Solved Hard-to-remove redirect virus, frequent system lag

pianodactyl

Posts: 25   +0
So upon returning home, I've found the computer has become ridiculously slow to do anything, and while I think I removed most of the viruses, there's at least one persisting. It causes random tabs to open up, redirects links to various ads and takes clicking on a link several times for it even to register that I indeed clicked it. It does all this whether I'm using google/bing, or I'm already within a website like amazon. Here are my logs.


Malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122703

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2011 1:51:17 PM
mbam-log-2011-12-28 (13-51-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 361846
Time elapsed: 5 hour(s), 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MESSENGER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_____________________________


GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-28 07:42:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0
Running: ibnov2bj.exe; Driver: C:\DOCUME~1\BENJAM~1\LOCALS~1\Temp\pwdyapod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

_____________________________



DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Benjamin Provost at 7:42:58 on 2011-12-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.178 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [Ulead AutoDetector] c:\program files\common files\ulead systems\autodetector\Monitor.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\benjam~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\benjamin provost\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233443543359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: ulbrnii - c:\documents and settings\networkservice\local settings\application data\ulbrnii.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\benjamin provost\application data\mozilla\firefox\profiles\a68qhmyu.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 67656]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-25 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-28 22712]
S0 obhrm;obhrm;c:\windows\system32\drivers\kmklhag.sys --> c:\windows\system32\drivers\kmklhag.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Messenger32;Messenger ;c:\windows\system32\psnppagn32.exe --> c:\windows\system32\psnppagn32.exe [?]
S3 55607597;55607597; [x]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-4-14 20608]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-4-12 14336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2009-6-1 73464]
.
=============== Created Last 30 ================
.
2011-12-27 19:40:58 -------- d-----w- C:\backups
2011-12-23 18:54:46 1205 ----a-w- C:\FixNCR.reg
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 7:45:01.16 ===============



DDS Attach


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/31/2005 6:46:57 PM
System Uptime: 12/27/2011 1:33:14 PM (18 hours ago)
.
Motherboard: Dell Computer Corp. | | 0TC666
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2794/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 15.585 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\80098F56D100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\80098F56D100
Service: NIC1394
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTSSTCORP_DVD-ROM_TS-H352C_______________DE02____\5&145A0A8F&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp DVD-ROM TS-H352C
PNP Device ID: IDE\CDROMTSSTCORP_DVD-ROM_TS-H352C_______________DE02____\5&145A0A8F&0&0.0.0
Service: cdrom
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROM_NEC_DVD+-RW_ND-3530A___________________102B____\5&145A0A8F&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: _NEC DVD+-RW ND-3530A
PNP Device ID: IDE\CDROM_NEC_DVD+-RW_ND-3530A___________________102B____\5&145A0A8F&0&0.1.0
Service: cdrom
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
ABBYY FineReader 5.0 Sprint Plus
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.8
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlueJ 2.2.1
BOClean
Bonjour
CCleaner (remove only)
Dell Driver Reset Tool
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
DellSupport
Download Updater (AOL LLC)
Dropbox
Finale NotePad 2011
Foxit Reader
Git version 1.7.3.1-preview20101002
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Java(TM) 6 Update 15
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server 2008 Management Objects
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Notepad++
PowerDVD 5.5
QuickTime
Ruby 1.8.7-p330
SBC Self Support Tool
SBC Yahoo! Applications
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sibelius Scorch (Firefox, Opera, Netscape only)
Sonic Copy Module
Sonic DLA
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Live! 24-bit
Spybot - Search & Destroy
SpywareBlaster 4.2
SQL Server System CLR Types
Steam
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.7
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
ZyDAS IEEE 802.11 b+g Wireless LAN - USB
.
==== Event Viewer Messages From Past Week ========
.
12/28/2011 7:42:27 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/27/2011 1:33:49 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/25/2011 1:43:43 PM, error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
12/24/2011 12:59:34 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80563bdc, parameter3 ef30cc74, parameter4 00000000.
12/24/2011 10:31:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
12/24/2011 10:31:03 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/23/2011 9:50:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/23/2011 8:50:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/23/2011 7:50:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/23/2011 6:50:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/23/2011 5:50:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/23/2011 4:50:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
12/23/2011 3:50:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
12/23/2011 2:50:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
12/23/2011 12:50:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
12/23/2011 12:50:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
12/23/2011 11:50:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/23/2011 11:09:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi
12/23/2011 1:50:02 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
12/23/2011 1:46:23 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/23/2011 1:46:17 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/23/2011 1:44:30 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 00132079F239 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/23/2011 1:38:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/23/2011 1:19:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Cdrom eeCtrl Fips Imapi intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip
12/23/2011 1:19:00 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/23/2011 1:19:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/23/2011 1:19:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/23/2011 1:19:00 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/23/2011 1:19:00 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/23/2011 1:15:34 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/22/2011 9:50:01 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
12/22/2011 8:50:01 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
12/22/2011 7:54:12 AM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
12/22/2011 7:54:04 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/22/2011 7:53:43 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
12/22/2011 7:50:01 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
12/22/2011 6:50:01 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
12/22/2011 5:51:42 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2011 5:50:05 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
12/22/2011 4:50:01 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
12/22/2011 3:50:04 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
12/22/2011 2:50:04 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
12/22/2011 11:50:01 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
12/22/2011 10:50:01 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
12/22/2011 10:50:01 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/22/2011 1:50:01 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
12/21/2011 5:13:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection service to connect.
12/21/2011 5:12:38 PM, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
12/21/2011 5:12:38 PM, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/21/2011 4:57:48 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

I don't see any AV program running.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

=============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Comodo

Malware@#1r4yvz03smbml C:\WINDOWS\system32\drivers\netbt.sys

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{318abf95-4328-43d1-a895-80e224d6dea1}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{6587d3ff-6c6f-433a-b2a7-0a3b81c0b2a2}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{6d21de27-412c-42b5-ae36-91ad1db56a53}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{8bd93653-ba44-42ad-adb6-cb350f99fafb}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{97e2d6d6-b838-4dcf-b33b-ab7139d17faa}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#1vtt4cxu408y6 C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{d6682c09-080a-47ea-8dd9-81c398720124}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{fdfd62c8-f566-4b4f-9836-2b5dc52cf654}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{318abf95-4328-43d1-a895-80e224d6dea1}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{6587d3ff-6c6f-433a-b2a7-0a3b81c0b2a2}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{6d21de27-412c-42b5-ae36-91ad1db56a53}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{8bd93653-ba44-42ad-adb6-cb350f99fafb}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{97e2d6d6-b838-4dcf-b33b-ab7139d17faa}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#1vtt4cxu408y6 C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{d6682c09-080a-47ea-8dd9-81c398720124}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\chk90nll.default\extensions\{fdfd62c8-f566-4b4f-9836-2b5dc52cf654}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{318abf95-4328-43d1-a895-80e224d6dea1}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{6587d3ff-6c6f-433a-b2a7-0a3b81c0b2a2}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{6d21de27-412c-42b5-ae36-91ad1db56a53}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{8bd93653-ba44-42ad-adb6-cb350f99fafb}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{97e2d6d6-b838-4dcf-b33b-ab7139d17faa}\chrome\xulcache.jar.vir|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Qoobox\Quarantine\C\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{fdfd62c8-f566-4b4f-9836-2b5dc52cf654}\chrome\xulcache.jar.vir|content/overlay.xul

Suspicious@#279kkscfgbj4a C:\MGtools.exe

Suspicious@#u9phuzvzboiw C:\Documents and Settings\Benjamin Provost\Desktop\dds.scr

TrojWare.Win32.Agent2.crpw@183928559 C:\Documents and Settings\Benjamin Provost\Desktop\iExplore.exe|UPX|Unsfx|nird\iexplore.exe

TrojWare.Win32.Agent2.crpw@183928559 C:\Documents and Settings\Benjamin Provost\Desktop\iExplore.exe|UPX|Unsfx|nircmd.exe

TrojWare.Win32.Agent2.crpw@183928559 C:\Documents and Settings\Benjamin Provost\Desktop\iExplore.exe|UPX|Unsfx|userinit.exe

TrojWare.Win32.Agent2.crpw@183928559 C:\Documents and Settings\Benjamin Provost\Desktop\iExplore.exe|UPX|Unsfx|winlogon.exe

TrojWare.Win32.Agent2.crpw@183928559 C:\Documents and Settings\Benjamin Provost\Desktop\iExplore.exe|Unsfx|nird\iexplore.exe

TrojWare.Win32.Agent2.crpw@183928559 C:\Documents and Settings\Benjamin Provost\Desktop\iExplore.exe|Unsfx|nircmd.exe

Malware@#p9wccg5lkeqo C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\Cache\0\E3\85E8Ad01

TrojWare.Win32.Agent2.crpw@183928559 C:\Documents and Settings\Benjamin Provost\Desktop\iExplore.exe|Unsfx|userinit.exe

TrojWare.Win32.Agent2.crpw@183928559 C:\Documents and Settings\Benjamin Provost\Desktop\iExplore.exe|Unsfx|winlogon.exe

Malware@#2eh3h4eyj4tkx C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{318abf95-4328-43d1-a895-80e224d6dea1}\chrome\xulcache.jar|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{6d21de27-412c-42b5-ae36-91ad1db56a53}\chrome\xulcache.jar|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{6587d3ff-6c6f-433a-b2a7-0a3b81c0b2a2}\chrome\xulcache.jar|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{97e2d6d6-b838-4dcf-b33b-ab7139d17faa}\chrome\xulcache.jar|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{8bd93653-ba44-42ad-adb6-cb350f99fafb}\chrome\xulcache.jar|content/overlay.xul

Malware@#2eh3h4eyj4tkx C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{fdfd62c8-f566-4b4f-9836-2b5dc52cf654}\chrome\xulcache.jar|content/overlay.xul

Malware@#1vtt4cxu408y6 C:\Documents and Settings\Jeanne Provost\Application Data\Mozilla\Firefox\Profiles\b40srrj2.default\extensions\{d6682c09-080a-47ea-8dd9-81c398720124}\chrome\xulcache.jar|content/overlay.xul

Malware@#1vtt4cxu408y6 C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\extensions\{d6682c09-080a-47ea-8dd9-81c398720124}\chrome\xulcache.jar|content/overlay.xul

Malware@#2g57c423v8ahp C:\Documents and Settings\TEMP\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\Cache\C2152591d01|UPX|Unsfx|32788R22FWJFW\ComboFix-Download.cfexe

Malware@#2qewi05f9b88o C:\Documents and Settings\TEMP\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\Cache\C2152591d01|UPX|Unsfx|32788R22FWJFW\psexec.cfexe

