703 1572 PDRFRAME - ok
16:44:15.0718 1572 perc2 - ok
16:44:15.0718 1572 perc2hib - ok
16:44:15.0828 1572 PinnacleUpdateSvc (0015113a604b94769ab5159e8dcfc6e6) C:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
16:44:15.0828 1572 PinnacleUpdateSvc - ok
16:44:15.0875 1572 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:44:15.0875 1572 PlugPlay - ok
16:44:15.0921 1572 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
16:44:15.0921 1572 Pml Driver HPZ12 - ok
16:44:15.0953 1572 PnkBstrA (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
16:44:15.0968 1572 PnkBstrA - ok
16:44:16.0015 1572 PnkBstrB (e24106a5eaecddff00b25497049dd65f) C:\WINDOWS\system32\PnkBstrB.exe
16:44:16.0015 1572 PnkBstrB - ok
16:44:16.0062 1572 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:44:16.0062 1572 PolicyAgent - ok
16:44:16.0093 1572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:44:16.0093 1572 PptpMiniport - ok
16:44:16.0109 1572 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:44:16.0109 1572 ProtectedStorage - ok
16:44:16.0125 1572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:44:16.0125 1572 PSched - ok
16:44:16.0156 1572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:44:16.0156 1572 Ptilink - ok
16:44:16.0171 1572 ql1080 - ok
16:44:16.0171 1572 Ql10wnt - ok
16:44:16.0187 1572 ql12160 - ok
16:44:16.0187 1572 ql1240 - ok
16:44:16.0203 1572 ql1280 - ok
16:44:16.0203 1572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:44:16.0203 1572 RasAcd - ok
16:44:16.0250 1572 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:44:16.0250 1572 RasAuto - ok
16:44:16.0265 1572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:44:16.0265 1572 Rasl2tp - ok
16:44:16.0312 1572 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:44:16.0312 1572 RasMan - ok
16:44:16.0343 1572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:44:16.0359 1572 RasPppoe - ok
16:44:16.0359 1572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:44:16.0359 1572 Raspti - ok
16:44:16.0406 1572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:44:16.0406 1572 Rdbss - ok
16:44:16.0421 1572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:44:16.0421 1572 RDPCDD - ok
16:44:16.0484 1572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:44:16.0484 1572 rdpdr - ok
16:44:16.0531 1572 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
16:44:16.0531 1572 RDPWD - ok
16:44:16.0578 1572 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:44:16.0578 1572 RDSessMgr - ok
16:44:16.0609 1572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:44:16.0609 1572 redbook - ok
16:44:16.0640 1572 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:44:16.0640 1572 RemoteAccess - ok
16:44:16.0687 1572 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:44:16.0687 1572 RemoteRegistry - ok
16:44:16.0703 1572 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
16:44:16.0703 1572 Revoflt - ok
16:44:16.0734 1572 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:44:16.0734 1572 RpcLocator - ok
16:44:16.0796 1572 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:44:16.0812 1572 RpcSs - ok
16:44:16.0843 1572 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:44:16.0859 1572 RSVP - ok
16:44:16.0890 1572 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:44:16.0890 1572 SamSs - ok
16:44:16.0921 1572 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:44:16.0921 1572 SCardSvr - ok
16:44:16.0953 1572 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:44:16.0953 1572 Schedule - ok
16:44:17.0000 1572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:44:17.0000 1572 Secdrv - ok
16:44:17.0046 1572 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:44:17.0046 1572 seclogon - ok
16:44:17.0125 1572 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
16:44:17.0125 1572 senfilt - ok
16:44:17.0171 1572 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:44:17.0171 1572 SENS - ok
16:44:17.0203 1572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:44:17.0203 1572 serenum - ok
16:44:17.0218 1572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:44:17.0218 1572 Serial - ok
16:44:17.0250 1572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:44:17.0250 1572 Sfloppy - ok
16:44:17.0296 1572 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:44:17.0296 1572 SharedAccess - ok
16:44:17.0359 1572 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:44:17.0359 1572 ShellHWDetection - ok
16:44:17.0359 1572 Simbad - ok
16:44:17.0406 1572 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:44:17.0406 1572 SLIP - ok
16:44:17.0468 1572 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
16:44:17.0468 1572 smwdm - ok
16:44:17.0484 1572 Sparrow - ok
16:44:17.0515 1572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:44:17.0515 1572 splitter - ok
16:44:17.0562 1572 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:44:17.0562 1572 Spooler - ok
16:44:17.0593 1572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:44:17.0593 1572 sr - ok
