Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with RootKit and Google redirect


  • This topic is locked This topic is locked
18 replies to this topic

#1 designz4u63

designz4u63

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 16 August 2012 - 08:12 PM

A while ago (and by this I mean 2 weeks) I have the computer infect it with Live Security Platinum virus.Clean that one using the instructions from this forum, unfortunately after two weeks the PC has a new virus/RootKit.
The computer is a Desktop PC, running Windows XP.
I had the firewall on, however the virus turn it off, and I was not able to access it again and turn it on.


I followed the instruction from preparation guide and here are the results of the scans:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by HP Media Center at 9:24:04 on 2012-08-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2475 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hpmedi~1\startm~1\programs\startup\autoru~1\regist~1.lnk - c:\program files\ubisoft\il-2 sturmovik 1946\RegistrationReminder.exe
StartupFolder: c:\docume~1\hpmedi~1\startm~1\programs\startup\autoru~1\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
TCP: DhcpNameServer = 64.233.217.5 64.233.217.2
TCP: Interfaces\{6F0B611F-07ED-408A-BADA-3F78DBB6D057} : DhcpNameServer = 64.233.217.5 64.233.217.2
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-15 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-15 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-24 136176]
S2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\office depot pc support agent\esService.exe [2012-7-22 990144]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-24 136176]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2012-7-23 10112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-15 21:55:38 -------- d-----w- c:\program files\ESET
2012-08-15 21:44:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 21:44:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-14 15:00:25 -------- d-----w- c:\program files\common files\xing shared
2012-08-07 15:41:41 -------- d-----w- c:\documents and settings\hp media center\application data\QuickScan
2012-08-07 15:38:58 -------- d-----w- C:\McAfeePromo
2012-08-07 15:20:47 -------- d-----w- c:\documents and settings\hp media center\application data\OpswatLogs
2012-08-07 11:59:56 -------- d-----w- c:\program files\Office Depot PC Support Agent
2012-08-07 11:38:09 -------- d-----w- c:\program files\common files\supportsoft
2012-08-07 11:36:56 -------- d-----w- C:\temp
2012-08-07 11:36:32 -------- d-----w- c:\documents and settings\hp media center\application data\supportdotcom
2012-08-07 11:36:23 -------- d-----w- c:\program files\supportdotcom
2012-08-07 11:36:23 -------- d-----w- c:\program files\common files\supportdotcom
2012-08-07 11:35:33 1451 ----a-w- c:\documents and settings\hp media center\application data\msuexy.dll
2012-08-05 13:24:34 -------- d-----w- c:\documents and settings\hp media center\local settings\application data\PCHealth
2012-08-04 23:16:42 -------- d-----w- c:\windows\system32\LogFiles
2012-08-04 11:50:36 -------- d-----w- c:\program files\DDS Converter 2
2012-08-02 22:21:03 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
2012-08-02 16:57:58 -------- d-----w- c:\windows\system32\appmgmt
2012-08-02 14:01:51 -------- d--h--w- c:\windows\PIF
2012-08-02 02:59:12 54016 ----a-w- c:\windows\system32\drivers\htvr.sys
2012-07-31 22:40:10 -------- d-----w- c:\windows\pss
2012-07-31 18:06:00 -------- d-----w- c:\documents and settings\all users\application data\036E1912EB204A9179494EB27B07D287
2012-07-31 18:05:14 56320 ---ha-w- c:\windows\system32\cisvad32.dll
2012-07-24 13:34:31 -------- d-----w- c:\program files\LeapFrog
2012-07-24 13:34:31 -------- d-----w- c:\documents and settings\all users\application data\Leapfrog
2012-07-23 06:21:20 28032 ----a-w- c:\windows\system32\ssmirrdr.dll
2012-07-23 06:21:20 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys
2012-07-18 17:21:43 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll
2012-07-18 17:19:16 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2012-07-18 17:19:16 265728 -c----w- c:\windows\system32\dllcache\http.sys
2012-07-18 17:19:16 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2012-07-18 17:19:02 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-17 17:49:37 -------- d-----w- c:\program files\orbiter100830
.
==================== Find3M ====================
.
2012-08-14 14:59:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-14 14:59:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-26 15:57:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 15:57:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:16:03 3059824 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2012-07-05 20:16:02 316816 ----a-w- c:\windows\system32\appdrvrem01.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 9:30:03.34 ===============

Attached File  attach.txt   9.36KB   1 downloads

Attached File  ark.txt   33.09KB   3 downloads


Thank you for your help.

PS:My PC is getting infect it with a one of the Live Security Platinum type pf program all the time, and I cannot find out why it happens...my only guess is that one of the program I am using has a vulnerability but that is just a guess.

Attached Files

  • Attached File  dds.txt   10.09KB   0 downloads

Edited by designz4u63, 16 August 2012 - 08:16 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 AM

Posted 21 August 2012 - 08:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465504 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 22 August 2012 - 12:54 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 designz4u63

designz4u63
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 22 August 2012 - 12:56 PM

Thank you for getting back to me.
I still have the problem with redirection every time I am trying to follow a site address from a Google search.
My computer is a Desktop PC, with Windows XP Media Center, Version 2002, and Service Pack 3 install
I do not have original disks for installation (the computer came with none and I use their system to create a backup set of disks but they do not work).

The computer has a Office Depot virus scanner (which I do not know what exactly is) and the scanner keeps coming up with a virus Gen.Variant. Kazy.67671 C:\\Windows\system 32\cisvad32.dll

When I run the recommend it scans my computer got stuck after I delete the DDS.exe. I download dds.exe again and run it again and than delete it and happend the same thing again. I do not know if it is important but I thought I should mention it.

I follow the instructions from a different area of the forum, about cleaning your computer yourself, I install Tdsskiller and run it but it come up empty.



Here are the new DDS scans"



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by HP Media Center at 9:33:13 on 2012-08-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2966 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\real\realplayer\update\realsched.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hpmedi~1\startm~1\programs\startup\autoru~1\regist~1.lnk - c:\program files\ubisoft\il-2 sturmovik 1946\RegistrationReminder.exe
StartupFolder: c:\docume~1\hpmedi~1\startm~1\programs\startup\autoru~1\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
TCP: DhcpNameServer = 64.233.217.5 64.233.217.2
TCP: Interfaces\{6F0B611F-07ED-408A-BADA-3F78DBB6D057} : DhcpNameServer = 64.233.217.5 64.233.217.2
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-15 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-15 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-24 136176]
S2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\office depot pc support agent\esService.exe [2012-7-22 990144]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-24 136176]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2012-7-23 10112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-15 21:55:38 -------- d-----w- c:\program files\ESET
2012-08-15 21:44:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 21:44:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-14 15:00:25 -------- d-----w- c:\program files\common files\xing shared
2012-08-07 15:41:41 -------- d-----w- c:\documents and settings\hp media center\application data\QuickScan
2012-08-07 15:38:58 -------- d-----w- C:\McAfeePromo
2012-08-07 15:20:47 -------- d-----w- c:\documents and settings\hp media center\application data\OpswatLogs
2012-08-07 11:59:56 -------- d-----w- c:\program files\Office Depot PC Support Agent
2012-08-07 11:38:09 -------- d-----w- c:\program files\common files\supportsoft
2012-08-07 11:36:56 -------- d-----w- C:\temp
2012-08-07 11:36:32 -------- d-----w- c:\documents and settings\hp media center\application data\supportdotcom
2012-08-07 11:36:23 -------- d-----w- c:\program files\supportdotcom
2012-08-07 11:36:23 -------- d-----w- c:\program files\common files\supportdotcom
2012-08-07 11:35:33 1451 ----a-w- c:\documents and settings\hp media center\application data\msuexy.dll
2012-08-05 13:24:34 -------- d-----w- c:\documents and settings\hp media center\local settings\application data\PCHealth
2012-08-04 23:16:42 -------- d-----w- c:\windows\system32\LogFiles
2012-08-04 11:50:36 -------- d-----w- c:\program files\DDS Converter 2
2012-08-02 22:21:03 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
2012-08-02 16:57:58 -------- d-----w- c:\windows\system32\appmgmt
2012-08-02 14:01:51 -------- d--h--w- c:\windows\PIF
2012-08-02 02:59:12 54016 ----a-w- c:\windows\system32\drivers\htvr.sys
2012-07-31 22:40:10 -------- d-----w- c:\windows\pss
2012-07-31 18:06:00 -------- d-----w- c:\documents and settings\all users\application data\036E1912EB204A9179494EB27B07D287
2012-07-31 18:05:14 56320 ---ha-w- c:\windows\system32\cisvad32.dll
2012-07-24 13:34:31 -------- d-----w- c:\program files\LeapFrog
2012-07-24 13:34:31 -------- d-----w- c:\documents and settings\all users\application data\Leapfrog
.
==================== Find3M ====================
.
2012-08-14 14:59:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-14 14:59:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-26 15:57:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 15:57:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-23 06:21:20 28032 ----a-w- c:\windows\system32\ssmirrdr.dll
2012-07-23 06:21:20 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys
2012-07-05 20:16:03 3059824 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2012-07-05 20:16:02 316816 ----a-w- c:\windows\system32\appdrvrem01.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 9:39:42.34 ===============


Attached File  attach.txt   11.94KB   0 downloads


The Gmer file is in the next post

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 22 August 2012 - 01:41 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 designz4u63

designz4u63
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 23 August 2012 - 08:10 AM

Hi

I tried to run Gmer program so I can log the results onto the forum but once it passes a certain level (after it discovers some rootkit viruses) the computer gets stuck. I tried 4 times to run the program with the same results and 5th time I interrupt the run right after it find the viruses and save the log...of course after I restart it I could not save the final log because I receive a message saying not sufficient memory to save the log. I attach the half log I manage to create.