Malware@#2g57c423v8ahp C:\Documents and Settings\TEMP\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\Cache\C2152591d01|Unsfx|32788R22FWJFW\ComboFix-Download.cfexe

Malware@#2qewi05f9b88o C:\Documents and Settings\TEMP\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0acyy1t.default\Cache\C2152591d01|Unsfx|32788R22FWJFW\psexec.cfexe



aswmbr

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-30 09:18:15
-----------------------------
09:18:15.546 OS Version: Windows 5.1.2600 Service Pack 3
09:18:15.546 Number of processors: 1 586 0x401
09:18:15.546 ComputerName: D9L71B81 UserName:
09:19:48.390 Initialze error C0000034 - driver not loaded
09:19:58.984 write error "aswEngin.dll". The process cannot access the file because it is being used by another process.
09:38:37.031 AVAST engine defs: 11123000
09:39:16.546 Service scanning
09:39:32.015 Service .ipsec \* **LOCKED** 123
09:39:32.578 Service .redbook \* **LOCKED** 123
09:40:09.125 Modules scanning
09:40:09.406 Disk 0 trace - called modules:
09:40:09.468
09:40:39.203 AVAST engine scan C:\WINDOWS
09:41:24.468 AVAST engine scan C:\WINDOWS\system32
09:51:56.968 AVAST engine scan C:\WINDOWS\system32\drivers
09:52:39.468 AVAST engine scan C:\Documents and Settings\Benjamin Provost
10:09:50.546 AVAST engine scan C:\Documents and Settings\All Users
10:10:36.937 Scan finished successfully
10:17:07.078 The log file has been saved successfully to "C:\Documents and Settings\Benjamin Provost\Desktop\aswMBR.txt"
 
I had to run aswMBR twice because it crashed the computer the first time around.
Attaching the combofix log because it's too big to paste into a comment.
 

Attachments

  • ComboFix.txt
    73.5 KB · Views: 0
ComboFix 11-12-29.05 - Benjamin Provost 12/31/2011 13:36:16.3.1 - x86
Running from: c:\documents and settings\Benjamin Provost\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\NetworkService\Local Settings\Application Data\ulbrnii.dll
c:\windows\SET4B9.tmp
c:\windows\SET55E.tmp
c:\windows\settings.reg
c:\windows\system32\SET123E.tmp
c:\windows\system32\SET1241.tmp
c:\windows\system32\SET1246.tmp
c:\windows\system32\SET1278.tmp
c:\windows\system32\SET12E3.tmp
c:\windows\system32\SET12E6.tmp
c:\windows\system32\SET12EB.tmp
c:\windows\system32\SET131D.tmp
c:\windows\system32\SET144.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET147.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET14B.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET153.tmp
c:\windows\system32\SET156.tmp
c:\windows\system32\SET15B.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET160.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET165.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET168.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET175.tmp
c:\windows\system32\SET178.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET18A.tmp
c:\windows\system32\SET18B.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET197.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19A.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET1A0.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A6.tmp
c:\windows\system32\SET1A7.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AF.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B5.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1BE.tmp
c:\windows\system32\SET1BF.tmp
c:\windows\system32\SET1C0.tmp
c:\windows\system32\SET1C1.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET1D1.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1DE.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1E8.tmp
c:\windows\system32\SET1E9.tmp
c:\windows\system32\SET1EC.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\system32\SET1F1.tmp
c:\windows\system32\SET1F2.tmp
c:\windows\system32\SET1F3.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F5.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET1F8.tmp
c:\windows\system32\SET1F9.tmp
c:\windows\system32\SET1FC.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20A.tmp
c:\windows\system32\SET20C.tmp
c:\windows\system32\SET20D.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET211.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET214.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET21A.tmp
c:\windows\system32\SET21C.tmp
c:\windows\system32\SET21D.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET21F.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET222.tmp
c:\windows\system32\SET224.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET22B.tmp
c:\windows\system32\SET22D.tmp
c:\windows\system32\SET22E.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET230.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET233.tmp
c:\windows\system32\SET234.tmp
c:\windows\system32\SET237.tmp
c:\windows\system32\SET238.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23F.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET241.tmp
c:\windows\system32\SET243.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET24C.tmp
c:\windows\system32\SET24D.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET255.tmp
c:\windows\system32\SET256.tmp
c:\windows\system32\SET257.tmp
c:\windows\system32\SET258.tmp
c:\windows\system32\SET259.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25E.tmp
c:\windows\system32\SET263.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET26E.tmp
c:\windows\system32\SET26F.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET274.tmp
c:\windows\system32\SET276.tmp
c:\windows\system32\SET278.tmp
c:\windows\system32\SET279.tmp
c:\windows\system32\SET27A.tmp
c:\windows\system32\SET27B.tmp
c:\windows\system32\SET27D.tmp
c:\windows\system32\SET27E.tmp
c:\windows\system32\SET280.tmp
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\system32\dllcache\cdrom.sys
.
 
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.ipsec
-------\Service_.redbook
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 19:17 . 2008-04-14 05:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-31 19:17 . 2008-04-14 05:10 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2011-12-29 02:34 . 2011-12-30 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2011-12-29 01:23 . 2011-12-29 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-12-29 01:21 . 2011-12-29 01:21 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-12-27 20:10 . 2011-12-27 20:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-27 19:40 . 2011-12-27 19:40 -------- d-----w- C:\backups
2011-12-23 18:54 . 2011-11-09 06:32 1205 ----a-w- C:\FixNCR.reg
2011-12-19 23:59 . 2011-12-19 23:59 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 23:59 . 2011-12-19 23:59 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 23:59 . 2011-12-19 23:59 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 23:59 . 2011-12-19 23:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 23:58 . 2011-12-19 23:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\system32\guard32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-07-28 07:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-27 16:15 . 2009-04-10 20:37 273824 ----a-w- C:\MGlogs.zip
2011-11-23 13:25 . 2009-04-14 20:10 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2009-04-13 04:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2009-04-13 04:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2009-04-13 04:18 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2009-04-13 04:20 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-04-13 04:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-04-14 20:10 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2009-04-14 20:10 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2009-04-14 20:10 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-10 14:22 . 2009-04-13 04:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2009-11-24 17:14 . 2009-11-24 17:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 16:10 . 2009-11-28 16:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-11-10 21:41 . 2011-05-12 04:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-15 221184]
"Ulead AutoDetector"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
.
c:\documents and settings\Benjamin Provost\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-12-26 20:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=19918014261.CPX
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Benjamin Provost\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Ruby187\\bin\\ruby.exe"=
"c:\\Program Files\\Steam\\steamapps\\pianosaurus\\mass effect trailer\\smp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\chime\\Chime.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1030:TCP"= 1030:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [12/19/2011 6:59 PM 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [12/19/2011 6:59 PM 494816]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 9:05 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 67656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/28/2011 2:53 AM 20464]
S0 obhrm;obhrm;c:\windows\system32\drivers\kmklhag.sys --> c:\windows\system32\drivers\kmklhag.sys [?]
S3 55607597;55607597; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 12872]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{1D732B4C-69FE-4DB7-A1FD-D1898D7042A1}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D8056995-A140-4724-BC62-8F78DC7D4C91}: NameServer = 8.26.56.26,156.154.70.22
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Aim - c:\program files\AIM\aim.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 14:28
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(580)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(496)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\COMODO\COMODO GeekBuddy\CLPS.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-12-31 15:00:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-31 20:00
ComboFix2.txt 2011-09-09 17:52
ComboFix3.txt 2011-08-02 04:40
ComboFix4.txt 2011-07-30 15:37
.
Pre-Run: 16,327,667,712 bytes free
Post-Run: 16,478,818,304 bytes free
.
- - End Of File - - 815D8BCB5302487C8EC277EDD41AD371
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\drivers\kmklhag.sys

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\User Data\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]

Driver::
obhrm
55607597

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Seperatin' it into two posts again:


ComboFix 12-01-01.06 - Benjamin Provost 01/02/2012 0:34.4.1 - x86
Running from: c:\documents and settings\Benjamin Provost\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Benjamin Provost\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
FILE ::
"c:\windows\system32\drivers\kmklhag.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET281.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET28F.tmp
c:\windows\system32\SET290.tmp
c:\windows\system32\SET291.tmp
c:\windows\system32\SET294.tmp
c:\windows\system32\SET296.tmp
c:\windows\system32\SET297.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A5.tmp
c:\windows\system32\SET2A6.tmp
c:\windows\system32\SET2A7.tmp
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2A9.tmp
c:\windows\system32\SET2AA.tmp
c:\windows\system32\SET2AB.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2D0.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D4.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DB.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E1.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2E8.tmp
c:\windows\system32\SET2E9.tmp
c:\windows\system32\SET2EA.tmp
c:\windows\system32\SET2EB.tmp
c:\windows\system32\SET2ED.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F6.tmp
c:\windows\system32\SET2F7.tmp
c:\windows\system32\SET2F9.tmp
c:\windows\system32\SET2FA.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET303.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET305.tmp
c:\windows\system32\SET307.tmp
c:\windows\system32\SET309.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SET30B.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET317.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET31B.tmp
c:\windows\system32\SET31C.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET31E.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET320.tmp
c:\windows\system32\SET321.tmp
c:\windows\system32\SET323.tmp
c:\windows\system32\SET325.tmp
c:\windows\system32\SET328.tmp
c:\windows\system32\SET329.tmp
c:\windows\system32\SET32A.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET331.tmp
c:\windows\system32\SET334.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33C.tmp
c:\windows\system32\SET33E.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET340.tmp
c:\windows\system32\SET341.tmp
c:\windows\system32\SET342.tmp
c:\windows\system32\SET344.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\SET34C.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\SET351.tmp
c:\windows\system32\SET353.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET35A.tmp
c:\windows\system32\SET35C.tmp
c:\windows\system32\SET35E.tmp
c:\windows\system32\SET35F.tmp
c:\windows\system32\SET360.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET362.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET364.tmp
c:\windows\system32\SET365.tmp
c:\windows\system32\SET367.tmp
c:\windows\system32\SET369.tmp
 