16:44:17.0640 1572 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:44:17.0656 1572 srservice - ok
16:44:17.0734 1572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:44:17.0734 1572 Srv - ok
16:44:17.0765 1572 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:44:17.0781 1572 SSDPSRV - ok
16:44:17.0812 1572 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
16:44:17.0812 1572 StarOpen - ok
16:44:17.0875 1572 Steam Client Service - ok
16:44:17.0921 1572 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:44:17.0921 1572 stisvc - ok
16:44:17.0953 1572 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:44:17.0953 1572 streamip - ok
16:44:17.0984 1572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:44:17.0984 1572 swenum - ok
16:44:18.0000 1572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:44:18.0000 1572 swmidi - ok
16:44:18.0015 1572 SwPrv - ok
16:44:18.0015 1572 symc810 - ok
16:44:18.0031 1572 symc8xx - ok
16:44:18.0031 1572 sym_hi - ok
16:44:18.0031 1572 sym_u3 - ok
16:44:18.0078 1572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:44:18.0078 1572 sysaudio - ok
16:44:18.0109 1572 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:44:18.0125 1572 SysmonLog - ok
16:44:18.0156 1572 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:44:18.0156 1572 TapiSrv - ok
16:44:18.0218 1572 Tcpip (2f8c2b6e052a4c6ec5575ea10f8e5191) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:44:18.0234 1572 Tcpip - ok
16:44:18.0265 1572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:44:18.0265 1572 TDPIPE - ok
16:44:18.0281 1572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:44:18.0281 1572 TDTCP - ok
16:44:18.0296 1572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:44:18.0296 1572 TermDD - ok
16:44:18.0359 1572 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:44:18.0359 1572 TermService - ok
16:44:18.0406 1572 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:44:18.0421 1572 Themes - ok
16:44:18.0453 1572 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:44:18.0453 1572 TlntSvr - ok
16:44:18.0453 1572 TosIde - ok
16:44:18.0484 1572 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:44:18.0500 1572 TrkWks - ok
16:44:18.0531 1572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:44:18.0531 1572 Udfs - ok
16:44:18.0531 1572 ultra - ok
16:44:18.0593 1572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:44:18.0593 1572 Update - ok
16:44:18.0656 1572 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:44:18.0656 1572 upnphost - ok
16:44:18.0687 1572 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:44:18.0687 1572 UPS - ok
16:44:18.0718 1572 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:44:18.0718 1572 usbaudio - ok
16:44:18.0734 1572 USBCamera - ok
16:44:18.0750 1572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:44:18.0750 1572 usbccgp - ok
16:44:18.0796 1572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:44:18.0796 1572 usbehci - ok
16:44:18.0828 1572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:44:18.0828 1572 usbhub - ok
16:44:18.0875 1572 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:44:18.0875 1572 usbprint - ok
16:44:18.0921 1572 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:44:18.0921 1572 usbscan - ok
16:44:18.0953 1572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:44:18.0953 1572 USBSTOR - ok
16:44:18.0968 1572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:44:18.0968 1572 usbuhci - ok
16:44:18.0984 1572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:44:18.0984 1572 VgaSave - ok
16:44:19.0000 1572 ViaIde - ok
16:44:19.0015 1572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:44:19.0015 1572 VolSnap - ok
16:44:19.0062 1572 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:44:19.0062 1572 VSS - ok
16:44:19.0093 1572 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:44:19.0109 1572 W32Time - ok
16:44:19.0125 1572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:44:19.0125 1572 Wanarp - ok
16:44:19.0187 1572 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:44:19.0203 1572 Wdf01000 - ok
16:44:19.0203 1572 WDICA - ok
16:44:19.0250 1572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:44:19.0250 1572 wdmaud - ok
16:44:19.0281 1572 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:44:19.0281 1572 WebClient - ok
16:44:19.0375 1572 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:44:19.0375 1572 winmgmt - ok
16:44:19.0578 1572 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:44:19.0593 1572 wlidsvc - ok
16:44:19.0703 1572 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:44:19.0718 1572 WmdmPmSN - ok
16:44:19.0812 1572 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:44:19.0812 1572 Wmi - ok
16:44:19.0890 1572 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:44:19.0890 1572 WmiApSrv - ok
16:44:20.0093 1572 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:44:20.0109 1572 WMPNetworkSvc - ok
16:44:20.0312 1572 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:44:20.0312 1572 WPFFontCache_v0400 - ok