Attached File  ark.log   4.5KB   0 downloads


I download the SecurityCheck and ComboFix but I cannot run SecurityCheck. from my desktop because I receive the message... it is not a valid Win32 application. I run the SecurityCheck direct from the download (instead of save I use Run). I attach the log too. I do not know if it helps or not but I thought is better than nothing.

Attached File  securitycheckup.txt   1.09KB   0 downloads


I run ComboFix, it delete it some files, but I did not get a log, because at the point where it was saying it is creating a log file the computer screen went blue and it turn off completely. I restart the computer and I find a log file with I am attaching it to this thread but I do not know if it is complete or not. Let me know what should I do next. I attach the comboFix log on the next thread

Edited by designz4u63, 23 August 2012 - 09:09 AM.


#7 designz4u63

designz4u63
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 23 August 2012 - 09:10 AM

this is the ComboFix Log
Attached File  ComboFix.txt   66.49KB   0 downloads


Google searches are still getting redirect it.

Edited by designz4u63, 23 August 2012 - 09:11 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 23 August 2012 - 09:12 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 designz4u63

designz4u63
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 23 August 2012 - 10:36 PM

I run ComboFix into safe mode. Attach is the scan log.

Attached File  ComboFix.txt   11.15KB   2 downloads

After the scan was done, when I restart the computer and run it into regular mode, I received a new warning about having no antivirus protection install and that my computer might be at risk. I am not sure if it is important or not for you to know, however from previous experiences after such a warning I most of the time end up with one of the "Live Security Platinum" virus. Is anyway I can find out why I my PC gets infect it with the same type of virus?

As far as I can see, my Google searches do not get re-direct it anymore.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 23 August 2012 - 11:04 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 designz4u63

designz4u63
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 24 August 2012 - 04:35 PM

Hello

I did run the two programs and here are the logs.

Attached File  tdskiller.txt   1.63KB   1 downloads

Attached File  aswMBR.txt   2.15KB   1 downloads

I see that the aswMBR scan come up with some problems...was I suppose to use the Fix button? because I did not do that.

thank you


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-24 08:59:17
-----------------------------
08:59:17.906 OS Version: Windows 5.1.2600 Service Pack 3
08:59:17.906 Number of processors: 2 586 0x4B02
08:59:17.906 ComputerName: HP-1C9C7CF83E1D UserName: HP Media Center
08:59:26.328 Initialize success
09:03:00.500 AVAST engine defs: 12082401
09:06:46.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-b
09:06:46.734 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3
09:06:46.750 Disk 0 MBR read successfully
09:06:46.750 Disk 0 MBR scan
09:06:46.781 Disk 0 Windows XP default MBR code
09:06:46.781 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
09:06:46.781 Disk 0 scanning sectors +1953504000
09:06:46.890 Disk 0 scanning C:\WINDOWS\system32\drivers
09:07:01.562 Service scanning
09:07:32.828 Modules scanning
09:07:45.781 Disk 0 trace - called modules:
09:07:45.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys
09:07:45.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7d9ab8]
09:07:45.796 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a842948]
09:07:45.796 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-b[0x8a7da940]
09:07:45.796 \Driver\atapi[0x8a7a7b10] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xb8338d60]
09:07:53.218 AVAST engine scan C:\WINDOWS
09:08:21.140 AVAST engine scan C:\WINDOWS\system32
09:08:34.187 File: C:\WINDOWS\system32\cisvad32.dll **INFECTED** Win32:Downloader-PVL [Trj]
09:15:23.125 AVAST engine scan C:\WINDOWS\system32\drivers
09:16:16.578 AVAST engine scan C:\Documents and Settings\HP Media Center
13:09:21.328 AVAST engine scan C:\Documents and Settings\All Users
13:15:08.203 Scan finished successfully
16:57:16.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP Media Center\Desktop\New Folder\MBR.dat"
16:57:16.390 The log file has been saved successfully to "C:\Documents and Settings\HP Media Center\Desktop\New Folder\aswMBR.txt"

Edited by gringo_pr, 24 August 2012 - 05:07 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 24 August 2012 - 05:08 PM

Greetings

I would like you to rerun TDSSKiller again it does not look like it finished as that is only a small part of the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 designz4u63

designz4u63
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 24 August 2012 - 10:07 PM

here is the new scan. I hope this time is complete. The scan itself goes very fast. I do not know if that is normal or not.

Attached File  TDSSKiller.2.8.8.0_24.08.2012_23.02.54_log.txt   75.31KB   1 downloads

Edited by designz4u63, 24 August 2012 - 10:08 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 25 August 2012 - 06:20 AM

Greetings designz4u63

  • Please do not attach logs or use code boxes, just copy and paste the text.
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\WINDOWS\system32\cisvad32.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 designz4u63

designz4u63
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 26 August 2012 - 10:01 AM

Hi

I run the script and ComboFix scan yesterday and after that I use the PC to make sure has no other symptoms. So far everything seems to be OK.

However, I have one more question: This particular computer gets infecte it very often with viruses similar to "Live Platinum Security Platinum " virus. Very often. I have 2 more computer in the house, and the only difference between this particular PC and the others is the fact that this one has games load it on it (not online games, just regular off line games). It is possible that one of this games opens the gates for viruses?

Here are the scan results.

ComboFix 12-08-22.03 - HP Media Center 08/25/2012 12:49:44.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2855 [GMT -4:00]
Running from: C:\Documents and Settings\HP Media Center\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP Media Center\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"C:\WINDOWS\system32\cisvad32.dll"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\TEMP
C:\WINDOWS\system32\cisvad32.dll


((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))