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_55607597
-------\Service_55607597
-------\Service_obhrm
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2011-12-31 19:17 . 2008-04-14 05:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-31 19:17 . 2008-04-14 05:10 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2011-12-29 02:34 . 2011-12-30 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2011-12-29 02:32 . 2012-01-02 06:19 151089 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-12-29 01:23 . 2011-12-29 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-12-29 01:21 . 2011-12-29 01:21 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-12-27 20:10 . 2011-12-27 20:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-27 19:40 . 2011-12-27 19:40 -------- d-----w- C:\backups
2011-12-23 18:54 . 2011-11-09 06:32 1205 ----a-w- C:\FixNCR.reg
2011-12-19 23:59 . 2011-12-19 23:59 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 23:59 . 2011-12-19 23:59 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 23:59 . 2011-12-19 23:59 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 23:59 . 2011-12-19 23:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 23:58 . 2011-12-19 23:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\system32\guard32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-07-28 07:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-27 16:15 . 2009-04-10 20:37 273824 ----a-w- C:\MGlogs.zip
2011-11-23 13:25 . 2009-04-14 20:10 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2009-04-13 04:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2009-04-13 04:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2009-04-13 04:18 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2009-04-13 04:20 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-04-13 04:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-04-14 20:10 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2009-04-14 20:10 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2009-04-14 20:10 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-10 14:22 . 2009-04-13 04:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2009-11-24 17:14 . 2009-11-24 17:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 16:10 . 2009-11-28 16:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-11-10 21:41 . 2011-05-12 04:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-15 221184]
"Ulead AutoDetector"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-12-26 20:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=19918014261.CPX
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Benjamin Provost\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Ruby187\\bin\\ruby.exe"=
"c:\\Program Files\\Steam\\steamapps\\pianosaurus\\mass effect trailer\\smp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\chime\\Chime.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1030:TCP"= 1030:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Messenger32;Messenger ;c:\windows\system32\psnppagn32.exe [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-12-26 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe [2008-07-14 73464]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-12-19 18056]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-12-19 494816]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-12-26 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-12-26 67656]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{1D732B4C-69FE-4DB7-A1FD-D1898D7042A1}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D8056995-A140-4724-BC62-8F78DC7D4C91}: NameServer = 8.26.56.26,156.154.70.22
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-02 01:23
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(324)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(488)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\COMODO\COMODO GeekBuddy\CLPS.exe
c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-01-02 02:01:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-02 07:01
ComboFix2.txt 2011-12-31 20:00
ComboFix3.txt 2011-09-09 17:52
ComboFix4.txt 2011-08-02 04:40
ComboFix5.txt 2012-01-02 05:21
.
Pre-Run: 16,130,568,192 bytes free
Post-Run: 16,150,859,776 bytes free
.
- - End Of File - - 2A36BE3133EE32FC5551B294128F33AF
 
This computer is better, the redirect is gone and no other viruses/trojans have popped up (like the windows xp security 2012 one I had to uninstall 3 times). The system still freezes occasionally though.

Like the first time, I had to run aswMBR twice because the first time it crashed the system.

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2012-01-04 14:40:59
-----------------------------
14:40:59.187 OS Version: Windows 5.1.2600 Service Pack 3
14:40:59.187 Number of processors: 1 586 0x401
14:40:59.187 ComputerName: D9L71B81 UserName:
14:41:03.859 Initialize success
14:41:36.734 AVAST engine defs: 12010401
14:42:07.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:42:07.312 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
14:42:07.343 Disk 0 MBR read successfully
14:42:07.343 Disk 0 MBR scan
14:42:07.468 Disk 0 unknown MBR code
14:42:07.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:42:07.578 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71390 MB offset 80325
14:42:07.625 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4855 MB offset 146287890
14:42:07.687 Disk 0 scanning sectors +156232125
14:42:07.859 Disk 0 scanning C:\WINDOWS\system32\drivers
14:44:02.234 Service scanning
14:44:10.046 Modules scanning
14:44:44.609 Module: C:\WINDOWS\system32\dla\tfsndres.sys **SUSPICIOUS**
14:44:48.625 Disk 0 trace - called modules:
14:44:48.640 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
14:44:48.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8337fab8]
14:44:48.656 3 CLASSPNP.SYS[f86f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x833a4b00]
14:44:50.796 AVAST engine scan C:\WINDOWS
14:45:17.718 AVAST engine scan C:\WINDOWS\system32
15:03:31.640 AVAST engine scan C:\WINDOWS\system32\drivers
15:05:21.781 AVAST engine scan C:\Documents and Settings\Benjamin Provost
15:42:46.281 AVAST engine scan C:\Documents and Settings\All Users
15:45:07.750 Scan finished successfully
16:09:23.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Benjamin Provost\Desktop\MBR.dat"
16:09:23.781 The log file has been saved successfully to "C:\Documents and Settings\Benjamin Provost\Desktop\aswMBR.txt"
 
Good news :)

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\system32\dla\tfsndres.sys
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

==============================================================

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\User Data\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Here's the virus total scan, I'll run the combofix script and post the results as soon as that finishes.

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
AhnLab-V3 2012.01.08.00 2012.01.08 -
AntiVir 7.11.20.196 2012.01.09 -
Antiy-AVL 2.0.3.7 2012.01.09 -
Avast 6.0.1289.0 2012.01.08 -
AVG 10.0.0.1190 2012.01.09 -
BitDefender 7.2 2012.01.09 -
ByteHero 1.0.0.1 2011.12.31 -
CAT-QuickHeal 12.00 2012.01.09 -
ClamAV 0.97.3.0 2012.01.09 -
Commtouch 5.3.2.6 2012.01.07 -
Comodo 11218 2012.01.09 -
DrWeb 5.0.2.03300 2012.01.09 -
Emsisoft 5.1.0.11 2012.01.09 -
eSafe 7.0.17.0 2012.01.08 -
eTrust-Vet 37.0.9668 2012.01.06 -
F-Prot 4.6.5.141 2012.01.07 -
F-Secure 9.0.16440.0 2012.01.09 -
Fortinet 4.3.388.0 2012.01.09 -
GData 22 2012.01.09 -
Ikarus T3.1.1.109.0 2012.01.09 -
Jiangmin 13.0.900 2012.01.08 -
K7AntiVirus 9.123.5881 2012.01.06 -
Kaspersky 9.0.0.837 2012.01.09 -
McAfee 5.400.0.1158 2012.01.09 -
McAfee-GW-Edition 2010.1E 2012.01.08 -
Microsoft 1.7903 2012.01.09 -
NOD32 6777 2012.01.09 -
Norman 6.07.13 2012.01.08 -
nProtect 2012-01-09.01 2012.01.09 -
Panda 10.0.3.5 2012.01.08 -
PCTools 8.0.0.5 2012.01.09 -
Prevx 3.0 2012.01.09 -
Rising 23.92.00.02 2012.01.09 -
Sophos 4.73.0 2012.01.09 -
SUPERAntiSpyware 4.40.0.1006 2012.01.07 -
Symantec 20111.2.0.82 2012.01.09 -
TheHacker 6.7.0.1.373 2012.01.08 -
TrendMicro 9.500.0.1008 2012.01.09 -
TrendMicro-HouseCall 9.500.0.1008 2012.01.09 -
VBA32 3.12.16.4 2012.01.06 -
VIPRE 11372 2012.01.09 -
ViRobot 2012.1.9.4870 2012.01.09 -
VirusBuster 14.1.157.0 2012.01.08 -

MD5 : d8ddb3f2b1bef15cff6728d89c042c61
SHA1 : 98e7400a71e894f0caa473aabdb5cbc439cece87
SHA256: 61e1ee3ceb5b1b2234e1187086cdad7450e6b69058264f3c30f73f65e05c0f05
ssdeep: 48:63amjkq1ELYvOkoNWxjF5wx9iWS6N2hKwAR9mz:kzE+rjFWtN1w5
File size : 2241 bytes
First seen: 2009-06-17 18:28:17
Last seen : 2012-01-09 08:01:58
TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Sonic Solutions
copyright....: Copyright (c) 2004 Sonic Solutions
product......: n/a
description..: Drive Letter Access Component
original name: n/a
internal name: n/a
file version.: 1.04.08a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x358
timedatestamp....: 0x429CEA1D (Tue May 31 22:50:05 2005)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x300, 0x64, 0x80, 4.85, bb6e17d774ff8f98e3d747ee62fb53db
.rdata, 0x380, 0x2C, 0x40, 1.14, 300eac3ecfe47a0ba2c7dd1f31c8d84d
.data, 0x3C0, 0xFC, 0x100, 4.19, 05094971604a561839ee83f353c40a89
.edata, 0x4C0, 0x4B, 0x60, 2.94, d108e1f7b190b847c8a7af6d7584b26c
INIT, 0x520, 0x48, 0x60, 1.96, 73e2fb05b4c61616b8968dc9b03b75bf
.rsrc, 0x580, 0x2B0, 0x2C0, 3.06, 7d11204981ca59c996f7834001a27908
.reloc, 0x840, 0x2C, 0x40, 2.95, 97606150d21c767ab8f512279591087a

[[ 1 import(s) ]]
ssrtln.sys: mbstowcs

[[ 1 export(s) ]]
LoadStringW
ExifTool:
file metadata
BuildName: TFSDLA40
CharacterSet: Unicode
CodeSize: 224
CompanyName: Sonic Solutions
EntryPoint: 0x0358
FileDescription: Drive Letter Access Component
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 2.2 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1.04.08a
FileVersionNumber: 1.4.8.0
ImageVersion: 4.0
InitializedDataSize: 1184
LanguageCode: English (U.S.)
LegalCopyright: Copyright 2004 Sonic Solutions
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
PEType: PE32
ProductVersionNumber: 1.0.0.1
Subsystem: Native
SubsystemVersion: 4.0
TimeStamp: 2005:06:01 00:50:05+02:00
UninitializedDataSize: 0
 
Because that didn't take forever.