16:44:20.0421 1572 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:44:20.0421 1572 WS2IFSL - ok
16:44:20.0484 1572 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:44:20.0484 1572 wscsvc - ok
16:44:20.0515 1572 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:44:20.0515 1572 WSTCODEC - ok
16:44:20.0562 1572 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:44:20.0562 1572 wuauserv - ok
16:44:20.0609 1572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:44:20.0625 1572 WudfPf - ok
16:44:20.0656 1572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:44:20.0656 1572 WudfRd - ok
16:44:20.0687 1572 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:44:20.0687 1572 WudfSvc - ok
16:44:20.0781 1572 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:44:20.0781 1572 WZCSVC - ok
16:44:20.0843 1572 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:44:20.0843 1572 xmlprov - ok
16:44:20.0875 1572 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
16:44:20.0875 1572 ZDPSp50 - ok
16:44:20.0921 1572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:44:21.0437 1572 \Device\Harddisk0\DR0 - ok
16:44:21.0453 1572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:44:21.0453 1572 \Device\Harddisk1\DR1 - ok
16:44:21.0468 1572 Boot (0x1200) (de1a8bd230f0277ef0ed9e33eb4700c0) \Device\Harddisk0\DR0\Partition0
16:44:21.0468 1572 \Device\Harddisk0\DR0\Partition0 - ok
16:44:21.0484 1572 Boot (0x1200) (6f8ced23260ec0af43c81bdd002f0065) \Device\Harddisk1\DR1\Partition0
16:44:21.0484 1572 \Device\Harddisk1\DR1\Partition0 - ok
16:44:21.0484 1572 ============================================================
16:44:21.0484 1572 Scan finished
16:44:21.0484 1572 ============================================================
16:44:21.0500 3848 Detected object count: 0
16:44:21.0500 3848 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 16:46:03
-----------------------------
16:46:03.171 OS Version: Windows 5.1.2600 Service Pack 3
16:46:03.171 Number of processors: 1 586 0x304
16:46:03.171 ComputerName: JIMMY-DE0C57A72 UserName: vagprotector
16:46:03.625 Initialize success
16:48:38.343 AVAST engine defs: 12070301
16:49:00.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:49:00.781 Disk 0 Vendor: ST340014 8.05 Size: 38146MB BusType: 3
16:49:00.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
16:49:00.796 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:49:00.812 Disk 0 MBR read successfully
16:49:00.812 Disk 0 MBR scan
16:49:00.843 Disk 0 Windows XP default MBR code
16:49:00.843 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
16:49:00.859 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38099 MB offset 80325
16:49:00.859 Disk 0 scanning sectors +78108030
16:49:00.937 Disk 0 scanning C:\WINDOWS\system32\drivers
16:49:11.171 Service scanning
16:49:30.781 Modules scanning
16:49:39.843 Disk 0 trace - called modules:
16:49:39.859 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:49:39.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abbcab8]
16:49:39.859 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8ab34030]
16:49:40.140 AVAST engine scan C:\WINDOWS
16:49:45.015 AVAST engine scan C:\WINDOWS\system32
16:52:59.078 AVAST engine scan C:\WINDOWS\system32\drivers
16:53:13.968 AVAST engine scan C:\Documents and Settings\vagprotector
16:53:46.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\vagprotector\Desktop\MBR.dat"
16:53:46.515 The log file has been saved successfully to "C:\Documents and Settings\vagprotector\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 16:46:03
-----------------------------
16:46:03.171 OS Version: Windows 5.1.2600 Service Pack 3
16:46:03.171 Number of processors: 1 586 0x304
16:46:03.171 ComputerName: JIMMY-DE0C57A72 UserName: vagprotector
16:46:03.625 Initialize success
16:48:38.343 AVAST engine defs: 12070301
16:49:00.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:49:00.781 Disk 0 Vendor: ST340014 8.05 Size: 38146MB BusType: 3
16:49:00.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
16:49:00.796 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:49:00.812 Disk 0 MBR read successfully
16:49:00.812 Disk 0 MBR scan
16:49:00.843 Disk 0 Windows XP default MBR code
16:49:00.843 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
16:49:00.859 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38099 MB offset 80325
16:49:00.859 Disk 0 scanning sectors +78108030
16:49:00.937 Disk 0 scanning C:\WINDOWS\system32\drivers
16:49:11.171 Service scanning
16:49:30.781 Modules scanning
16:49:39.843 Disk 0 trace - called modules:
16:49:39.859 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:49:39.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abbcab8]
16:49:39.859 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8ab34030]
16:49:40.140 AVAST engine scan C:\WINDOWS
16:49:45.015 AVAST engine scan C:\WINDOWS\system32
16:52:59.078 AVAST engine scan C:\WINDOWS\system32\drivers
16:53:13.968 AVAST engine scan C:\Documents and Settings\vagprotector
17:06:16.046 AVAST engine scan C:\Documents and Settings\All Users
17:06:39.937 Scan finished successfully