2012-08-25 07:07:18 . 2012-08-25 07:07:18 -------- d-----w- C:\WINDOWS\system32\XPSViewer
2012-08-25 07:07:10 . 2012-08-25 07:07:10 -------- d-----w- C:\Program Files\MSBuild
2012-08-25 07:06:54 . 2012-08-25 07:06:54 -------- d-----w- C:\Program Files\Reference Assemblies
2012-08-25 07:06:31 . 2008-07-06 12:06:10 89088 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-08-25 07:06:07 . 2008-07-06 12:06:10 89088 -c----w- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2012-08-25 07:06:07 . 2008-07-06 12:06:10 117760 ------w- C:\WINDOWS\system32\prntvpt.dll
2012-08-25 07:06:06 . 2008-07-06 12:06:10 575488 -c----w- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2012-08-25 07:06:06 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\xpsshhdr.dll
2012-08-25 07:06:06 . 2008-07-06 10:50:03 597504 -c----w- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2012-08-25 07:06:06 . 2008-07-06 10:50:03 597504 ------w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-08-25 07:06:05 . 2012-08-25 07:06:35 -------- d-----w- C:\8ac1bf9a0f655ff189f5c8
2012-08-25 07:06:05 . 2008-07-06 12:06:10 1676288 -c----w- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2012-08-25 07:06:05 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\xpssvcs.dll
2012-08-24 21:58:05 . 2012-08-24 21:58:05 -------- d-----w- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2012-08-24 21:57:55 . 2012-08-24 21:58:53 -------- d-----w- C:\Program Files\Ask.com
2012-08-24 21:57:53 . 2012-08-25 03:08:24 -------- d-----w- C:\Documents and Settings\HP Media Center\Local Settings\Application Data\AskToolbar
2012-08-24 21:57:19 . 2012-08-24 21:57:20 -------- d-----w- C:\Program Files\The Rise of Atlantis
2012-08-23 00:13:21 . 2012-08-23 00:13:21 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
2012-08-22 13:52:20 . 2012-08-24 04:06:04 40776 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2012-08-22 13:43:01 . 2012-08-23 12:44:00 -------- d-----w- C:\Documents and Settings\HP Media Center\Application Data\U3
2012-08-15 21:55:38 . 2012-08-15 21:55:38 -------- d-----w- C:\Program Files\ESET
2012-08-15 21:44:06 . 2012-08-15 21:44:09 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-08-15 21:44:06 . 2012-07-03 17:46:44 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-08-14 15:00:25 . 2012-08-14 15:00:25 -------- d-----w- C:\Program Files\Common Files\xing shared
2012-08-07 15:41:41 . 2012-08-16 02:26:30 -------- d-----w- C:\Documents and Settings\HP Media Center\Application Data\QuickScan
2012-08-07 15:38:58 . 2012-08-07 15:38:58 -------- d-----w- C:\McAfeePromo
2012-08-07 15:20:47 . 2012-08-22 13:31:43 -------- d-----w- C:\Documents and Settings\HP Media Center\Application Data\OpswatLogs
2012-08-07 11:59:56 . 2012-08-07 15:44:18 -------- d-----w- C:\Program Files\Office Depot PC Support Agent
2012-08-07 11:38:14 . 2012-08-07 15:41:10 -------- d-----w- C:\Documents and Settings\All Users\Application Data\support.com
2012-08-07 11:38:09 . 2012-08-07 11:38:09 -------- d-----w- C:\Program Files\Common Files\supportsoft
2012-08-07 11:36:56 . 2012-08-07 11:36:56 -------- d-----w- C:\temp
2012-08-07 11:36:32 . 2012-08-07 11:36:40 -------- d-----w- C:\Documents and Settings\HP Media Center\Application Data\supportdotcom
2012-08-07 11:36:23 . 2012-08-08 08:40:26 -------- d-----w- C:\Program Files\supportdotcom
2012-08-07 11:36:23 . 2012-08-08 08:40:26 -------- d-----w- C:\Program Files\Common Files\supportdotcom
2012-08-05 13:24:34 . 2012-08-05 13:24:34 -------- d-----w- C:\Documents and Settings\HP Media Center\Local Settings\Application Data\PCHealth
2012-08-04 23:16:42 . 2012-08-04 23:16:42 -------- d-----w- C:\WINDOWS\system32\LogFiles
2012-08-04 11:50:36 . 2012-08-04 11:56:41 -------- d-----w- C:\Program Files\DDS Converter 2
2012-08-02 22:21:03 . 2012-08-02 22:21:03 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERSetup
2012-08-02 14:01:51 . 2012-08-02 14:01:51 -------- d--h--w- C:\WINDOWS\PIF
2012-08-02 02:59:12 . 2012-08-02 02:59:12 54016 ----a-w- C:\WINDOWS\system32\drivers\htvr.sys
2012-07-31 18:16:22 . 2012-07-31 18:16:53 -------- d-----w- C:\Documents and Settings\Administrator
2012-07-31 18:06:00 . 2012-07-31 18:07:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\036E1912EB204A9179494EB27B07D287
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-08-14 14:59:53 . 2012-05-25 23:04:01 499712 ----a-w- C:\WINDOWS\system32\msvcp71.dll
2012-08-14 14:59:53 . 2012-05-25 23:04:01 348160 ----a-w- C:\WINDOWS\system32\msvcr71.dll
2012-07-26 15:57:49 . 2012-04-24 21:52:03 426184 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-07-26 15:57:48 . 2012-04-24 21:52:03 70344 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-07-23 06:21:20 . 2012-07-23 06:21:20 28032 ----a-w- C:\WINDOWS\system32\ssmirrdr.dll
2012-07-23 06:21:20 . 2012-07-23 06:21:20 10112 ----a-w- C:\WINDOWS\system32\drivers\ssmirrdr.sys
2012-07-06 13:58:51 . 2006-03-15 11:00:00 78336 ----a-w- C:\WINDOWS\system32\browser.dll
2012-07-05 20:16:03 . 2012-07-05 20:16:03 3059824 ----a-w- C:\WINDOWS\system32\drivers\appdrv01.sys
2012-07-05 20:16:02 . 2012-07-05 20:16:02 316816 ----a-w- C:\WINDOWS\system32\appdrvrem01.exe
2012-07-04 14:05:18 . 2012-04-23 19:38:52 139784 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 . 2006-03-15 11:00:00 1866112 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-07-02 17:49:33 . 2006-03-15 11:00:00 916992 ----a-w- C:\WINDOWS\system32\wininet.dll
2012-07-02 17:49:32 . 2006-03-15 11:00:00 43520 ------w- C:\WINDOWS\system32\licmgr10.dll
2012-07-02 17:49:32 . 2006-03-15 11:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2012-07-02 12:05:43 . 2006-03-15 11:00:00 385024 ------w- C:\WINDOWS\system32\html.iec
2012-06-05 15:50:25 . 2012-04-23 19:57:08 1372672 ------w- C:\WINDOWS\system32\msxml6.dll
2012-06-05 15:50:25 . 2006-03-15 11:00:00 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
2012-06-04 04:32:08 . 2006-03-15 11:00:00 152576 ----a-w- C:\WINDOWS\system32\schannel.dll
2012-06-02 19:19:44 . 2009-08-06 23:24:18 22040 ----a-w- C:\WINDOWS\system32\wucltui.dll.mui
2012-06-02 19:19:38 . 2012-04-23 19:43:28 329240 ----a-w- C:\WINDOWS\system32\wucltui.dll
2012-06-02 19:19:38 . 2012-04-23 19:43:28 219160 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl
2012-06-02 19:19:38 . 2012-04-23 19:43:28 210968 ----a-w- C:\WINDOWS\system32\wuweb.dll
2012-06-02 19:19:38 . 2009-08-06 23:24:12 15384 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 . 2012-04-23 19:43:28 53784 ----a-w- C:\WINDOWS\system32\wuauclt.exe
2012-06-02 19:19:34 . 2012-04-23 19:43:28 35864 ----a-w- C:\WINDOWS\system32\wups.dll
2012-06-02 19:19:34 . 2009-08-06 23:24:10 45080 ----a-w- C:\WINDOWS\system32\wups2.dll
2012-06-02 19:19:34 . 2009-08-06 23:24:06 15384 ----a-w- C:\WINDOWS\system32\wuapi.dll.mui
2012-06-02 19:19:34 . 2006-03-15 11:00:00 97304 ----a-w- C:\WINDOWS\system32\cdm.dll
2012-06-02 19:19:30 . 2009-08-06 23:24:00 17944 ----a-w- C:\WINDOWS\system32\wuaueng.dll.mui
2012-06-02 19:19:24 . 2012-04-23 19:43:28 577048 ----a-w- C:\WINDOWS\system32\wuapi.dll
2012-06-02 19:19:18 . 2012-04-23 19:43:28 1933848 ----a-w- C:\WINDOWS\system32\wuaueng.dll
2012-06-02 19:18:58 . 2012-04-24 20:21:57 275696 ----a-w- C:\WINDOWS\system32\mucltui.dll
2012-06-02 19:18:58 . 2012-04-24 20:21:57 214256 ----a-w- C:\WINDOWS\system32\muweb.dll
2012-06-02 19:18:58 . 2012-04-24 20:21:57 17136 ----a-w- C:\WINDOWS\system32\mucltui.dll.mui
2012-05-31 13:22:09 . 2006-03-15 11:00:00 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll


((((((((((((((((((((((((((((( SnapShot@2012-08-23_13.32.10 )))))))))))))))))))))))))))))))))))))))))