ComboFix 12-01-09.03 - Benjamin Provost 01/09/2012 13:58:13.5.1 - x86
Running from: c:\documents and settings\Benjamin Provost\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Benjamin Provost\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET36E.tmp
c:\windows\system32\SET372.tmp
c:\windows\system32\SET375.tmp
c:\windows\system32\SET377.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET37D.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET380.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET391.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET3A1.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3A8.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3AC.tmp
c:\windows\system32\SET3AD.tmp
c:\windows\system32\SET3AE.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3B2.tmp
c:\windows\system32\SET3B6.tmp
c:\windows\system32\SET3B9.tmp
c:\windows\system32\SET3BB.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3C1.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C7.tmp
c:\windows\system32\SET3CC.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\system32\SET3D1.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET3D3.tmp
c:\windows\system32\SET3D4.tmp
c:\windows\system32\SET3D5.tmp
c:\windows\system32\SET3D6.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3FC.tmp
c:\windows\system32\SET3FD.tmp
c:\windows\system32\SET402.tmp
c:\windows\system32\SET415.tmp
c:\windows\system32\SET41E.tmp
c:\windows\system32\SET41F.tmp
c:\windows\system32\SET420.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET424.tmp
c:\windows\system32\SET425.tmp
c:\windows\system32\SET427.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET42C.tmp
c:\windows\system32\SET430.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET432.tmp
c:\windows\system32\SET433.tmp
c:\windows\system32\SET434.tmp
c:\windows\system32\SET435.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET437.tmp
c:\windows\system32\SET439.tmp
c:\windows\system32\SET43B.tmp
c:\windows\system32\SET43C.tmp
c:\windows\system32\SET43E.tmp
c:\windows\system32\SET441.tmp
c:\windows\system32\SET443.tmp
c:\windows\system32\SET444.tmp
c:\windows\system32\SET447.tmp
c:\windows\system32\SET448.tmp
c:\windows\system32\SET449.tmp
c:\windows\system32\SET44B.tmp
c:\windows\system32\SET451.tmp
c:\windows\system32\SET452.tmp
c:\windows\system32\SET458.tmp
c:\windows\system32\SET45D.tmp
c:\windows\system32\SET460.tmp
c:\windows\system32\SET463.tmp
c:\windows\system32\SET464.tmp
c:\windows\system32\SET465.tmp
c:\windows\system32\SET467.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET469.tmp
c:\windows\system32\SET46A.tmp
c:\windows\system32\SET46B.tmp
c:\windows\system32\SET46D.tmp
c:\windows\system32\SET470.tmp
c:\windows\system32\SET471.tmp
c:\windows\system32\SET475.tmp
c:\windows\system32\SET476.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47B.tmp
c:\windows\system32\SET480.tmp
c:\windows\system32\SET481.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET485.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET489.tmp
c:\windows\system32\SET48B.tmp
c:\windows\system32\SET48D.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET4A2.tmp
c:\windows\system32\SET4C1.tmp
c:\windows\system32\SET4CE.tmp
c:\windows\system32\SET4D5.tmp
c:\windows\system32\SET4D6.tmp
c:\windows\system32\SET4D7.tmp
c:\windows\system32\SET4D9.tmp
c:\windows\system32\SET4DA.tmp
c:\windows\system32\SET4DB.tmp
c:\windows\system32\SET4DE.tmp
c:\windows\system32\SET4E0.tmp
c:\windows\system32\SET4E1.tmp
c:\windows\system32\SET4E3.tmp
c:\windows\system32\SET4E6.tmp
c:\windows\system32\SET4E8.tmp
c:\windows\system32\SET4ED.tmp
c:\windows\system32\SET4EE.tmp
c:\windows\system32\SET4F6.tmp
c:\windows\system32\SET4FD.tmp
c:\windows\system32\SET502.tmp
c:\windows\system32\SET505.tmp
c:\windows\system32\SET508.tmp
c:\windows\system32\SET50A.tmp
c:\windows\system32\SET50E.tmp
c:\windows\system32\SET510.tmp
c:\windows\system32\SET515.tmp
c:\windows\system32\SET516.tmp
c:\windows\system32\SET51A.tmp
c:\windows\system32\SET51B.tmp
c:\windows\system32\SET51E.tmp
c:\windows\system32\SET520.tmp
c:\windows\system32\SET525.tmp
c:\windows\system32\SET528.tmp
c:\windows\system32\SET52A.tmp
c:\windows\system32\SET52D.tmp
c:\windows\system32\SET530.tmp
c:\windows\system32\SET532.tmp
c:\windows\system32\SET632.tmp
 
.
.
((((((((((((((((((((((((( Files Created from 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))))
.
.
2012-01-07 22:46 . 2012-01-07 22:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-07 22:46 . 2012-01-07 22:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 22:46 . 2012-01-07 22:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 22:46 . 2012-01-07 22:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-03 23:31 . 2012-01-03 23:31 -------- d-----w- C:\VritualRoot
2011-12-31 19:17 . 2008-04-14 05:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-31 19:17 . 2008-04-14 05:10 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2011-12-29 02:34 . 2011-12-30 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2011-12-29 02:32 . 2012-01-09 04:04 151089 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-12-29 01:23 . 2011-12-29 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-12-29 01:21 . 2011-12-29 01:21 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-12-27 20:10 . 2011-12-27 20:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-27 19:40 . 2011-12-27 19:40 -------- d-----w- C:\backups
2011-12-23 18:54 . 2011-11-09 06:32 1205 ----a-w- C:\FixNCR.reg
2011-12-19 23:59 . 2011-12-19 23:59 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 23:59 . 2011-12-19 23:59 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 23:59 . 2011-12-19 23:59 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 23:59 . 2011-12-19 23:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 23:58 . 2011-12-19 23:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\system32\guard32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-07-28 07:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2009-04-14 20:10 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2009-04-13 04:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2009-04-13 04:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2009-04-13 04:18 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2009-04-13 04:20 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-04-13 04:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-04-14 20:10 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2009-04-14 20:10 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2009-04-14 20:10 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-24 17:14 . 2009-11-24 17:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 16:10 . 2009-11-28 16:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-01-07 22:46 . 2011-05-12 04:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-09_17.29.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-09 04:04 . 2012-01-09 04:04 16384 c:\windows\temp\Perflib_Perfdata_5b8.dat
- 2009-04-13 04:20 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
+ 2009-04-13 04:20 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2004-08-19 20:49 . 2011-09-26 15:41 20480 c:\windows\system32\oleaccrc.dll
- 2009-04-13 04:18 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2009-04-13 04:18 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-04-13 04:19 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
- 2009-04-13 04:19 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
+ 2011-08-31 03:05 . 2011-08-31 03:05 50536 c:\windows\system32\jdns_sd.dll
+ 2011-10-27 00:19 . 2011-08-02 21:38 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys
+ 2011-10-27 00:20 . 2011-08-02 21:38 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2011-10-27 00:36 . 2009-05-18 17:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2011-10-27 00:36 . 2009-05-18 17:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2011-08-31 03:05 . 2011-08-31 03:05 73064 c:\windows\system32\dnssd.dll
+ 2011-08-31 03:05 . 2011-08-31 03:05 83816 c:\windows\system32\dns-sd.exe
+ 2009-06-11 20:16 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-11 20:16 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-19 20:49 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2009-03-08 08:31 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-08 08:31 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-30 21:42 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-10-30 21:42 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 08:34 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 08:34 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 08:33 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-09-13 04:36 . 2012-01-09 04:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-31 22:38 . 2011-09-06 04:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-31 22:38 . 2012-01-09 04:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-06-25 04:10 . 2012-01-09 04:06 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-06-25 04:10 . 2009-11-04 13:28 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-08-09 00:08 . 2011-09-06 04:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-09-13 04:36 . 2012-01-09 04:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-04-12 19:11 . 2011-04-12 19:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-07-08 18:00 . 2011-07-08 18:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-07-07 16:04 . 2011-07-07 16:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-07-07 16:04 . 2011-07-07 16:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-07-07 16:03 . 2011-07-07 16:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-07-07 17:09 . 2011-07-07 17:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-07-07 17:09 . 2011-07-07 17:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2004-08-19 21:02 . 2011-07-05 19:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-08-19 21:02 . 2009-06-24 02:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-08-19 21:02 . 2011-07-05 19:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2004-08-19 21:02 . 2009-06-24 02:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2009-04-13 04:20 . 2011-07-06 13:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2009-04-13 04:20 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2009-04-13 04:20 . 2011-07-06 13:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2009-04-13 04:20 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2011-08-09 23:29 . 2011-08-09 23:29 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-08-09 23:27 . 2011-08-09 23:27 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-10-27 00:24 . 2011-10-27 00:24 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2011-12-14 08:32 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
+ 2011-10-14 06:14 . 2011-10-14 06:14 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_841ecdf8\System.Drawing.Design.dll
+ 2011-10-14 06:14 . 2011-10-14 06:14 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7a34358c\CustomMarshalers.dll
+ 2011-10-14 06:16 . 2011-10-14 06:16 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_f89cb585\System.Drawing.Design.dll
+ 2011-10-14 06:16 . 2011-10-14 06:16 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_940e3179\CustomMarshalers.dll
+ 2011-10-14 06:36 . 2011-10-14 06:36 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\6f4a1ba24dffa86dd2a2ab8127e0b16d\UIAutomationProvider.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\bceea12ce16311f31b0f1cd8cadd4d75\System.Xaml.Hosting.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\f45abd2caa9f93bb60ce92de6a885d6e\System.Windows.Presentation.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\3447b1ea4537dd7a1b7796efb935f4b0\System.Web.Routing.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\56b89939136999a2d8de62d8ac3334a7\System.Web.DynamicData.Design.ni.dll
+ 2011-10-14 06:35 . 2011-10-14 06:35 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\c15f4190f96acf9b328fa3645c2063ea\System.Web.ApplicationServices.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\5dd4316500d6e940dfed628463fe4595\System.Web.Abstractions.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e97547ed8d34e96b9d5836ea04b28c26\System.ServiceModel.Channels.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6ab752f8ab98f09615768a90d50593c1\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2011-10-14 22:11 . 2011-10-14 22:11 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\b811cdf42feaf9a32408b03ab1c4e2d5\System.AddIn.Contract.ni.dll
+ 2011-10-14 06:33 . 2011-10-14 06:33 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\0ee0c4233a9eb5099ad58fcbfbca220b\Microsoft.Workflow.Compiler.ni.exe
+ 2011-10-14 06:33 . 2011-10-14 06:33 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\cfba497fc860b32b8d895f57bf148aa7\Microsoft.VisualC.ni.dll
+ 2011-10-14 06:30 . 2011-10-14 06:30 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\1f368300314889ee35325be9f80ef1c3\Accessibility.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2011-10-14 22:10 . 2011-10-14 22:10 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2011-10-14 21:15 . 2011-10-14 21:15 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
+ 2011-10-14 21:14 . 2011-10-14 21:14 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fd3e75805ef094510e276198ef138755\Microsoft.SqlServer.PolicyEnum.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 72704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\da75d2e41656829d16b4026e95c8896a\Microsoft.SqlServer.BatchParserClient.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9b614f162af0918268c6a350b03064fb\Microsoft.SqlServer.SString.ni.dll
+ 2011-10-14 21:19 . 2011-10-14 21:19 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4cd55f4da4dc1517ea42a0da46a63ef2\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 65536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3eb49e2baeeaf4895cf87ee42dfa1dec\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\36552b46ca7b281004dbafa20407435d\Microsoft.SqlServer.SqlClrProvider.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\082d5831a784fb7a4c8ed980fee39a25\Microsoft.SqlServer.SqlTDiagM.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2011-10-14 21:19 . 2011-10-14 21:19 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-10-14 06:40 . 2011-10-14 06:40 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-10-14 06:13 . 2011-10-14 06:13 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-10 10:49 . 2010-10-10 10:49 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-10 22:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641690\update\spcustom.dll
+ 2011-11-10 22:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641690\spmsg.dll
+ 2011-09-16 08:16 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2616676\update\spcustom.dll
+ 2011-09-16 08:16 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2616676\spmsg.dll
+ 2011-10-14 06:28 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2592799\update\spcustom.dll
+ 2011-10-14 06:28 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2592799\spmsg.dll
+ 2011-10-14 06:27 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2586448-IE8\update\spcustom.dll
+ 2011-10-14 06:27 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2586448-IE8\spmsg.dll
+ 2011-10-14 04:43 . 2011-08-22 23:47 12800 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\xpshims.dll
+ 2011-10-14 04:43 . 2011-08-22 23:47 66560 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtmled.dll
+ 2011-10-14 04:44 . 2011-08-22 23:47 55296 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeedsbs.dll
+ 2011-10-14 04:44 . 2011-08-22 23:47 43520 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\licmgr10.dll
+ 2011-10-14 04:44 . 2011-08-22 23:47 25600 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\jsproxy.dll
+ 2011-09-16 08:12 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570947\update\spcustom.dll
+ 2011-09-16 08:12 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570947\spmsg.dll
+ 2011-10-14 06:29 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567053\update\spcustom.dll
+ 2011-10-14 06:29 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567053\spmsg.dll
+ 2011-11-10 02:28 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll
+ 2011-11-10 02:28 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2004-08-19 21:02 . 2011-07-12 22:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2004-08-19 21:02 . 2009-06-29 15:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2011-10-14 06:30 . 2011-10-14 06:30 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fed35fa53f20bd75214f2eca0cde1ece\dfsvc.ni.exe
+ 2011-10-14 06:39 . 2011-10-14 06:39 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-10-14 06:40 . 2011-10-14 06:40 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-08-09 23:50 . 2011-08-09 23:50 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-04-13 04:18 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
- 2009-04-13 04:18 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
+ 2008-07-29 23:59 . 2011-09-26 15:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2004-08-19 20:49 . 2011-11-06 09:39 678240 c:\windows\system32\perfh009.dat
- 2004-08-19 20:49 . 2011-08-09 23:50 678240 c:\windows\system32\perfh009.dat
- 2004-08-19 20:49 . 2011-08-09 23:50 160228 c:\windows\system32\perfc009.dat
+ 2004-08-19 20:49 . 2011-11-06 09:39 160228 c:\windows\system32\perfc009.dat
+ 2004-08-19 20:49 . 2011-09-26 15:41 220160 c:\windows\system32\oleacc.dll
+ 2009-04-13 04:18 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
- 2009-04-13 04:18 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
+ 2009-04-13 04:18 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2009-04-13 04:18 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 08:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
+ 2009-04-13 04:19 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
- 2009-04-13 04:19 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
- 2009-04-13 04:19 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
+ 2009-04-13 04:19 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2009-04-13 04:19 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
+ 2009-04-13 04:19 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2009-04-13 04:19 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
+ 2011-10-27 00:36 . 2008-04-17 16:12 107368 c:\windows\system32\GEARAspi.dll
+ 2011-10-27 00:36 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2009-04-22 22:54 . 2008-04-14 04:51 162816 c:\windows\system32\drivers\netbt.sys
- 2009-04-14 20:10 . 2008-04-14 04:51 162816 c:\windows\system32\drivers\netbt.sys
+ 2009-04-14 20:10 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2009-04-14 20:10 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
+ 2011-08-31 03:05 . 2011-08-31 03:05 178536 c:\windows\system32\dnssdX.dll
+ 2008-06-23 15:09 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 08:34 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
- 2009-03-08 08:34 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-19 20:49 . 2011-09-26 15:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2009-03-08 08:34 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 08:34 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-04-22 22:54 . 2008-04-14 04:51 162816 c:\windows\system32\dllcache\netbt.sys
+ 2009-03-08 08:32 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 08:32 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-10-30 21:42 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-30 21:42 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-14 11:07 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
 