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 03 July 2012 - 10:20 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bouncepass

bouncepass
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 04 July 2012 - 07:41 AM

just ran that script. still having the same issue

ComboFix 12-07-04.01 - vagprotector 07/04/2012 8:34.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2323 [GMT -4:00]
Running from: c:\documents and settings\vagprotector\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\vagprotector\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-06-29 21:02 . 2012-06-29 21:02 -------- d-----w- c:\documents and settings\vagprotector\Local Settings\Application Data\PCHealth
2012-06-27 22:13 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-27 22:10 . 2012-06-02 19:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-27 21:38 . 2012-06-27 21:38 -------- d-----w- c:\documents and settings\vagprotector\Local Settings\Application Data\VS Revo Group
2012-06-27 21:38 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-27 21:38 . 2012-06-27 21:38 -------- d-----w- c:\program files\VS Revo Group
2012-06-22 01:36 . 2012-06-22 01:36 388096 ----a-r- c:\documents and settings\vagprotector\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-22 01:36 . 2012-06-22 01:36 -------- d-----w- c:\program files\Trend Micro
2012-06-15 20:23 . 2012-06-15 20:23 -------- d-----w- c:\documents and settings\vagprotector\Application Data\Fatshark
2012-06-15 20:10 . 2012-06-15 20:10 -------- d-----w- c:\documents and settings\vagprotector\Application Data\Milestone
2012-06-09 19:38 . 2012-06-15 20:28 -------- d-----w- c:\program files\WMV Cutter
2012-06-09 19:34 . 2012-06-09 19:34 -------- d-----w- c:\program files\Easy Video Splitter
2012-06-09 02:34 . 2012-06-09 02:34 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-09 02:34 . 2012-06-09 02:34 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 21:03 . 2011-11-17 21:56 119296 ----a-w- c:\windows\system32\zlib.dll
2012-06-15 02:03 . 2012-04-01 07:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 02:03 . 2011-05-16 18:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 21:35 . 2011-01-11 00:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 21:35 . 2009-08-06 23:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19 . 2011-01-11 13:10 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-01-11 13:10 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-01-11 00:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-01-11 00:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2011-01-11 13:10 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2011-01-11 00:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2011-01-11 00:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-12 13:17 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2011-01-11 13:10 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-01-11 00:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-01-11 00:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-12 13:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-12 13:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-12 13:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-12 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 18:37 . 2011-01-13 08:58 2106216 ----a-w- c:\windows\system32\d3dcompiler_43.dll
2012-05-09 18:26 . 2012-05-09 18:26 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-05-04 13:12 . 2004-08-12 13:25 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-01-11 00:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 22:45 . 2011-05-15 23:25 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-19 03:00 58668 --sha-w- c:\windows\pdesrv2.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2F8C2B6E052A4C6EC5575EA10F8E5191 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-12 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Icatch(VI) SnapDetect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Icatch(VI) SnapDetect.lnk
backup=c:\windows\pss\Icatch(VI) SnapDetect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-01-30 05:10 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-02-12 03:19 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\redIRC\\mirc.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"e:\\Program Files\\EA Games\\Dead Space 2\\deadspace2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"e:\\Program Files\\2K Sports\\Major League Baseball 2K12\\mlb2k12.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"e:\\Program Files\\Who Wants To Be A Millionaire Special Editions\\Binaries\\Win32\\ShippingPC-WWTBAMGame.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/9/2012 6:33 PM 239168]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/8/2005 7:46 PM 61440]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/13/2011 4:29 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/13/2011 4:29 AM 22344]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2/22/2012 12:36 AM 2348352]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/27/2012 5:38 PM 27064]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 83173163
*NewlyCreated* - ASWMBR
*Deregistered* - 83173163
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1788223648-725345543-1003Core.job
- c:\documents and settings\vagprotector\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-05 22:21]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1788223648-725345543-1003UA.job
- c:\documents and settings\vagprotector\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-05 22:21]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
TCP: Interfaces\{3BCA52DE-FED7-4D06-94E3-41594710B0BC}: NameServer = 192.168.0.1
TCP: Interfaces\{A2183A37-7625-4EE3-80DD-B9C6ECD5D948}: NameServer = 192.168.0.1
TCP: Interfaces\{D3388FB7-F2E7-4B21-AF12-85FD37379872}: NameServer = 192.168.0.1
TCP: Interfaces\{EA9C357F-4A5B-4DDD-BCE1-360FCE647674}: NameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\vagprotector\Application Data\Mozilla\Firefox\Profiles\pdyjg4z6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 190.199.8.82
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-04 08:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1268)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-04 08:40:53
ComboFix-quarantined-files.txt 2012-07-04 12:40
ComboFix2.txt 2012-07-03 19:08
ComboFix3.txt 2012-06-22 01:54
ComboFix4.txt 2012-06-01 04:09
ComboFix5.txt 2012-07-04 12:32
.
Pre-Run: 4,747,411,456 bytes free
Post-Run: 4,851,073,024 bytes free
.
- - End Of File - - 6B021034F862DA318C66DF19C67FB775