+ 2012-08-25 07:31:27 . 2012-08-25 07:31:27 16384 C:\WINDOWS\temp\Perflib_Perfdata_1d0.dat
+ 2008-07-30 01:10:04 . 2008-07-30 01:10:04 26112 C:\WINDOWS\system32\TsWpfWrp.exe
+ 2006-03-15 11:00:00 . 2012-08-25 07:13:03 83320 C:\WINDOWS\system32\perfc009.dat
+ 2006-03-15 11:00:00 . 2012-07-02 17:49:33 67072 C:\WINDOWS\system32\mshtmled.dll
- 2006-03-15 11:00:00 . 2012-05-11 14:42:33 67072 C:\WINDOWS\system32\mshtmled.dll
+ 2009-03-08 08:31:52 . 2012-07-02 17:49:32 55296 C:\WINDOWS\system32\msfeedsbs.dll
- 2009-03-08 08:31:52 . 2012-05-11 14:42:33 55296 C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-07-25 15:16:58 . 2008-07-25 15:16:58 83968 C:\WINDOWS\system32\mscories.dll
- 2006-03-15 11:00:00 . 2012-05-11 14:42:33 25600 C:\WINDOWS\system32\jsproxy.dll
+ 2006-03-15 11:00:00 . 2012-07-02 17:49:32 25600 C:\WINDOWS\system32\jsproxy.dll
+ 2008-07-29 23:24:50 . 2008-07-29 23:24:50 97800 C:\WINDOWS\system32\infocardapi.dll
+ 2008-07-29 23:24:50 . 2008-07-29 23:24:50 11264 C:\WINDOWS\system32\icardres.dll
+ 2012-04-23 23:14:18 . 2012-07-02 17:49:33 12800 C:\WINDOWS\system32\dllcache\xpshims.dll
- 2012-04-23 23:14:18 . 2012-05-11 14:42:33 12800 C:\WINDOWS\system32\dllcache\xpshims.dll
- 2009-03-08 08:31:26 . 2012-05-11 14:42:33 67072 C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31:26 . 2012-07-02 17:49:33 67072 C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2012-04-23 23:14:18 . 2012-05-11 14:42:33 55296 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2012-04-23 23:14:18 . 2012-07-02 17:49:32 55296 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 08:34:30 . 2012-07-02 17:49:32 43520 C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2009-03-08 08:34:30 . 2012-05-11 14:42:33 43520 C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2009-03-08 08:33:26 . 2012-05-11 14:42:33 25600 C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2009-03-08 08:33:26 . 2012-07-02 17:49:32 25600 C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2012-07-06 13:58:51 . 2012-07-06 13:58:51 78336 C:\WINDOWS\system32\dllcache\browser.dll
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 70648 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 91136 C:\WINDOWS\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 41984 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 40960 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 89080 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 92664 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 95224 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 89592 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 84480 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 94720 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 97792 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 84992 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 97280 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 95224 C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 78856 C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 41984 C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 41992 C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 41992 C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 01:10:04 . 2008-07-30 01:10:04 46104 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 23:59:58 . 2008-07-29 23:59:58 32768 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 01:10:04 . 2008-07-30 01:10:04 71160 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 23:32:52 . 2008-07-29 23:32:52 17448 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 32768 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 73728 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 20504 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 11280 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 37896 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 81400 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 77824 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 57392 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 81920 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 81920 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 81920 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 81920 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 15:17:04 . 2008-07-25 15:17:04 95232 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 16896 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 15:17:06 . 2008-07-25 15:17:06 61952 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 32768 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 32768 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 53248 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 53248 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 88584 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 24584 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 15:17:04 . 2008-07-25 15:17:04 31744 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 19456 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 69632 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 15:16:58 . 2008-07-25 15:16:58 18944 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 77312 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 94208 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 46592 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 83456 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 11:28:48 . 2005-09-23 11:28:48 69632 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 15:16:56 . 2008-07-25 15:16:56 69632 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 15:16:40 . 2008-07-25 15:16:40 97792 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 15:16:38 . 2008-07-25 15:16:38 12800 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 11:28:30 . 2005-09-23 11:28:30 12800 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 11:28:30 . 2005-09-23 11:28:30 32768 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 15:16:38 . 2008-07-25 15:16:38 32768 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 11:28:30 . 2005-09-23 11:28:30 28672 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 15:16:38 . 2008-07-25 15:16:38 28672 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 15:16:56 . 2008-07-25 15:16:56 77824 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 11:28:48 . 2005-09-23 11:28:48 36864 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 15:16:56 . 2008-07-25 15:16:56 36864 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 11:28:48 . 2005-09-23 11:28:48 40960 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 15:16:54 . 2008-07-25 15:16:54 40960 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 72192 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 72192 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 65032 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 28672 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 28672 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 77824 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 15:16:58 . 2008-07-25 15:16:58 18936 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 15:16:46 . 2008-07-25 15:16:46 62968 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 15:16:50 . 2008-07-25 15:16:50 35320 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 69120 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 27136 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 15:16:50 . 2008-07-25 15:16:50 13312 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 11:28:42 . 2005-09-23 11:28:42 13312 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 15:16:50 . 2008-07-25 15:16:50 80376 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 89608 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 08:59:18 . 2008-11-25 08:59:18 31560 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 15:16:40 . 2008-07-25 15:16:40 34312 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 15:16:40 . 2008-07-25 15:16:40 33288 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 15:16:40 . 2008-07-25 15:16:40 24576 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 15:16:38 . 2008-07-25 15:16:38 84480 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 15:16:40 . 2008-07-25 15:16:40 33800 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 15:16:40 . 2008-07-25 15:16:40 17416 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 15:16:40 . 2008-07-25 15:16:40 22024 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 15:16:40 . 2008-07-25 15:16:40 36864 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 11:28:32 . 2005-09-23 11:28:32 36864 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 58880 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 15:16:44 . 2008-07-25 15:16:44 98808 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 10752 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 10752 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 15:16:50 . 2008-07-25 15:16:50 13824 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 15:16:42 . 2008-07-25 15:16:42 28672 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 15:16:58 . 2008-07-25 15:16:58 96768 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-30 01:07:20 . 2008-07-30 01:07:20 23040 C:\WINDOWS\Installer\51840e9.msp
+ 2012-08-25 07:04:50 . 2012-08-25 07:04:50 88576 C:\WINDOWS\Installer\513c7e0.msi
+ 2012-08-24 07:01:03 . 2012-05-11 14:42:33 12800 C:\WINDOWS\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 67072 C:\WINDOWS\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 55296 C:\WINDOWS\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 43520 C:\WINDOWS\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 25600 C:\WINDOWS\ie8updates\KB2722913-IE8\jsproxy.dll
+ 2012-08-25 07:06:07 . 2008-07-06 12:06:10 89088 C:\WINDOWS\Driver Cache\i386\filterpipelineprintproc.dll
+ 2012-08-25 07:17:03 . 2012-08-25 07:17:03 60928 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2012-08-25 07:21:24 . 2012-08-25 07:21:24 37888 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2012-08-25 07:21:13 . 2012-08-25 07:21:13 36864 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2012-08-25 07:19:39 . 2012-08-25 07:19:39 94208 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-08-25 07:19:39 . 2012-08-25 07:19:39 82944 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2012-08-25 07:15:29 . 2012-08-25 07:15:29 47104 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2012-08-25 07:15:02 . 2012-08-25 07:15:02 39424 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2012-08-25 07:20:46 . 2012-08-25 07:20:46 55296 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2012-08-25 07:19:28 . 2012-08-25 07:19:28 65024 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2012-08-25 07:19:17 . 2012-08-25 07:19:17 74752 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2012-08-25 07:19:16 . 2012-08-25 07:19:16 14336 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2012-08-25 07:19:14 . 2012-08-25 07:19:14 25600 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2012-08-25 07:07:14 . 2012-08-25 07:07:14 94208 C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-08-25 07:07:06 . 2012-08-25 07:07:06 98304 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-08-25 07:07:06 . 2012-08-25 07:07:06 40960 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-08-25 07:08:25 . 2012-08-25 07:08:25 12288 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-08-25 07:08:32 . 2012-08-25 07:08:32 61440 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-08-25 07:12:15 . 2012-08-25 07:12:15 77824 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-08-25 07:08:29 . 2012-08-25 07:08:29 32768 C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-08-25 07:08:29 . 2012-08-25 07:08:29 77824 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-08-25 07:07:02 . 2012-08-25 07:07:02 32768 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-08-25 07:07:02 . 2012-08-25 07:07:02 73728 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2012-08-25 07:12:19 . 2012-08-25 07:12:19 81920 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-14 15:44:23 . 2012-05-14 15:44:23 81920 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-08-25 07:08:21 . 2012-08-25 07:08:21 53248 C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-08-25 07:12:40 . 2012-08-25 07:12:40 81920 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-14 15:44:22 . 2012-05-14 15:44:22 81920 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-08-25 07:08:26 . 2012-08-25 07:08:26 57344 C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-08-25 07:08:19 . 2012-08-25 07:08:19 45056 C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-08-25 07:07:11 . 2012-08-25 07:07:11 46104 C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2012-08-25 07:07:03 . 2012-08-25 07:07:03 32768 C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2012-08-25 07:12:26 . 2012-08-25 07:12:26 32768 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-05-14 15:44:18 . 2012-05-14 15:44:18 32768 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-08-25 07:12:30 . 2012-08-25 07:12:30 12800 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-14 15:44:19 . 2012-05-14 15:44:19 12800 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-08-25 07:08:16 . 2012-08-25 07:08:16 41984 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2012-05-14 15:44:18 . 2012-05-14 15:44:18 28672 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-08-25 07:12:30 . 2012-08-25 07:12:30 28672 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-08-25 07:12:36 . 2012-08-25 07:12:36 77824 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-08-25 07:08:18 . 2012-08-25 07:08:18 94208 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2012-08-25 07:08:17 . 2012-08-25 07:08:17 36864 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-08-25 07:12:34 . 2012-08-25 07:12:34 36864 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-05-14 15:44:21 . 2012-05-14 15:44:21 36864 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-08-25 07:12:25 . 2012-08-25 07:12:25 77824 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-05-14 15:44:20 . 2012-05-14 15:44:20 13312 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-08-25 07:12:22 . 2012-08-25 07:12:22 13312 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-05-14 15:44:22 . 2012-05-14 15:44:22 10752 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-08-25 07:12:24 . 2012-08-25 07:12:24 10752 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-08-25 07:12:28 . 2012-08-25 07:12:28 72192 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-14 15:44:28 . 2012-05-14 15:44:28 72192 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-08-25 07:12:23 . 2012-08-25 07:12:23 69120 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-08-25 07:12:24 . 2012-08-25 07:12:24 8192 C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 5632 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