+ 2008-08-14 11:07 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-06-11 20:16 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-11 20:16 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 08:31 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 08:31 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-08 20:24 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-08 20:24 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 18:09 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 18:09 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2011-09-03 10:17 . 2011-09-03 10:17 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
- 2009-04-13 04:19 . 2011-09-03 10:17 599040 c:\windows\system32\crypt32.dll
+ 2009-04-13 04:19 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
- 2011-04-12 19:11 . 2011-04-12 19:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-07-07 09:18 . 2011-07-07 09:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-07-07 09:18 . 2011-07-07 09:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-07 16:04 . 2011-07-07 16:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-07-07 16:01 . 2011-07-07 16:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-07-07 17:09 . 2011-07-07 17:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-08-19 21:02 . 2011-07-05 19:44 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2004-08-19 21:02 . 2009-06-24 01:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2009-04-13 04:20 . 2011-07-06 13:57 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2009-04-13 04:20 . 2009-06-24 02:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-10-27 00:39 . 2011-10-27 00:39 380928 c:\windows\Installer\{29ED20C9-5E15-4969-9279-25BF3727A3DA}\iTunesIco.exe
 
+ 2011-12-14 08:32 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-14 08:32 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-14 08:32 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-14 08:32 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-14 08:32 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2011-10-14 06:27 . 2011-06-23 18:36 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
+ 2011-10-14 06:27 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
+ 2011-10-14 06:27 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
+ 2011-10-14 06:27 . 2011-06-23 18:36 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
+ 2011-10-14 06:27 . 2011-06-23 12:05 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
+ 2011-10-14 06:14 . 2011-10-14 06:14 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0286baad\System.Drawing.dll
+ 2011-10-14 06:15 . 2011-10-14 06:15 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_5d58ace1\System.Drawing.Design.dll
+ 2011-10-14 06:15 . 2011-10-14 06:15 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b2eeae62\CustomMarshalers.dll
+ 2011-10-14 06:16 . 2011-10-14 06:16 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_4f26fd83\System.Drawing.dll
+ 2011-10-14 22:27 . 2011-10-14 22:27 404480 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\ecb0328b918c4a5adfbd83c946e0e196\XamlBuildTask.ni.dll
+ 2011-10-14 06:31 . 2011-10-14 06:31 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\040df73a6631957668b3d538e70ff7a0\WsatConfig.ni.exe
+ 2011-10-14 22:27 . 2011-10-14 22:27 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\b18816abd9dd59ca3f1d682a756e5745\WindowsFormsIntegration.ni.dll
+ 2011-10-14 06:36 . 2011-10-14 06:36 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c170b431f43ab80000d31bcc58acd1a5\UIAutomationTypes.ni.dll
+ 2011-10-14 22:27 . 2011-10-14 22:27 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ee096062554a6344a49083910c0af16e\UIAutomationClient.ni.dll
+ 2011-10-14 06:33 . 2011-10-14 06:33 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\1faca3f09472860e010689b67c68a327\System.Xml.Linq.ni.dll
+ 2011-10-14 06:37 . 2011-10-14 06:37 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\eeb9b49d8598c6f5926f494074af2d69\System.Windows.Input.Manipulations.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\a863e081c9bcbaec568abe127fb1dbe3\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2011-10-14 06:35 . 2011-10-14 06:35 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\386e276cb95b2116d2662d4684126895\System.Web.RegularExpressions.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 861696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\e327cf8e04773318e4b8b0059a6fbd6b\System.Web.Extensions.Design.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 332800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\1f27b86bb9c2a32f7571b0c86341d73f\System.Web.Entity.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 297472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\67fc91b4eac9e54781bc50dcb36945d4\System.Web.Entity.Design.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\965eb0ae99683ff79685abe9323a6cfa\System.Web.DynamicData.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 259072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\da89b1d421f29db531ee997029e03b72\System.Web.DataVisualization.Design.ni.dll
+ 2011-10-14 06:34 . 2011-10-14 06:34 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\344c1e000e4158cc37a5e9068e095d40\System.Transactions.ni.dll
+ 2011-10-14 06:36 . 2011-10-14 06:36 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\a0e090647c856fe52e1f1e5d2a25b1ac\System.ServiceProcess.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 422912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8f7ddde9561a2cc64c9a9377ef645f71\System.ServiceModel.Activation.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1cce5f9cad92a8ba3deb833291637b95\System.ServiceModel.Routing.ni.dll
+ 2011-10-14 06:24 . 2011-10-14 06:24 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c12a8284683ba6b400a4562da310ce59\System.Security.ni.dll
+ 2011-10-14 06:32 . 2011-10-14 06:32 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\137a2ae391d89577ad63db08303a5158\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-10-14 06:34 . 2011-10-14 06:34 770560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4188dcf65867be8c772c2e44082e51ca\System.Runtime.Remoting.ni.dll
+ 2011-10-14 06:35 . 2011-10-14 06:35 241664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\69686330b905615bdbc5a43d159ed335\System.Runtime.Caching.ni.dll
+ 2011-10-14 06:24 . 2011-10-14 06:24 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\d038332bf07a163f855200919ee678cc\System.Numerics.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\8410db646e037bab93d66ef9d17a3ce5\System.Net.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\7cdd3b54c476345732c735ea253d95d5\System.Messaging.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\fe11b4a9c8067184aff54b627b0e046b\System.Management.Instrumentation.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\7970b94c1582f58c8f79f531f104c754\System.IO.Log.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\26bdff3178be53810cb7bac268f7af08\System.IdentityModel.Selectors.ni.dll
+ 2011-10-14 06:34 . 2011-10-14 06:34 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.Wrapper.dll
+ 2011-10-14 06:34 . 2011-10-14 06:34 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.ni.dll
+ 2011-10-14 06:24 . 2011-10-14 06:24 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\d8131e4810c207d23b977603fdad6e33\System.Dynamic.ni.dll
+ 2011-10-14 06:25 . 2011-10-14 06:25 224768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\fcc666923b1ee799fa03c87082249868\System.Drawing.Design.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\86db06eb0e133c3c2042cd6abcfff399\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-10-14 06:35 . 2011-10-14 06:35 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\2f7f2d7c549c23373541e052c8364755\System.DirectoryServices.Protocols.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\ecae7de1b9e1cf0d6d3bc7f01b891a1a\System.Device.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 507904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\923c3591d29f5671472728bf1a55f308\System.Data.Services.Design.ni.dll
+ 2011-10-14 22:11 . 2011-10-14 22:11 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\e6c62a3b06ae5f2f9de5164117dd6ba6\System.Data.DataSetExtensions.ni.dll
+ 2011-10-14 06:24 . 2011-10-14 06:24 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb7cfe8f0e8532f6381c22bf719a95dc\System.Configuration.ni.dll
+ 2011-10-14 06:36 . 2011-10-14 06:36 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\96907044ee8b845f05d72805d100fb7e\System.Configuration.Install.ni.dll
+ 2011-10-14 06:23 . 2011-10-14 06:23 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\d5f97e0367e37f9aead033b54f40a895\System.ComponentModel.Composition.ni.dll
+ 2011-10-14 22:11 . 2011-10-14 22:11 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\c11789fd2d4aeb3a41b8a925975ebd96\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-10-14 22:11 . 2011-10-14 22:11 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\53e0aa766368680b3785a0867d632f0c\System.AddIn.ni.dll
+ 2011-10-14 22:10 . 2011-10-14 22:10 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\aef6e32f096486514002cee2bd716b0b\System.Activities.DurableInstancing.ni.dll
+ 2011-10-14 06:31 . 2011-10-14 06:31 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\eee8be5d9f06c6d32cb1eeca8cfbfe38\SMSvcHost.ni.exe
+ 2011-10-14 06:34 . 2011-10-14 06:34 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\c60bbf982563abd181e673c1d5e92006\SMDiagnostics.ni.dll
+ 2011-10-14 06:22 . 2011-10-14 06:22 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d2ad394c477fc1c71c900c892d7fce0b\PresentationFramework.Aero.ni.dll
+ 2011-10-14 06:23 . 2011-10-14 06:23 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63f98ea6df6a734c122348fa32296df0\PresentationFramework.Classic.ni.dll
+ 2011-10-14 06:23 . 2011-10-14 06:23 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\61aa640996b77695572adefea8fd36b7\PresentationFramework.Luna.ni.dll
+ 2011-10-14 06:24 . 2011-10-14 06:24 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\30d7b48c6018eb8d7db378908568130f\PresentationFramework.Royale.ni.dll
+ 2011-10-14 06:31 . 2011-10-14 06:31 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\50ef00afe8174ef7b9ca3577a301b02b\MSBuild.ni.exe
+ 2011-10-14 06:33 . 2011-10-14 06:33 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\bb4c4b1083c312a8d139184726b1b30b\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-10-14 06:32 . 2011-10-14 06:32 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\54c59931e1860675710f19c7c3ba4cc8\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-10-14 06:32 . 2011-10-14 06:32 631808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\503994046462b53944ed2915dfb43cb0\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2011-10-14 06:31 . 2011-10-14 06:31 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\1bf86eecca78429158f8e8b8910f3e6e\Microsoft.Build.Framework.ni.dll
+ 2011-10-14 06:31 . 2011-10-14 06:31 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\1b119eca340bea3a2489017f8f4e9aac\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2011-10-14 06:31 . 2011-10-14 06:31 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\04226f317855c555a957f4c2d0dc240d\CustomMarshalers.ni.dll
+ 2011-10-14 06:30 . 2011-10-14 06:30 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\4da03695fc54c2e2b57b034ae772d189\ComSvcConfig.ni.exe
+ 2011-10-14 06:30 . 2011-10-14 06:30 846336 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\98447bb42f564716029c1751c88ae134\AspNetMMCExt.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2011-10-14 21:17 . 2011-10-14 21:17 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
+ 2011-10-14 22:10 . 2011-10-14 22:10 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll
+ 2011-10-14 22:09 . 2011-10-14 22:09 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2011-10-14 22:09 . 2011-10-14 22:09 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll
+ 2011-10-14 22:09 . 2011-10-14 22:09 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
+ 2011-10-14 21:19 . 2011-10-14 21:19 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
+ 2011-10-14 21:19 . 2011-10-14 21:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\fee1a48b769a8c4beb335ee5ce006091\System.Data.Entity.Design.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
+ 2011-10-14 21:20 . 2011-10-14 21:20 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe
+ 2011-10-14 21:16 . 2011-10-14 21:16 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
+ 2011-10-14 21:16 . 2011-10-14 21:16 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
+ 2011-10-14 21:16 . 2011-10-14 21:16 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
+ 2011-10-14 21:16 . 2011-10-14 21:16 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2011-10-14 21:20 . 2011-10-14 21:20 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 632320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f5c843e9c53e9f89b9405793154c4af9\Microsoft.SqlServer.BatchParser.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 244736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ef0e10399ace34456e5c57bca456974e\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 137216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\de19c446f01eb8445a01936ebc0036e2\Microsoft.SqlServer.ConnectionInfoExtended.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 128000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d05bb47659a54e4eb10e52fb2e132091\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 251904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a9f38ea9005f5cf904559e28173bbfd4\Microsoft.SqlServer.SqlWmiManagement.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\13c131ab036dfcf46f1d712459728415\Microsoft.SqlServer.SmoExtended.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
+ 2011-10-14 21:19 . 2011-10-14 21:19 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-10-14 06:40 . 2011-10-14 06:40 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-10-14 06:40 . 2011-10-14 06:40 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-10-14 06:40 . 2011-10-14 06:40 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-10-14 06:40 . 2011-10-14 06:40 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-10-14 06:40 . 2011-10-14 06:40 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
 