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 04 July 2012 - 01:22 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bouncepass

bouncepass
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 04 July 2012 - 02:44 PM

heres otl log

OTL logfile created on: 7/4/2012 3:46:15 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\vagprotector\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 76.94% Memory free
8.84 Gb Paging File | 8.41 Gb Available in Paging File | 95.09% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 3.87 Gb Free Space | 10.41% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 81.96 Gb Free Space | 17.60% Space Free | Partition Type: NTFS

Computer Name: JIMMY-DE0C57A72 | User Name: vagprotector | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\vagprotector\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\hpiscn.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqeaio.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (PinnacleUpdateSvc) -- C:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe (PowerUp Software, LLC)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBCamera) Icatch(IV) -- System32\Drivers\Bulk533.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\VAGPRO~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (CA561) ICatch (VI) -- System32\Drivers\SPCA561.SYS File not found
DRV - (Ca533av) Icatch(IV) -- System32\Drivers\Ca533av.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\VAGPRO~1\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (aeaudio) -- system32\drivers\aeaudio.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\Aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-776561741-1788223648-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-776561741-1788223648-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-776561741-1788223648-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-776561741-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..network.proxy.http: "190.199.8.82"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 18:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/14 20:30:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{75B3D99E-9DC9-11E1-826F-B8AC6F996F26}: C:\Documents and Settings\vagprotector\Local Settings\Application Data\{75B3D99E-9DC9-11E1-826F-B8AC6F996F26}\ [2012/05/14 09:33:30 | 000,000,000 | ---D | M]