- 2005-09-23 11:28:30 . 2005-09-23 11:28:30 7168 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 15:16:38 . 2008-07-25 15:16:38 7168 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 11:29:10 . 2005-09-23 11:29:10 5632 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 15:17:16 . 2008-07-25 15:17:16 5632 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 6656 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 8192 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 8192 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 9728 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 9728 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 15:16:46 . 2008-07-25 15:16:46 5120 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2012-08-25 07:08:19 . 2012-08-25 07:08:19 5632 C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2012-08-25 07:12:25 . 2012-08-25 07:12:25 7168 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-05-14 15:44:19 . 2012-05-14 15:44:19 7168 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-05-14 15:44:33 . 2012-05-14 15:44:33 5632 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-08-25 07:12:38 . 2012-08-25 07:12:38 5632 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-08-25 07:12:25 . 2012-08-25 07:12:25 6656 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-05-14 15:44:27 . 2012-05-14 15:44:27 8192 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-08-25 07:12:24 . 2012-08-25 07:12:24 8192 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-08-25 07:12:32 . 2012-08-25 07:12:32 113664 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-08-25 07:12:32 . 2012-08-25 07:12:32 258048 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-05-14 15:44:19 . 2012-05-14 15:44:19 258048 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-07-25 15:17:20 . 2008-07-25 15:17:20 635904 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 15:17:20 . 2008-07-25 15:17:20 558080 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 15:17:20 . 2008-07-25 15:17:20 479232 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-30 01:26:06 . 2008-07-30 01:26:06 301568 C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
+ 2006-03-15 11:00:00 . 2012-07-02 17:49:33 105984 C:\WINDOWS\system32\url.dll
- 2006-03-15 11:00:00 . 2012-05-11 14:42:33 105984 C:\WINDOWS\system32\url.dll
+ 2012-08-25 07:06:29 . 2008-07-06 12:06:10 765440 C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2012-08-25 07:06:30 . 2008-07-06 12:06:10 765440 C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2012-08-25 07:06:28 . 2008-07-06 12:06:10 748032 C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2012-08-25 07:06:30 . 2008-07-06 12:06:10 748032 C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2012-08-25 07:06:32 . 2008-07-06 12:06:10 147456 C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2012-08-25 07:06:08 . 2008-03-13 04:52:36 761344 C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2012-08-25 07:06:07 . 2008-07-06 12:06:10 744960 C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2012-08-25 07:06:07 . 2008-07-06 12:06:10 373248 C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2012-08-25 07:06:06 . 2008-07-06 12:06:10 198656 C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2012-08-25 07:06:06 . 2008-07-06 12:06:10 765440 C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2008-07-29 23:59:58 . 2008-07-29 23:59:58 781344 C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2008-07-29 23:59:58 . 2008-07-29 23:59:58 105016 C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-03-15 11:00:00 . 2012-08-25 07:13:03 493054 C:\WINDOWS\system32\perfh009.dat
+ 2006-03-15 11:00:00 . 2012-07-02 17:49:33 206848 C:\WINDOWS\system32\occache.dll
- 2006-03-15 11:00:00 . 2012-05-11 14:42:33 206848 C:\WINDOWS\system32\occache.dll
+ 2006-03-15 11:00:00 . 2012-07-06 13:58:52 337920 C:\WINDOWS\system32\netapi32.dll
+ 2006-03-15 11:00:00 . 2012-07-02 17:49:33 611840 C:\WINDOWS\system32\mstime.dll
- 2006-03-15 11:00:00 . 2012-05-11 14:42:33 611840 C:\WINDOWS\system32\mstime.dll
+ 2009-03-08 08:32:26 . 2012-07-02 17:49:32 629760 C:\WINDOWS\system32\msfeeds.dll
- 2009-03-08 08:32:26 . 2012-05-11 14:42:33 629760 C:\WINDOWS\system32\msfeeds.dll
- 2006-03-15 11:00:00 . 2009-05-07 15:32:35 345600 C:\WINDOWS\system32\localspl.dll
+ 2006-03-15 11:00:00 . 2012-05-14 09:22:41 345600 C:\WINDOWS\system32\localspl.dll
- 2006-03-15 11:00:00 . 2012-05-11 14:42:33 184320 C:\WINDOWS\system32\iepeers.dll
+ 2006-03-15 11:00:00 . 2012-07-02 17:49:32 184320 C:\WINDOWS\system32\iepeers.dll
- 2006-03-15 11:00:00 . 2012-05-11 14:42:32 387584 C:\WINDOWS\system32\iedkcs32.dll
+ 2006-03-15 11:00:00 . 2012-07-02 17:49:31 387584 C:\WINDOWS\system32\iedkcs32.dll
- 2006-03-15 11:00:00 . 2012-05-11 11:38:19 174080 C:\WINDOWS\system32\ie4uinit.exe
+ 2006-03-15 11:00:00 . 2012-07-02 12:05:57 174080 C:\WINDOWS\system32\ie4uinit.exe
+ 2008-07-29 23:24:50 . 2008-07-29 23:24:50 622080 C:\WINDOWS\system32\icardagt.exe
+ 2012-04-23 15:13:02 . 2012-08-25 07:30:44 115768 C:\WINDOWS\system32\FNTCACHE.DAT
+ 2009-03-08 08:34:58 . 2012-07-02 17:49:33 916992 C:\WINDOWS\system32\dllcache\wininet.dll
- 2009-03-08 08:34:58 . 2012-05-16 15:08:26 916992 C:\WINDOWS\system32\dllcache\wininet.dll
- 2009-03-08 08:34:28 . 2012-05-11 14:42:33 105984 C:\WINDOWS\system32\dllcache\url.dll
+ 2009-03-08 08:34:28 . 2012-07-02 17:49:33 105984 C:\WINDOWS\system32\dllcache\url.dll
+ 2012-04-30 11:06:38 . 2012-07-04 14:05:18 139784 C:\WINDOWS\system32\dllcache\rdpwd.sys
- 2009-03-08 08:34:18 . 2012-05-11 14:42:33 206848 C:\WINDOWS\system32\dllcache\occache.dll
+ 2009-03-08 08:34:18 . 2012-07-02 17:49:33 206848 C:\WINDOWS\system32\dllcache\occache.dll
+ 2012-04-30 11:08:15 . 2012-07-06 13:58:52 337920 C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2009-03-08 08:32:04 . 2012-07-02 17:49:33 611840 C:\WINDOWS\system32\dllcache\mstime.dll
- 2009-03-08 08:32:04 . 2012-05-11 14:42:33 611840 C:\WINDOWS\system32\dllcache\mstime.dll
- 2012-04-23 23:14:18 . 2012-05-11 14:42:33 629760 C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2012-04-23 23:14:18 . 2012-07-02 17:49:32 629760 C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2009-05-07 15:32:35 . 2012-05-14 09:22:41 345600 C:\WINDOWS\system32\dllcache\localspl.dll
- 2009-05-07 15:32:35 . 2009-05-07 15:32:35 345600 C:\WINDOWS\system32\dllcache\localspl.dll
+ 2012-07-18 17:19:02 . 2012-07-02 17:49:32 521728 C:\WINDOWS\system32\dllcache\jsdbgui.dll
- 2012-07-18 17:19:02 . 2012-05-11 14:42:33 521728 C:\WINDOWS\system32\dllcache\jsdbgui.dll
- 2012-04-23 23:14:17 . 2012-05-11 14:42:33 247808 C:\WINDOWS\system32\dllcache\ieproxy.dll
+ 2012-04-23 23:14:17 . 2012-07-02 17:49:32 247808 C:\WINDOWS\system32\dllcache\ieproxy.dll
- 2009-03-08 08:31:56 . 2012-05-11 14:42:33 184320 C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2009-03-08 08:31:56 . 2012-07-02 17:49:32 184320 C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2012-04-23 23:14:17 . 2012-07-02 17:49:31 743424 C:\WINDOWS\system32\dllcache\iedvtool.dll
- 2012-04-23 23:14:17 . 2012-05-11 14:42:32 743424 C:\WINDOWS\system32\dllcache\iedvtool.dll
- 2009-03-08 18:09:26 . 2012-05-11 14:42:32 387584 C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2009-03-08 18:09:26 . 2012-07-02 17:49:31 387584 C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2006-03-15 11:00:00 . 2012-07-02 12:05:57 174080 C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2006-03-15 11:00:00 . 2012-05-11 11:38:19 174080 C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 196104 C:\WINDOWS\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 802816 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 984056 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 107512 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 111096 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 110072 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 106488 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 105976 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 107000 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 107512 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 109048 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 106488 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 108536 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 110072 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 111096 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 101368 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 112120 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 106488 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 113656 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 111608 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 108536 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 108536 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 102904 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 689152 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 413184 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 632320 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2012-08-25 07:08:03 . 2012-08-25 07:08:03 652800 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 110080 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 131584 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 131072 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 121344 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 121344 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 123904 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 122880 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 128512 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 121856 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 129024 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 128512 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 132096 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 111104 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 133120 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 122368 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 137728 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 130048 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 126464 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 125440 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 113152 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 269304 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 177152 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 276984 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 03:15:24 . 2008-07-30 03:15:24 225490 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 233976 C:\WINDOWS\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 168448 C:\WINDOWS\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 00:35:46 . 2008-07-30 00:35:46 864256 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 23:59:58 . 2008-07-29 23:59:58 132120 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 01:10:04 . 2008-07-30 01:10:04 806928 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 152576 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 966656 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 132096 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 110592 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 156688 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 163840 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 397312 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 23:24:50 . 2008-07-29 23:24:50 881664 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 23:16:38 . 2008-07-29 23:16:38 168968 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 08:59:18 . 2008-11-25 08:59:18 436040 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 839680 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 835584 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 835584 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 261632 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 114688 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 114688 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 258048 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 258048 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 131072 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 131072 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 303104 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 258048 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 258048 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 372736 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 113664 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 258048 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 258048 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 626688 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 188416 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 188416 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 401408 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 15:16:46 . 2008-07-25 15:16:46 970752 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 745472 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 08:59:40 . 2008-11-25 08:59:40 486400 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 425984 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 110592 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 110592 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 392184 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 118784 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 15:16:58 . 