+ 2011-11-10 22:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2641690\update\updspapi.dll
+ 2011-11-10 22:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2641690\update\update.exe
+ 2011-11-10 22:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2641690\spuninst.exe
+ 2011-09-28 07:05 . 2011-09-28 07:05 599552 c:\windows\$hf_mig$\KB2641690\SP3QFE\crypt32.dll
+ 2011-09-16 08:16 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2616676\update\updspapi.dll
+ 2011-09-16 08:16 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2616676\update\update.exe
+ 2011-09-16 08:16 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2616676\spuninst.exe
+ 2011-09-09 09:11 . 2011-09-09 09:11 599552 c:\windows\$hf_mig$\KB2616676\SP3QFE\crypt32.dll
+ 2011-10-14 06:28 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2592799\update\updspapi.dll
+ 2011-10-14 06:28 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2592799\update\update.exe
+ 2011-10-14 06:28 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2592799\spuninst.exe
+ 2011-10-14 04:45 . 2011-08-17 13:41 138496 c:\windows\$hf_mig$\KB2592799\SP3QFE\afd.sys
+ 2011-10-14 06:27 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2586448-IE8\update\updspapi.dll
+ 2011-10-14 06:27 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2586448-IE8\update\update.exe
+ 2011-10-14 06:27 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2586448-IE8\spuninst.exe
+ 2011-10-14 04:42 . 2011-08-22 23:47 919552 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
+ 2011-10-14 04:43 . 2011-08-22 23:47 105984 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\url.dll
+ 2011-10-14 04:43 . 2011-08-22 23:47 206848 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\occache.dll
+ 2011-10-14 04:43 . 2011-08-22 23:47 611840 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mstime.dll
+ 2011-10-14 04:44 . 2011-08-22 23:47 602112 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeeds.dll
+ 2011-10-14 04:43 . 2011-08-22 23:47 247808 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieproxy.dll
+ 2011-10-14 04:43 . 2011-08-22 23:47 184320 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iepeers.dll
+ 2011-10-14 04:43 . 2011-08-22 23:47 743424 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedvtool.dll
+ 2011-10-14 04:42 . 2011-08-22 23:47 387584 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedkcs32.dll
+ 2011-10-14 04:42 . 2011-08-22 11:52 174080 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ie4uinit.exe
+ 2011-09-16 08:12 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2570947\update\updspapi.dll
+ 2011-09-16 08:12 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2570947\update\update.exe
+ 2011-09-16 08:12 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2570947\spuninst.exe
+ 2011-10-14 06:29 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567053\update\updspapi.dll
+ 2011-10-14 06:29 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567053\update\update.exe
+ 2011-10-14 06:29 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567053\spuninst.exe
+ 2011-11-10 02:28 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893-v2\update\updspapi.dll
+ 2011-11-10 02:28 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893-v2\update\update.exe
+ 2011-11-10 02:28 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893-v2\spuninst.exe
+ 2011-10-10 14:21 . 2011-10-10 14:21 692736 c:\windows\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll
+ 2009-04-13 04:18 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
- 2009-04-13 04:18 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2009-04-13 04:18 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2004-08-19 20:57 . 2011-12-14 12:58 2235912 c:\windows\system32\FNTCACHE.DAT
+ 2011-10-27 00:19 . 2011-08-02 21:38 4517664 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll
+ 2011-10-27 00:20 . 2011-08-02 21:38 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
+ 2009-01-31 20:51 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
- 2008-06-26 08:15 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-26 08:15 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
- 2009-01-31 20:51 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-01-31 20:51 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-01-31 20:51 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-31 20:51 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-31 20:51 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-01-31 20:51 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-01-31 20:51 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-01-31 20:51 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-06-23 15:09 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-30 21:42 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
- 2011-04-12 19:11 . 2011-04-12 19:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 6724424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-07-07 09:18 . 2011-07-07 09:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-07-07 09:18 . 2011-07-07 09:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2011-07-08 17:59 . 2011-07-08 17:59 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2011-07-08 17:59 . 2011-07-08 17:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-07-07 16:02 . 2011-07-07 16:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-07-07 16:02 . 2011-07-07 16:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-07-08 17:59 . 2011-07-08 17:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2004-08-19 21:02 . 2009-06-29 15:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-08-19 21:02 . 2011-07-12 22:04 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2009-04-13 04:20 . 2011-07-05 19:45 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2009-04-13 04:20 . 2009-06-24 02:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2009-04-13 04:20 . 2011-07-05 19:46 2408448 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-08-19 21:02 . 2011-07-12 22:05 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2004-08-19 21:02 . 2009-06-29 15:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2011-08-09 23:29 . 2011-08-09 23:29 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-14 06:19 . 2011-10-14 06:19 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-14 06:20 . 2011-10-14 06:20 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-08-09 23:28 . 2011-08-09 23:28 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-29 01:24 . 2011-12-29 01:24 8716288 c:\windows\Installer\1664e26.msi
+ 2011-10-27 00:39 . 2011-10-27 00:39 5235200 c:\windows\Installer\149e2b.msi
+ 2011-10-27 00:24 . 2011-10-27 00:24 1769984 c:\windows\Installer\149e27.msi
+ 2011-10-27 00:22 . 2011-10-27 00:22 1717248 c:\windows\Installer\149e22.msi
+ 2011-10-27 00:17 . 2011-10-27 00:17 2002432 c:\windows\Installer\149e1d.msi
+ 2011-10-27 00:16 . 2011-10-27 00:16 1532928 c:\windows\Installer\149e17.msi
+ 2011-12-14 08:32 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-14 08:32 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-14 08:32 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
+ 2011-10-14 06:27 . 2011-07-25 15:17 5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
- 2009-01-31 20:51 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-31 20:51 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-31 20:51 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-01-31 20:51 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-01-31 20:51 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-01-31 20:51 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-01-31 20:51 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-01-31 20:51 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-10-14 06:14 . 2011-10-14 06:14 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_477a69d8\System.dll
+ 2011-10-14 06:15 . 2011-10-14 06:15 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_24ce349b\System.dll
+ 2011-10-14 06:15 . 2011-10-14 06:15 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d0b0a9cd\System.Xml.dll
+ 2011-10-14 06:14 . 2011-10-14 06:14 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c3f9b54b\System.Xml.dll
+ 2011-10-14 06:15 . 2011-10-14 06:15 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_2e50c929\System.Windows.Forms.dll
+ 2011-10-14 06:14 . 2011-10-14 06:14 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_063b8afc\System.Windows.Forms.dll
+ 2011-10-14 06:15 . 2011-10-14 06:15 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6d5b0b81\System.Drawing.dll
+ 2011-10-14 06:14 . 2011-10-14 06:14 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c1da2a20\System.Design.dll
+ 2011-10-14 06:15 . 2011-10-14 06:15 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_32abc25a\System.Design.dll
+ 2011-10-14 06:14 . 2011-10-14 06:14 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f1ee556c\mscorlib.dll
+ 2011-10-14 06:15 . 2011-10-14 06:15 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_72974ea9\mscorlib.dll
+ 2011-10-14 06:16 . 2011-10-14 06:16 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_6e733f22\System.dll
+ 2011-10-14 06:17 . 2011-10-14 06:17 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_3b68b20e\System.Xml.dll
+ 2011-10-14 06:16 . 2011-10-14 06:16 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_334b29d3\System.Windows.Forms.dll
+ 2011-10-14 06:16 . 2011-10-14 06:16 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_849a7cd5\System.Design.dll
+ 2011-10-14 06:16 . 2011-10-14 06:16 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_f5a16ea9\mscorlib.dll
+ 2011-10-14 06:22 . 2011-10-14 06:22 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6e1c62ce679c8157560c7593c066cd85\WindowsBase.ni.dll
+ 2011-10-14 22:27 . 2011-10-14 22:27 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0d8b512be71d0a491131dac4bada85cf\UIAutomationClientsideProviders.ni.dll
+ 2011-10-14 06:22 . 2011-10-14 06:22 9085952 c:\windows\assembly\NativeImages_v4.0.30319_32\System\af709611f9ffff0544b1d750303c4afa\System.ni.dll
+ 2011-10-14 06:24 . 2011-10-14 06:24 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a401952384c24581989cdc85270f3d9d\System.Xml.ni.dll
+ 2011-10-14 06:31 . 2011-10-14 06:31 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4185130eda1d7a5e0e0474e72343570b\System.Xaml.ni.dll
+ 2011-10-14 22:27 . 2011-10-14 22:27 1208320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\5c480c2ae81637815590203c76bb990b\System.WorkflowServices.ni.dll
+ 2011-10-14 22:27 . 2011-10-14 22:27 1968640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\d2b498cc263a76465654318cbc8a8aa4\System.Workflow.Runtime.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 4461568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\45b3e62f518b41959dc57f78d303c7d2\System.Workflow.ComponentModel.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 2870272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\33377a439e76879af9ed6ebf2c32917b\System.Workflow.Activities.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\ee16a1514cffb8d75d96c2d3a182732a\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-10-14 06:35 . 2011-10-14 06:35 1895424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\2f396b096b5836ed60f65b95efb0b179\System.Web.Services.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 2328576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\ab7622b1a8a4e1b86846797327b43512\System.Web.Mobile.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 3087872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\9f648286b691b4f60f264e5e3c280a9b\System.Web.Extensions.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 4531712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\30f24656c461b042886933d83022ef23\System.Web.DataVisualization.ni.dll
+ 2011-10-14 22:26 . 2011-10-14 22:26 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\2cafd0c1f713d71c1ad113adcaab71c7\System.Speech.ni.dll
+ 2011-10-14 22:24 . 2011-10-14 22:24 1050624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d1c4957f79ee77e546cc69325d581b59\System.ServiceModel.Web.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\64433e6b7a1662a93a7c48229fbd4eed\System.ServiceModel.Discovery.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\44fc3d9cf54d6e5926444a22b04f3b8e\System.ServiceModel.Activities.ni.dll
+ 2011-10-14 06:34 . 2011-10-14 06:34 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d04876810fa42d76546c5f1239f82943\System.Runtime.Serialization.ni.dll
+ 2011-10-14 06:34 . 2011-10-14 06:34 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\c051780bb4f90580d46e80e6cd91c29f\System.Runtime.DurableInstancing.ni.dll
+ 2011-10-14 06:37 . 2011-10-14 06:37 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f02f3ea43a6eaa6f7faa13ef31b63af1\System.Printing.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\8d18ece52d96bfd1204ef646cefc4680\System.Management.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fb2283aab5cdf8f5f93322be38a8734d\System.IdentityModel.ni.dll
+ 2011-10-14 06:22 . 2011-10-14 06:22 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c04dcef499114715d2a222c01ea6b227\System.Drawing.ni.dll
+ 2011-10-14 06:34 . 2011-10-14 06:34 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8968ac05250cff8cbfbcff1f83e3b98a\System.DirectoryServices.ni.dll
+ 2011-10-14 06:32 . 2011-10-14 06:32 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\384a6a4a4ec8cf84ca9b0d031afe290b\System.Deployment.ni.dll
+ 2011-10-14 06:23 . 2011-10-14 06:23 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\494945003f729a5d6ec21324dff8c7b9\System.Data.ni.dll
+ 2011-10-14 06:24 . 2011-10-14 06:24 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1648cdc8909a9af097bde83f4c4e79a7\System.Data.SqlXml.ni.dll
+ 2011-10-14 22:24 . 2011-10-14 22:24 2018304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\704ff789321b97ec87c5a1dc79cdb2bb\System.Data.Services.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\1a2bc468fa7fa92c05c03067b2989dd3\System.Data.Services.Client.ni.dll
+ 2011-10-14 06:35 . 2011-10-14 06:35 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\22e03bf9d011ac30fd9dd559902d392b\System.Data.OracleClient.ni.dll
+ 2011-10-14 06:24 . 2011-10-14 06:24 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\3cffbf0b7dea6898ef53cb5b7c5df023\System.Data.Linq.ni.dll
+ 2011-10-14 22:24 . 2011-10-14 22:24 1408000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\8237af5c0941a12b2b5c93b84b1be594\System.Data.Entity.Design.ni.dll
+ 2011-10-14 06:23 . 2011-10-14 06:23 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\52598abacb89081ab248f435d9dabdf4\System.Core.ni.dll
+ 2011-10-14 06:38 . 2011-10-14 06:38 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\c796f3c66633a10c86137a21c2e6a5c2\System.Activities.ni.dll
+ 2011-10-14 22:11 . 2011-10-14 22:11 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a883968d22f88c8f3ca2886147f987df\System.Activities.Presentation.ni.dll
+ 2011-10-14 06:38 . 2011-10-14 06:38 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\ca1d6e08f435634177e86738fb1656be\System.Activities.Core.Presentation.ni.dll
+ 2011-10-14 06:37 . 2011-10-14 06:37 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\54984bde314324fef70c9af78bfbef72\ReachFramework.ni.dll
+ 2011-10-14 06:33 . 2011-10-14 06:33 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\dbfb5689700b31f9173aceca76863885\PresentationUI.ni.dll
+ 2011-10-14 06:33 . 2011-10-14 06:33 1478144 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\5d7e4420f19b0c5d29becfb1769ff249\PresentationBuildTasks.ni.dll
+ 2011-10-14 06:32 . 2011-10-14 06:32 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\dd95ef965cafab043a454a2b678a083d\Microsoft.VisualBasic.ni.dll
+ 2011-10-14 06:32 . 2011-10-14 06:32 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\905bb851cac8f8e0ffd58ec89f6592a2\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-10-14 06:33 . 2011-10-14 06:33 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\6621cf26ceaf66b9d9a296863e24bbc7\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-10-14 06:32 . 2011-10-14 06:32 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fe6fa906c2231a9682d712a64eb9ba14\Microsoft.Transactions.Bridge.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\46c01deb670388b92682013749c3a90a\Microsoft.JScript.ni.dll
+ 2011-10-14 06:24 . 2011-10-14 06:24 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\c94610345c43aa63f696b3ce06da1b9a\Microsoft.CSharp.ni.dll
+ 2011-10-14 06:31 . 2011-10-14 06:31 4243456 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\85a117ce04a437566beb9f60b0f0462a\Microsoft.Build.ni.dll
+ 2011-10-14 06:32 . 2011-10-14 06:32 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\18b8fc43c6d5f0c3bed17526a1f89a61\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2011-10-14 06:31 . 2011-10-14 06:31 1929216 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\af6c0eb567701f561d08b15f8ad54f30\Microsoft.Build.Engine.ni.dll
+ 2011-10-14 21:15 . 2011-10-14 21:15 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
+ 2011-10-14 21:14 . 2011-10-14 21:14 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
+ 2011-10-14 22:10 . 2011-10-14 22:10 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll
+ 2011-10-14 22:10 . 2011-10-14 22:10 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll
+ 2011-10-14 22:10 . 2011-10-14 22:10 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll
+ 2011-10-14 22:10 . 2011-10-14 22:10 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll
+ 2011-10-14 22:09 . 2011-10-14 22:09 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll
+ 2011-10-14 22:09 . 2011-10-14 22:09 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll
+ 2011-10-14 21:19 . 2011-10-14 21:19 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
+ 2011-10-14 21:19 . 2011-10-14 21:19 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
+ 2011-10-14 21:16 . 2011-10-14 21:16 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll
+ 2011-10-14 21:16 . 2011-10-14 21:16 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
+ 2011-10-14 21:22 . 2011-10-14 21:22 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\b70adfee3b5ed7e0688d13f24cbec556\System.Data.Entity.ni.dll
+ 2011-10-14 21:16 . 2011-10-14 21:16 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
+ 2011-10-14 21:16 . 2011-10-14 21:16 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
+ 2011-10-14 21:16 . 2011-10-14 21:16 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
+ 2011-10-14 21:14 . 2011-10-14 21:14 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\37fd70ad5f3726031995041b246fe862\PresentationBuildTasks.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 6115328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\89bd03118a09b0089693e790144e8833\Microsoft.SqlServer.Smo.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 1488384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7da7a62f0f8c01303cfe6e645a7f95f0\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 1125888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0853d0b461e1500079a6bddb03a43133\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
+ 2011-10-14 21:21 . 2011-10-14 21:21 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-10-14 06:40 . 2011-10-14 06:40 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-10-14 06:40 . 2011-10-14 06:40 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-08-09 23:49 . 2011-08-09 23:49 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-14 06:40 . 2011-10-14 06:40 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-08-09 23:50 . 2011-08-09 23:50 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-14 06:39 . 2011-10-14 06:39 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-14 06:13 . 2011-10-14 06:13 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-10-10 10:49 . 2010-10-10 10:49 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-10-10 10:49 . 2010-10-10 10:49 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-14 06:13 . 2011-10-14 06:13 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-14 06:16 . 2011-10-14 06:16 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-16 10:05 . 2009-10-16 10:05 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-14 04:41 . 2011-08-22 23:47 1214464 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\urlmon.dll
+ 2011-10-14 04:41 . 2011-10-03 08:34 5972992 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
+ 2011-10-14 04:42 . 2011-08-22 23:47 2001408 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iertutil.dll
+ 2011-09-06 13:25 . 2011-09-06 13:25 1867904 c:\windows\$hf_mig$\KB2567053\SP3QFE\win32k.sys
+ 2009-02-12 03:54 . 2011-11-27 07:04 11671744 c:\windows\system32\Restore\rstrlog.dat
+ 2009-11-23 19:15 . 2011-12-14 08:28 52988224 c:\windows\system32\MRT.exe
- 2009-03-08 08:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2009-03-08 08:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
- 2008-10-30 21:42 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-30 21:42 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-07-13 02:49 . 2011-07-13 02:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp
+ 2011-07-12 00:43 . 2011-07-12 00:43 11641344 c:\windows\Installer\61cc2c.msp
+ 2011-07-11 21:19 . 2011-07-11 21:19 10619904 c:\windows\Installer\61cc23.msp
+ 2011-07-12 19:50 . 2011-07-12 19:50 17555968 c:\windows\Installer\61cc18.msp
+ 2011-12-14 08:32 . 2011-08-23 21:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2011-10-14 06:27 . 2011-06-23 18:36 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
+ 2011-10-14 06:23 . 2011-10-14 06:23 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f2a34f1fb98ab9e8a76a22e132e18b21\System.Windows.Forms.ni.dll
+ 2011-10-14 06:35 . 2011-10-14 06:35 11993088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\2c306c4d9e8432414a751bee248b79ed\System.Web.ni.dll
+ 2011-10-14 22:25 . 2011-10-14 22:25 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8f98e8e2739c6887f5721b8482767479\System.ServiceModel.ni.dll
+ 2011-10-14 06:25 . 2011-10-14 06:25 10969088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\0c71bff47b54e67c19871f7fc491c921\System.Design.ni.dll
+ 2011-10-14 22:24 . 2011-10-14 22:24 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\8e3c1cec16dfb531846f357a17e3a77a\System.Data.Entity.ni.dll
+ 2011-10-14 06:24 . 2011-10-14 06:24 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63d537bacaab5416d09a2a3cdf6a3667\PresentationFramework.ni.dll
+ 2011-10-14 06:22 . 2011-10-14 06:22 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\75f3656725581b2c90785755775bdf48\PresentationCore.ni.dll
+ 2011-10-14 06:21 . 2011-10-14 06:21 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
+ 2011-10-14 21:23 . 2011-10-14 21:23 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
+ 2011-10-14 21:20 . 2011-10-14 21:20 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll
+ 2011-10-14 21:17 . 2011-10-14 21:17 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll
+ 2011-10-14 21:16 . 2011-10-14 21:16 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
+ 2011-10-14 21:15 . 2011-10-14 21:15 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
+ 2011-10-14 21:10 . 2011-10-14 21:10 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2011-10-14 04:40 . 2011-08-22 23:47 11084288 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieframe.dll
.
 