[2011/01/11 01:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vagprotector\Application Data\Mozilla\Extensions
[2012/06/28 17:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vagprotector\Application Data\Mozilla\Firefox\Profiles\pdyjg4z6.default\extensions
[2011/01/11 11:27:03 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\vagprotector\Application Data\Mozilla\Firefox\Profiles\pdyjg4z6.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2012/01/10 18:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/14 09:33:30 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\VAGPROTECTOR\LOCAL SETTINGS\APPLICATION DATA\{75B3D99E-9DC9-11E1-826F-B8AC6F996F26}
[2012/06/16 18:45:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/19 00:38:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/15 19:25:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 12:08:34 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 6.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 6.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/01 00:07:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-776561741-1788223648-725345543-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1788223648-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340835013421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340835005781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BCA52DE-FED7-4D06-94E3-41594710B0BC}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2183A37-7625-4EE3-80DD-B9C6ECD5D948}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3388FB7-F2E7-4B21-AF12-85FD37379872}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA6BE12C-53F8-4E68-9EE7-DEF3F607E5F5}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA9C357F-4A5B-4DDD-BCE1-360FCE647674}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\vagprotector\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vagprotector\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/10 20:29:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 90 Days ==========

[2012/07/04 08:52:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/03 16:43:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\vagprotector\Desktop\aswMBR.exe
[2012/07/03 16:42:34 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\vagprotector\Desktop\tdsskiller.exe
[2012/07/03 14:57:57 | 004,570,624 | R--- | C] (Swearware) -- C:\Documents and Settings\vagprotector\Desktop\ComboFix.exe
[2012/07/03 13:48:41 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\vagprotector\Desktop\dds.com
[2012/07/03 13:48:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\vagprotector\Desktop\dds.scr
[2012/07/01 01:57:43 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vagprotector\Desktop\OTL.exe
[2012/06/30 14:06:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vagprotector\Recent
[2012/06/29 17:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Local Settings\Application Data\PCHealth
[2012/06/28 17:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Orbit
[2012/06/27 18:13:32 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/27 18:10:24 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/27 17:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Local Settings\Application Data\VS Revo Group
[2012/06/27 17:38:40 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/06/27 17:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/06/27 17:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/06/21 21:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/21 21:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Start Menu\Programs\HiJackThis
[2012/06/15 16:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Application Data\Fatshark
[2012/06/15 16:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Application Data\Milestone
[2012/06/15 16:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Milestone
[2012/06/13 17:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Start Menu\Programs\The KMPlayer
[2012/06/09 15:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\WMV Cutter
[2012/06/09 15:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Video Splitter
[2012/06/09 15:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy Video Splitter
[2012/05/28 19:42:31 | 000,000,000 | ---D | C] -- C:\VirtualDub-1.9.11
[2012/05/28 19:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\My Documents\.zs4
[2012/05/25 00:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Local Settings\Application Data\.inapptracking
[2012/05/15 22:40:05 | 000,000,000 | ---D | C] -- C:\jtrb
[2012/05/14 09:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Local Settings\Application Data\{75B40CA2-9DC9-11E1-826F-B8AC6F996F26}
[2012/05/14 09:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Local Settings\Application Data\{75B3D99E-9DC9-11E1-826F-B8AC6F996F26}
[2012/05/09 14:26:44 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d11.dll
[2012/05/05 18:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Start Menu\Programs\Google Chrome
[2012/05/05 18:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vagprotector\Local Settings\Application Data\Google
[2012/04/26 00:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/20 18:34:00 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSH263.DRV
[2012/04/20 18:33:33 | 000,131,072 | ---- | C] (Sunplus) -- C:\WINDOWS\System\SP5X_32.DLL
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/07/04 15:26:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1788223648-725345543-1003UA.job
[2012/07/04 09:01:30 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\vagprotector\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/04 08:32:08 | 004,570,624 | R--- | M] (Swearware) -- C:\Documents and Settings\vagprotector\Desktop\ComboFix.exe
[2012/07/03 18:26:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1788223648-725345543-1003Core.job
[2012/07/03 17:12:26 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\MBR.dat
[2012/07/03 16:43:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\vagprotector\Desktop\aswMBR.exe
[2012/07/03 16:42:37 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\vagprotector\Desktop\tdsskiller.exe
[2012/07/03 15:43:32 | 000,008,589 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\Inside.MMA.2012.07.02.HDTV.x264-KYR(1).torrent
[2012/07/03 15:42:11 | 000,008,589 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\Inside.MMA.2012.07.02.HDTV.x264-KYR.torrent
[2012/07/03 13:49:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\vagprotector\defogger_reenable
[2012/07/03 13:48:41 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\vagprotector\Desktop\dds.com
[2012/07/03 13:48:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\vagprotector\Desktop\dds.scr
[2012/07/03 13:48:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\Defogger.exe
[2012/07/03 08:58:56 | 048,621,051 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\Howard 100 News Week In Review - CF128K - 06-29-12 [WDM].mp3
[2012/07/01 01:57:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vagprotector\Desktop\OTL.exe
[2012/06/30 22:18:05 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\SecurityCheck.exe
[2012/06/30 19:14:00 | 000,640,527 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\bleep-with-bikes.jpg
[2012/06/29 17:03:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/29 17:03:36 | 000,119,296 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2012/06/29 17:03:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/27 18:58:56 | 001,437,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/27 18:49:47 | 000,501,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/27 18:49:47 | 000,087,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/24 19:00:56 | 035,901,068 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\drax.wav
[2012/06/22 13:38:48 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\vagprotector\Application Data\Microsoft\Internet Explorer\Quick Launch\FrontPage 2003.lnk
[2012/06/21 22:00:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\vagprotector\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/06/15 16:06:39 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play SBK™ Generations.lnk
[2012/06/14 22:03:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/14 22:03:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/12 15:51:38 | 006,956,360 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\Living Colour - Cult of Personality.mp3