2008-07-25 15:16:58 143360 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 100856 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 230912 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 15:17:04 . 2008-07-25 15:17:04 345600 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 114176 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 08:59:40 . 2008-11-25 08:59:40 364872 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 308224 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 08:59:40 . 2008-11-25 08:59:40 990032 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 15:17:12 . 2008-07-25 15:17:12 659456 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 15:17:14 . 2008-07-25 15:17:14 372736 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 11:29:10 . 2005-09-23 11:29:10 372736 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 11:29:10 . 2005-09-23 11:29:10 110592 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 15:17:14 . 2008-07-25 15:17:14 110592 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 15:16:54 . 2008-07-25 15:16:54 749568 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 15:16:56 . 2008-07-25 15:16:56 655360 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 15:16:56 . 2008-07-25 15:16:56 348160 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 230904 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 798224 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 15:17:16 . 2008-07-25 15:17:16 575496 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 11:28:56 . 2005-09-23 11:28:56 106496 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 106496 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 15:16:40 . 2008-07-25 15:16:40 507904 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 11:28:32 . 2005-09-23 11:28:32 106496 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 15:16:40 . 2008-07-25 15:16:40 106496 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 15:17:02 . 2008-07-25 15:17:02 147968 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 15:16:36 . 2008-07-25 15:16:36 218112 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 15:17:10 . 2008-07-25 15:17:10 193016 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 15:16:48 . 2008-07-25 15:16:48 145408 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-12-13 13:58:22 . 2008-12-13 13:58:22 754688 C:\WINDOWS\Installer\5198e05.msp
+ 2012-08-25 07:08:34 . 2012-08-25 07:08:34 648192 C:\WINDOWS\Installer\5198de2.msi
+ 2008-07-30 01:23:12 . 2008-07-30 01:23:12 250880 C:\WINDOWS\Installer\51840f2.msp
+ 2008-07-30 01:28:10 . 2008-07-30 01:28:10 278016 C:\WINDOWS\Installer\51840f0.msp
+ 2008-07-29 23:40:38 . 2008-07-29 23:40:38 291840 C:\WINDOWS\Installer\51840ee.msp
+ 2012-08-25 07:07:34 . 2012-08-25 07:07:34 137728 C:\WINDOWS\Installer\51840e8.msi
+ 2008-07-29 21:35:10 . 2008-07-29 21:35:10 553472 C:\WINDOWS\Installer\513c7e5.msp
+ 2008-07-29 21:33:08 . 2008-07-29 21:33:08 506368 C:\WINDOWS\Installer\513c7e3.msp
+ 2008-07-29 21:37:12 . 2008-07-29 21:37:12 911360 C:\WINDOWS\Installer\513c7e2.msp
+ 2012-08-24 21:58:03 . 2012-08-24 21:58:03 102400 C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2012-08-24 07:01:02 . 2012-05-16 15:08:26 916992 C:\WINDOWS\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 105984 C:\WINDOWS\ie8updates\KB2722913-IE8\url.dll
+ 2012-08-24 07:01:11 . 2010-07-05 13:16:02 382840 C:\WINDOWS\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-08-24 07:01:11 . 2010-07-05 13:15:51 231288 C:\WINDOWS\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 206848 C:\WINDOWS\ie8updates\KB2722913-IE8\occache.dll
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 611840 C:\WINDOWS\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 629760 C:\WINDOWS\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-08-24 07:01:03 . 2012-05-11 14:42:33 521728 C:\WINDOWS\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-08-24 07:01:03 . 2012-05-11 14:42:33 247808 C:\WINDOWS\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 184320 C:\WINDOWS\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-08-24 07:01:03 . 2012-05-11 14:42:32 743424 C:\WINDOWS\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-08-24 07:01:03 . 2012-05-11 14:42:32 387584 C:\WINDOWS\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-08-24 07:01:03 . 2012-05-11 11:38:19 174080 C:\WINDOWS\ie8updates\KB2722913-IE8\ie4uinit.exe
+ 2012-08-25 07:06:08 . 2008-03-13 04:52:36 761344 C:\WINDOWS\Driver Cache\i386\unires.dll
+ 2012-08-25 07:06:07 . 2008-07-06 12:06:10 744960 C:\WINDOWS\Driver Cache\i386\unidrvui.dll
+ 2012-08-25 07:06:07 . 2008-07-06 12:06:10 373248 C:\WINDOWS\Driver Cache\i386\unidrv.dll
+ 2012-08-25 07:06:06 . 2008-07-06 12:06:10 198656 C:\WINDOWS\Driver Cache\i386\mxdwdui.dll
+ 2012-08-25 07:06:06 . 2008-07-06 12:06:10 765440 C:\WINDOWS\Driver Cache\i386\mxdwdrv.dll
+ 2012-08-25 07:17:52 . 2012-08-25 07:17:52 321536 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2012-08-25 07:17:04 . 2012-08-25 07:17:04 240128 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2012-08-25 07:17:03 . 2012-08-25 07:17:03 187904 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2012-08-25 07:17:00 . 2012-08-25 07:17:00 447488 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2012-08-25 07:21:43 . 2012-08-25 07:21:43 400896 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2012-08-25 07:21:08 . 2012-08-25 07:21:08 129536 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2012-08-25 07:21:21 . 2012-08-25 07:21:21 202240 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2012-08-25 07:21:17 . 2012-08-25 07:21:17 859648 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2012-08-25 07:21:14 . 2012-08-25 07:21:14 328704 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2012-08-25 07:21:15 . 2012-08-25 07:21:15 301056 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2012-08-25 07:21:12 . 2012-08-25 07:21:12 547328 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2012-08-25 07:21:07 . 2012-08-25 07:21:07 141312 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2012-08-25 07:20:53 . 2012-08-25 07:20:53 627200 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2012-08-25 07:20:52 . 2012-08-25 07:20:52 212992 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2012-08-25 07:19:25 . 2012-08-25 07:19:25 676352 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2012-08-25 07:20:41 . 2012-08-25 07:20:41 311296 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-08-25 07:20:47 . 2012-08-25 07:20:47 621056 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2012-08-25 07:20:43 . 2012-08-25 07:20:43 998400 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2012-08-25 07:20:40 . 2012-08-25 07:20:40 330752 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2012-08-25 07:17:09 . 2012-08-25 07:17:09 381440 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2012-08-25 07:17:08 . 2012-08-25 07:17:08 212992 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2012-08-25 07:20:39 . 2012-08-25 07:20:39 280064 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2012-08-25 07:20:39 . 2012-08-25 07:20:39 627712 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2012-08-25 07:16:35 . 2012-08-25 07:16:35 208384 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2012-08-25 07:20:38 . 2012-08-25 07:20:38 455680 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2012-08-25 07:20:37 . 2012-08-25 07:20:37 881152 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-08-25 07:20:30 . 2012-08-25 07:20:30 939008 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2012-08-25 07:20:32 . 2012-08-25 07:20:32 354816 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2012-08-25 07:20:26 . 2012-08-25 07:20:26 756736 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2012-08-25 07:19:40 . 2012-08-25 07:19:40 135680 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2012-08-25 07:19:20 . 2012-08-25 07:19:20 971264 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2012-08-25 07:20:41 . 2012-08-25 07:20:41 141312 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2012-08-25 07:19:38 . 2012-08-25 07:19:38 633856 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2012-08-25 07:17:51 . 2012-08-25 07:17:51 366080 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2012-08-25 07:17:49 . 2012-08-25 07:17:49 256000 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2012-08-25 07:17:49 . 2012-08-25 07:17:49 320512 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2012-08-25 07:15:55 . 2012-08-25 07:15:55 224768 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2012-08-25 07:15:55 . 2012-08-25 07:15:56 539648 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2012-08-25 07:15:54 . 2012-08-25 07:15:54 368128 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2012-08-25 07:15:56 . 2012-08-25 07:15:56 258048 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2012-08-25 07:19:16 . 2012-08-25 07:19:16 133632 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2012-08-25 07:17:47 . 2012-08-25 07:17:47 386560 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-08-25 07:19:34 . 2012-08-25 07:19:34 144384 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2012-08-25 07:19:34 . 2012-08-25 07:19:34 175104 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-08-25 07:19:27 . 2012-08-25 07:19:27 839680 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2012-08-25 07:19:26 . 2012-08-25 07:19:26 222720 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-08-25 07:19:25 . 2012-08-25 07:19:26 220672 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2012-08-25 07:17:43 . 2012-08-25 07:17:43 410112 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2012-08-25 07:19:15 . 2012-08-25 07:19:15 842240 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2012-08-25 07:07:13 . 2012-08-25 07:07:13 385024 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-08-25 07:07:13 . 2012-08-25 07:07:13 167936 C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-08-25 07:08:26 . 2012-08-25 07:08:26 139264 C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-08-25 07:08:13 . 2012-08-25 07:08:13 507904 C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2012-08-25 07:07:09 . 2012-08-25 07:07:09 540672 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-08-25 07:12:15 . 2012-08-25 07:12:15 839680 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-14 15:44:32 . 2012-05-14 15:44:32 835584 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-08-25 07:12:14 . 2012-08-25 07:12:14 835584 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-08-25 07:08:30 . 2012-08-25 07:08:30 335872 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-08-25 07:14:29 . 2012-08-25 07:14:29 139264 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-08-25 07:08:24 . 2012-08-25 07:08:24 131072 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-08-25 07:14:29 . 2012-08-25 07:14:29 229376 C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-08-25 07:07:12 . 2012-08-25 07:07:12 688128 C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-05-14 15:44:23 . 2012-05-14 15:44:23 114688 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-08-25 07:12:27 . 2012-08-25 07:12:27 114688 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-08-25 07:08:12 . 2012-08-25 07:08:12 569344 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2012-08-25 07:12:31 . 2012-08-25 07:12:31 258048 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-14 15:44:22 . 2012-05-14 15:44:22 258048 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-08-25 07:06:57 . 2012-08-25 07:06:57 966656 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-05-14 15:44:30 . 2012-05-14 15:44:30 131072 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-08-25 07:12:32 . 2012-08-25 07:12:32 131072 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-08-25 07:12:33 . 2012-08-25 07:12:33 303104 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-08-25 07:08:28 . 2012-08-25 07:08:28 233472 C:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-14 15:44:32 . 2012-05-14 15:44:32 258048 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-08-25 07:12:35 . 2012-08-25 07:12:35 258048 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-08-25 07:12:36 . 2012-08-25 07:12:36 372736 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-08-25 07:08:24 . 2012-08-25 07:08:24 143360 C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-08-25 07:06:56 . 2012-08-25 07:06:57 131072 C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-08-25 07:06:56 . 2012-08-25 07:06:56 430080 C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-08-25 07:07:18 . 2012-08-25 07:07:18 126976 C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-08-25 07:12:34 . 2012-08-25 07:12:34 626688 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-08-25 07:12:29 . 2012-08-25 07:12:29 401408 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-08-25 07:12:21 . 2012-08-25 07:12:21 188416 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-14 15:44:23 . 2012-05-14 15:44:23 188416 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-08-25 07:08:14 . 2012-08-25 07:08:14 286720 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-08-25 07:12:44 . 2012-08-25 07:12:44 970752 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-08-25 07:12:43 . 2012-08-25 07:12:43 745472 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-08-25 07:14:29 . 2012-08-25 07:14:29 442368 C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2012-08-25 07:08:14 . 2012-08-25 07:08:14 114688 C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-08-25 07:14:28 . 2012-08-25 07:14:28 294912 C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-08-25 07:08:15 . 2012-08-25 07:08:15 684032 C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-08-25 07:08:22 . 2012-08-25 07:08:22 229376 C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2012-08-25 07:08:21 . 2012-08-25 07:08:21 667648 C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2012-08-25 07:12:41 . 2012-08-25 07:12:41 425984 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-08-25 07:08:20 . 