[2012/06/10 11:16:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/06/07 12:13:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/04 17:35:32 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 01:59:19 | 026,818,388 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\no2t.wav
[2012/06/01 00:07:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/31 16:54:29 | 026,815,632 | ---- | M] () -- C:\Documents and Settings\vagprotector\Desktop\notdead.wav
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/29 21:42:17 | 161,014,745 | ---- | M] () -- C:\Documents and Settings\vagprotector\My Documents\Hollywood_Amateurs_28_Scene_2.wmv
[2012/05/21 22:16:31 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/05/16 11:08:26 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012/05/15 09:20:33 | 001,863,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/05/15 09:20:33 | 001,863,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/05/11 20:12:34 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/05/11 10:42:33 | 006,007,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012/05/11 10:42:33 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/05/11 10:42:33 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2012/05/11 10:42:33 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012/05/11 10:42:33 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012/05/11 10:42:33 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/05/11 10:42:33 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/05/11 10:42:33 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2012/05/11 10:42:33 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2012/05/11 10:42:33 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/05/11 10:42:33 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2012/05/11 10:42:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012/05/11 10:42:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012/05/11 10:42:33 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012/05/11 10:42:33 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012/05/11 10:42:33 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2012/05/11 10:42:33 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012/05/11 10:42:33 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/05/11 10:42:33 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2012/05/11 10:42:33 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2012/05/11 10:42:33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012/05/11 10:42:33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2012/05/11 10:42:32 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/05/11 10:42:32 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2012/05/11 10:42:32 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012/05/11 07:38:02 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2012/05/09 14:37:37 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcompiler_43.dll
[2012/05/09 14:26:45 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d11.dll
[2012/05/04 09:16:13 | 002,148,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/05/04 09:12:30 | 002,192,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2012/05/04 09:12:30 | 002,192,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/05/04 08:32:19 | 002,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2012/05/04 08:32:19 | 002,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012/05/04 08:32:19 | 002,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/05/02 15:56:21 | 000,025,560 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/02 09:46:36 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/04/26 21:01:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/03 16:53:46 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\MBR.dat
[2012/07/03 15:43:32 | 000,008,589 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\Inside.MMA.2012.07.02.HDTV.x264-KYR(1).torrent
[2012/07/03 15:42:11 | 000,008,589 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\Inside.MMA.2012.07.02.HDTV.x264-KYR.torrent
[2012/07/03 13:49:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vagprotector\defogger_reenable
[2012/07/03 13:48:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\Defogger.exe
[2012/07/03 08:57:51 | 048,621,051 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\Howard 100 News Week In Review - CF128K - 06-29-12 [WDM].mp3
[2012/06/30 22:18:05 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\SecurityCheck.exe
[2012/06/30 19:13:59 | 000,640,527 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\bleep-with-bikes.jpg
[2012/06/24 19:00:30 | 035,901,068 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\drax.wav
[2012/06/21 22:00:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\vagprotector\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/06/15 16:06:39 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play SBK™ Generations.lnk
[2012/06/14 17:36:58 | 006,956,360 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\Living Colour - Cult of Personality.mp3
[2012/06/02 01:59:01 | 026,818,388 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\no2t.wav
[2012/05/31 16:55:20 | 026,815,632 | ---- | C] () -- C:\Documents and Settings\vagprotector\Desktop\notdead.wav
[2012/05/29 21:37:00 | 161,014,745 | ---- | C] () -- C:\Documents and Settings\vagprotector\My Documents\Hollywood_Amateurs_28_Scene_2.wmv
[2012/05/05 18:21:36 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1788223648-725345543-1003UA.job
[2012/05/05 18:21:36 | 000,000,954 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1788223648-725345543-1003Core.job
[2012/04/26 21:01:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/10 18:46:00 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/02/28 04:39:37 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/02/28 04:39:36 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\vagprotector\Application Data\PnkBstrK.sys
[2012/02/28 04:39:22 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/02/28 04:39:21 | 002,337,865 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2012/02/28 04:39:21 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/02/23 04:03:02 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2012/02/23 04:03:02 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2012/02/17 00:27:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/07 18:33:36 | 000,000,199 | ---- | C] () -- C:\WINDOWS\swacnfg.ini
[2011/11/19 00:45:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/19 00:45:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/19 00:45:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/19 00:45:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/19 00:45:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/18 23:20:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/18 23:00:08 | 000,058,668 | -HS- | C] () -- C:\WINDOWS\pdesrv2.exe
[2011/11/17 17:56:23 | 000,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2011/11/17 17:56:23 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2011/11/17 17:56:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll
[2011/10/20 23:37:23 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/09/09 14:51:22 | 000,025,560 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/30 23:36:35 | 000,152,064 | ---- | C] () -- C:\WINDOWS\snap.dat
[2011/04/22 00:13:20 | 000,068,294 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/04/22 00:13:20 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/03/19 15:22:04 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/02/08 21:20:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/20 22:58:01 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/01/11 01:59:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/11 00:59:45 | 000,109,056 | ---- | C] () -- C:\Documents and Settings\vagprotector\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/11 00:50:50 | 000,294,152 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/11 00:50:49 | 000,294,152 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/11 00:50:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/11 00:49:27 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/10 20:32:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/10 20:26:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/10 14:23:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/10 14:22:03 | 001,437,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 04 July 2012 - 03:28 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    @Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation
    @Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 bouncepass

bouncepass
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 04 July 2012 - 04:31 PM

thnx, still having same redirect issue tho

========== OTL ==========
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
ADS C:\WINDOWS\System32\zlib.dll:SummaryInformation deleted successfully.
ADS C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\vagprotector\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\vagprotector\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: UpdatusUser

User: vagprotector
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 04 July 2012 - 07:28 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 bouncepass

bouncepass
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 04 July 2012 - 08:53 PM

ok, here u go.

just wanna thank u again for helping me, ive never had an infection this bad ever. especially one combofix or malwarebytes couldnt fix.



Windows IP Configuration



Host Name . . . . . . . . . . . . : jimmy-de0c57a72

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-11-11-63-FD-B4

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.109

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.228.2, 74.125.228.8, 74.125.228.5, 74.125.228.9
74.125.228.14, 74.125.228.1, 74.125.228.3, 74.125.228.4, 74.125.228.6
74.125.228.0, 74.125.228.7

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging google.com [74.125.226.197] with 32 bytes of data:



Reply from 74.125.226.197: bytes=32 time=14ms TTL=55

Reply from 74.125.226.197: bytes=32 time=15ms TTL=55



Ping statistics for 74.125.226.197:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 15ms, Average = 14ms



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=38ms TTL=50

Reply from 98.139.183.24: bytes=32 time=27ms TTL=52



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 38ms, Average = 32ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 63 fd b4 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.109 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.109 192.168.0.109 30
192.168.0.0 255.255.255.0 192.168.0.109 192.168.0.109 20
192.168.0.109 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.109 192.168.0.109 20
224.0.0.0 240.0.0.0 192.168.0.109 192.168.0.109 20
255.255.255.255 255.255.255.255 192.168.0.109 192.168.0.109 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users