2012-08-25 07:08:20 163840 C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-08-25 07:12:39 . 2012-08-25 07:12:39 110592 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-14 15:44:30 . 2012-05-14 15:44:30 110592 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-08-25 07:06:56 . 2012-08-25 07:06:56 110592 C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2012-08-25 07:07:05 . 2012-08-25 07:07:05 528384 C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-08-25 07:07:17 . 2012-08-25 07:07:17 864256 C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-08-25 07:07:15 . 2012-08-25 07:07:15 163840 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-08-25 07:07:15 . 2012-08-25 07:07:15 397312 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-08-25 07:07:14 . 2012-08-25 07:07:14 139264 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-08-25 07:07:14 . 2012-08-25 07:07:14 196608 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-08-25 07:07:10 . 2012-08-25 07:07:10 598016 C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-08-25 07:12:26 . 2012-08-25 07:12:26 659456 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-14 15:44:33 . 2012-05-14 15:44:33 372736 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-08-25 07:12:27 . 2012-08-25 07:12:27 372736 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-14 15:44:33 . 2012-05-14 15:44:33 110592 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-08-25 07:12:28 . 2012-08-25 07:12:28 110592 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-08-25 07:06:55 . 2012-08-25 07:06:55 397312 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-08-25 07:12:29 . 2012-08-25 07:12:29 749568 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-08-25 07:12:35 . 2012-08-25 07:12:35 655360 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-08-25 07:08:18 . 2012-08-25 07:08:18 802816 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2012-08-25 07:08:17 . 2012-08-25 07:08:17 733184 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-08-25 07:12:33 . 2012-08-25 07:12:33 348160 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-08-25 07:08:16 . 2012-08-25 07:08:16 106496 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2012-08-25 07:12:13 . 2012-08-25 07:12:13 507904 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-08-25 07:12:31 . 2012-08-25 07:12:31 261632 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-08-25 07:07:05 . 2012-08-25 07:07:05 368640 C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-08-25 07:12:32 . 2012-08-25 07:12:32 113664 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-14 15:44:19 . 2012-05-14 15:44:19 258048 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-08-25 07:12:32 . 2012-08-25 07:12:32 258048 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-08-25 07:12:40 . 2012-08-25 07:12:40 486400 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-08-25 07:06:55 . 2012-08-25 07:06:55 163840 C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2006-03-15 11:00:00 . 2012-05-11 14:42:33 1212416 C:\WINDOWS\system32\urlmon.dll
+ 2006-03-15 11:00:00 . 2012-07-02 17:49:33 1212416 C:\WINDOWS\system32\urlmon.dll
+ 2012-08-25 07:06:30 . 2008-07-06 12:06:10 1676288 C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2012-08-25 07:06:30 . 2008-07-06 12:06:10 1676288 C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2012-08-25 07:06:28 . 2008-07-06 21:36:12 2936832 C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2012-08-25 07:06:30 . 2008-07-06 21:36:12 2936832 C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2012-08-25 07:06:05 . 2008-07-06 12:06:10 1676288 C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-03-15 11:00:00 . 2012-07-02 17:49:32 6008320 C:\WINDOWS\system32\mshtml.dll
+ 2009-03-08 08:32:22 . 2012-07-02 17:49:32 2000384 C:\WINDOWS\system32\iertutil.dll
- 2009-03-08 08:32:22 . 2012-05-11 14:42:33 2000384 C:\WINDOWS\system32\iertutil.dll
+ 2012-04-30 11:08:40 . 2012-07-03 13:40:15 1866112 C:\WINDOWS\system32\dllcache\win32k.sys
- 2012-04-30 11:08:40 . 2012-06-13 13:19:59 1866112 C:\WINDOWS\system32\dllcache\win32k.sys
- 2009-03-08 08:34:56 . 2012-05-11 14:42:33 1212416 C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2009-03-08 08:34:56 . 2012-07-02 17:49:33 1212416 C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2009-03-08 08:41:16 . 2012-07-02 17:49:32 6008320 C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2012-04-23 23:14:16 . 2012-07-02 17:49:32 2000384 C:\WINDOWS\system32\dllcache\iertutil.dll
- 2012-04-23 23:14:16 . 2012-05-11 14:42:33 2000384 C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 1720824 C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 1054208 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 1364992 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 22:47:34 . 2008-07-29 22:47:34 1064448 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 03:40:48 . 2008-07-30 03:40:48 1548280 C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 23:35:22 . 2008-12-05 23:35:22 1736528 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 01:10:04 . 2008-07-30 01:10:04 2637840 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 01:10:04 . 2008-07-30 01:10:04 4883464 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-06 00:12:12 . 2008-12-06 00:12:12 5931008 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 15:16:38 . 2008-07-25 15:16:38 1344000 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 15:17:10 . 2008-07-25 15:17:10 1172472 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 08:59:40 . 2008-11-25 08:59:40 2048000 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 5025792 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 08:59:40 . 2008-11-25 08:59:40 5242880 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 3149824 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 5062656 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 15:17:00 . 2008-07-25 15:17:00 2933248 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 08:59:36 . 2008-11-25 08:59:36 5813576 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 08:59:40 . 2008-11-25 08:59:40 4546560 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 15:16:50 . 2008-07-25 15:16:50 1163768 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-12-13 13:57:24 . 2008-12-13 13:57:24 8397824 C:\WINDOWS\Installer\5198df0.msp
+ 2008-07-29 23:26:26 . 2008-07-29 23:26:26 1043456 C:\WINDOWS\Installer\51840f1.msp
+ 2008-07-30 00:37:56 . 2008-07-30 00:37:56 2679808 C:\WINDOWS\Installer\51840ef.msp
+ 2008-07-30 01:15:12 . 2008-07-30 01:15:12 3697664 C:\WINDOWS\Installer\51840ed.msp
+ 2008-07-29 23:34:28 . 2008-07-29 23:34:28 1448448 C:\WINDOWS\Installer\51840ec.msp
+ 2008-07-30 00:22:42 . 2008-07-30 00:22:42 4137984 C:\WINDOWS\Installer\51840eb.msp
+ 2008-07-29 23:18:48 . 2008-07-29 23:18:48 3376640 C:\WINDOWS\Installer\51840ea.msp
+ 2008-07-29 21:45:28 . 2008-07-29 21:45:28 2543616 C:\WINDOWS\Installer\513c7e9.msp
+ 2008-07-29 21:29:04 . 2008-07-29 21:29:04 2926080 C:\WINDOWS\Installer\513c7e8.msp
+ 2008-07-29 21:41:16 . 2008-07-29 21:41:16 6487040 C:\WINDOWS\Installer\513c7e7.msp
+ 2008-07-29 21:39:14 . 2008-07-29 21:39:14 3403264 C:\WINDOWS\Installer\513c7e6.msp
+ 2008-07-29 21:43:22 . 2008-07-29 21:43:22 1013248 C:\WINDOWS\Installer\513c7e4.msp
+ 2008-07-29 21:31:06 . 2008-07-29 21:31:06 6083072 C:\WINDOWS\Installer\513c7e1.msp
+ 2012-08-24 21:58:01 . 2012-08-24 21:58:57 2288128 C:\WINDOWS\Installer\321b64d.msi
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 1212416 C:\WINDOWS\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 6007808 C:\WINDOWS\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-08-24 07:01:02 . 2012-05-11 14:42:33 2000384 C:\WINDOWS\ie8updates\KB2722913-IE8\iertutil.dll
+ 2012-08-25 07:15:06 . 2012-08-25 07:15:06 3313664 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2012-08-25 07:17:02 . 2012-08-25 07:17:02 1049600 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2012-08-25 07:14:56 . 2012-08-25 07:14:57 7868416 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2012-08-25 07:16:58 . 2012-08-25 07:16:58 5450752 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2012-08-25 07:21:41 . 2012-08-25 07:21:41 1356288 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2012-08-25 07:21:38 . 2012-08-25 07:21:38 1908224 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2012-08-25 07:21:33 . 2012-08-25 07:21:34 4514304 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2012-08-25 07:21:28 . 2012-08-25 07:21:28 2992640 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2012-08-25 07:21:23 . 2012-08-25 07:21:23 1840640 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2012-08-25 07:21:19 . 2012-08-25 07:21:19 2209280 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2012-08-25 07:21:10 . 2012-08-25 07:21:10 2403328 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2012-08-25 07:16:39 . 2012-08-25 07:16:39 1917440 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2012-08-25 07:20:50 . 2012-08-25 07:20:50 1706496 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2012-08-25 07:17:12 . 2012-08-25 07:17:12 2338304 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2012-08-25 07:16:37 . 2012-08-25 07:16:37 1035264 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2012-08-25 07:17:07 . 2012-08-25 07:17:07 1056768 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2012-08-25 07:16:34 . 2012-08-25 07:16:34 1587200 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2012-08-25 07:20:35 . 2012-08-25 07:20:35 1116672 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2012-08-25 07:20:33 . 2012-08-25 07:20:33 1801216 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2012-08-25 07:16:13 . 2012-08-25 07:16:13 6616576 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2012-08-25 07:19:23 . 2012-08-25 07:19:23 2510336 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2012-08-25 07:20:28 . 2012-08-25 07:20:28 1328128 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2012-08-25 07:16:19 . 2012-08-25 07:16:19 2516480 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2012-08-25 07:20:20 . 2012-08-25 07:20:21 9924096 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a208fb8a7c82774604f28d8450e2687f\System.Data.Entity.ni.dll
+ 2012-08-25 07:16:06 . 2012-08-25 07:16:07 2295296 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2012-08-25 07:16:03 . 2012-08-25 07:16:03 2128896 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2012-08-25 07:15:59 . 2012-08-25 07:16:00 1657856 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2012-08-25 07:15:01 . 2012-08-25 07:15:01 1451008 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\37bbb037e049b5a495e66eea7fbd782c\PresentationBuildTasks.ni.dll
+ 2012-08-25 07:19:36 . 2012-08-25 07:19:36 1712128 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2012-08-25 07:17:46 . 2012-08-25 07:17:46 1093120 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2012-08-25 07:20:45 . 2012-08-25 07:20:45 2332160 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2012-08-25 07:19:30 . 2012-08-25 07:19:30 1620992 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2012-08-25 07:19:33 . 2012-08-25 07:19:33 1966080 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-08-25 07:19:18 . 2012-08-25 07:19:18 1888768 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2012-08-25 07:07:06 . 2012-08-25 07:07:07 1245184 C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-08-25 07:12:44 . 2012-08-25 07:12:46 3149824 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-08-25 07:12:46 . 2012-08-25 07:12:46 2048000 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-08-25 07:07:08 . 2012-08-25 07:07:08 1630208 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-08-25 07:07:07 . 2012-08-25 07:07:08 1138688 C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-08-25 07:12:16 . 2012-08-25 07:12:17 5025792 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-08-25 07:14:30 . 2012-08-25 07:14:30 1277952 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-08-25 07:13:45 . 2012-08-25 07:13:46 5931008 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-08-25 07:12:19 . 2012-08-25 07:12:20 5062656 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-08-25 07:08:22 . 2012-08-25 07:08:22 2879488 C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-08-25 07:13:49 . 2012-08-25 07:13:50 5283840 C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-08-25 07:12:13 . 2012-08-25 07:12:13 5242880 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-08-25 07:12:42 . 2012-08-25 07:12:43 2933248 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-08-25 07:07:03 . 2012-08-25 07:07:03 4210688 C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-08-25 07:12:37 . 2012-08-25 07:12:37 4546560 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-23 23:15:21 . 2012-08-24 07:02:38 59884088 C:\WINDOWS\system32\MRT.exe
- 2009-03-08 08:39:48 . 2012-05-12 00:12:34 11111424 C:\WINDOWS\system32\ieframe.dll
+ 2009-03-08 08:39:48 . 2012-07-03 03:19:34 11111424 C:\WINDOWS\system32\ieframe.dll
+ 2012-04-23 23:14:15 . 2012-07-03 03:19:34 11111424 C:\WINDOWS\system32\dllcache\ieframe.dll
- 2012-04-23 23:14:15 . 2012-05-12 00:12:34 11111424 C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-12-13 14:21:36 . 2008-12-13 14:21:36 10473472 C:\WINDOWS\Installer\5198dfa.msp
+ 2012-08-24 07:01:02 . 2012-05-12 00:12:34 11111424 C:\WINDOWS\ie8updates\KB2722913-IE8\ieframe.dll
+ 2012-08-25 07:16:48 . 2012-08-25 07:16:49 12430848 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2012-08-25 07:21:01 . 2012-08-25 07:21:02 11796992 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2012-08-25 07:17:34 . 2012-08-25 07:17:35 17317888 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\85a68b5908535729e0458a1a58001df3\System.ServiceModel.ni.dll
+ 2012-08-25 07:16:28 . 2012-08-25 07:16:30 10683392 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2012-08-25 07:15:48 . 2012-08-25 07:15:48 14327808 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2012-08-25 07:15:23 . 2012-08-25 07:15:24 12216320 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2012-08-25 07:13:51 . 2012-08-25 07:13:54 11486720 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll

-- Snapshot reset to current date --

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2012-05-04 19:43:14 1519272]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43:14 1519272 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2012-05-04 19:43:14 1519272]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2012-05-04 19:43:14 1519272]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-24 21:52:23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 08:04:42 59392]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 13:32:14 18085888]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 14:07:56 843712]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 01:28:32 59240]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 15:07:54 252296]
"Monitor"="C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-07-05 22:50:30 295304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2012-04-19 00:56:22 421888]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2012-08-14 14:59:54 296096]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 17:46:44 462920]
"ApnUpdater"="C:\Program Files\Ask.com\Updater\Updater.exe" [2012-05-04 19:43:20 1561768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 05:01:00 437160]

C:\Documents and Settings\HP Media Center\Start Menu\Programs\Startup\AutorunsDisabled
Registration IL-2 Sturmovik 1946.LNK - C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe [2005-5-24 868352]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2005-9-28 3088520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-4-25 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [8/15/2012 5:44:06 PM 655944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [8/15/2012 5:44:06 PM 22344]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [4/24/2012 5:52:15 PM 136176]
S2 Office Depot PC Support Agent;Office Depot PC Support Agent;C:\Program Files\Office Depot PC Support Agent\esService.exe [7/22/2012 8:25:12 AM 990144]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [4/24/2012 5:52:15 PM 136176]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\WINDOWS\system32\drivers\btblan.sys [10/9/2009 9:23:06 PM 33792]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [8/22/2012 9:52:20 AM 40776]
S3 ssmirrdr;ssmirrdr;C:\WINDOWS\system32\drivers\ssmirrdr.sys [7/23/2012 2:21:20 AM 10112]

Contents of the 'Scheduled Tasks' folder

2012-08-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57:16 . 2011-06-01 21:57:16]

2012-08-25 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-24 21:52:15 . 2012-04-24 21:52:11]

2012-08-25 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-24 21:52:15 . 2012-04-24 21:52:11]

2012-08-25 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1715567821-682003330-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27:56 . 2012-07-27 18:27:56]

2012-08-25 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1715567821-682003330-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27:56 . 2012-07-27 18:27:56]

2012-08-25 C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
- C:\Program Files\Ask.com\UpdateTask.exe [2012-05-04 19:43:16 . 2012-05-04 19:43:16]

2012-08-25 C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A2CE52B-F165-4A14-BD1B-61BA3BEB2086}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 08:31:54 . 2009-03-08 08:31:54]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.233.217.5 64.233.217.2


**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-25 12:59:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************



Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users