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-15 221184]
"Ulead AutoDetector"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
.
c:\documents and settings\Benjamin Provost\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Benjamin Provost\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-12-26 20:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=19918014261.CPX
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Benjamin Provost\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Ruby187\\bin\\ruby.exe"=
"c:\\Program Files\\Steam\\steamapps\\pianosaurus\\mass effect trailer\\smp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\chime\\Chime.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1030:TCP"= 1030:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [12/19/2011 6:59 PM 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [12/19/2011 6:59 PM 494816]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 9:05 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 67656]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [11/23/2011 5:27 AM 1052472]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/25/2009 1:25 AM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/28/2011 2:53 AM 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 Messenger32;Messenger ;c:\windows\system32\psnppagn32.exe --> c:\windows\system32\psnppagn32.exe [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/12/2009 11:18 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 12872]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [6/1/2009 1:54 PM 73464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{1D732B4C-69FE-4DB7-A1FD-D1898D7042A1}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D8056995-A140-4724-BC62-8F78DC7D4C91}: NameServer = 8.26.56.26,156.154.70.22
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BlueJ_is1 - c:\bluej\uninst\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-09 14:35
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(504)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-01-09 14:51:47
ComboFix-quarantined-files.txt 2012-01-09 19:51
ComboFix2.txt 2011-12-31 20:00
ComboFix3.txt 2011-09-09 17:52
ComboFix4.txt 2011-08-02 04:40
ComboFix5.txt 2012-01-02 05:21
.
Pre-Run: 10,867,580,928 bytes free
Post-Run: 10,830,487,552 bytes free
.
- - End Of File - - A784DB5EC56D372C0BBD12E8D3B9436A
 
Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The only consistent issue has been the overall slugishness of the computer. It takes forever to boot and then awhile to run programs. Firefox likes to freeze. I may upgrade some components to see if that helps.

OTL.txt

OTL logfile created on: 1/11/2012 12:30:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Benjamin Provost\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 282.33 Mb Available Physical Memory | 55.36% Memory free
1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.23% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.72 Gb Total Space | 10.27 Gb Free Space | 14.73% Space Free | Partition Type: NTFS

Computer Name: D9L71B81 | User Name: Benjamin Provost | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 15:55:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin Provost\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/21 00:41:44 | 006,676,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
PRC - [2011/11/23 05:27:04 | 000,992,056 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPS.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Benjamin Provost\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/07/28 08:32:20 | 000,094,208 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/19 18:59:44 | 000,068,424 | ---- | M] () -- C:\Program Files\Comodo\COMODO Internet Security\scanners\smart.cav
MOD - [2011/11/23 05:27:10 | 004,284,728 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\Socket\Adaptor.dll
MOD - [2011/11/23 05:27:10 | 002,085,688 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\GuiListener\export.dll
MOD - [2011/11/23 05:27:10 | 001,764,664 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\Socket\Export.dll
MOD - [2011/11/23 05:27:10 | 000,339,768 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\RemoteDesktop\Export.dll
MOD - [2011/11/23 05:27:10 | 000,049,976 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\RemoteDesktop\ShHook.dll
MOD - [2011/11/23 05:27:08 | 000,464,184 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\CRF\export.dll
MOD - [2011/11/23 05:27:08 | 000,328,504 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\EventMonitor\export.dll
MOD - [2011/11/23 05:27:08 | 000,126,776 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\EventMonitor\EventMonitor.dll
MOD - [2011/11/23 05:27:06 | 001,131,320 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPS_RES.dll
MOD - [2011/11/23 05:27:06 | 000,020,280 | ---- | M] () -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLANG.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/02 11:07:40 | 000,320,064 | ---- | M] () -- C:\Program Files\Git\git-cheetah\git_shell_ext.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/07/28 08:32:10 | 000,028,672 | ---- | M] () -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
MOD - [2005/04/22 12:43:58 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPrint.dll
MOD - [2005/04/22 12:43:32 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
MOD - [2005/04/22 12:42:36 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
MOD - [2005/04/22 12:42:18 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
MOD - [2005/04/22 12:42:00 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
MOD - [2005/04/15 05:18:34 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPRPR.DLL
MOD - [2005/04/15 04:55:56 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPRP.DLL
MOD - [2005/04/15 04:42:34 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\dlbtutil.dll
MOD - [2005/02/28 19:58:44 | 000,287,232 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTSTRN.DLL
MOD - [2005/02/28 19:57:44 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPCFG.DLL
MOD - [2005/02/28 19:57:40 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL
MOD - [2005/02/28 19:57:10 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUI5C.DLL
MOD - [2004/09/28 01:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/03/10 14:36:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Messenger32)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/02/06 01:34:52 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/14 04:09:28 | 000,073,464 | ---- | M] (COMODO) [Disabled | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCore.exe -- (BOCore)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/03/03 22:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)


========== Driver Services (SafeList) ==========

DRV - [2011/12/19 18:59:22 | 000,494,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/19 18:59:20 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/26 15:00:32 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/26 15:00:32 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/12/26 15:00:31 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/15 01:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/04/17 14:14:10 | 000,015,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.SYS -- (BOCDRIVE)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/04 21:17:55 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/11/03 18:12:10 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/08/17 13:43:20 | 000,330,240 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/06/08 17:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005/01/10 09:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 09:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/10/25 12:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 10:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F F2 CA 55 46 BC E9 4B 81 31 ED 48 3F EF EA 39 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F F2 CA 55 46 BC E9 4B 81 31 ED 48 3F EF EA 39 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F F2 CA 55 46 BC E9 4B 81 31 ED 48 3F EF EA 39 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F F2 CA 55 46 BC E9 4B 81 31 ED 48 3F EF EA 39 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4F F2 CA 55 46 BC E9 4B 81 31 ED 48 3F EF EA 39 [binary data]
IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 17:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/06 03:53:48 | 000,000,000 | ---D | M]

[2009/06/26 11:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Extensions
[2012/01/06 16:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions
[2010/04/29 04:24:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/14 04:32:10 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2)
[2010/04/19 02:27:36 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(3)
[2010/08/18 23:13:40 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(4)
[2010/10/09 16:30:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(5)
[2010/08/18 23:13:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/08/18 23:13:42 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(2)
[2010/08/17 00:54:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/08/21 01:19:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
[2010/06/28 02:42:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(3)
[2010/07/27 03:26:24 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(4)
[2010/08/18 23:52:37 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/08/18 23:13:41 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}(2)
[2010/03/26 01:21:02 | 000,000,000 | ---D | M] (Amazon Button) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\AmazonHotStuff@wangtom(2).com
[2010/08/18 23:13:41 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\extensions\support@lastpass(2).com
[2009/07/21 11:26:25 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\searchplugins\bing.xml
[2010/03/05 22:51:39 | 000,002,064 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Application Data\Mozilla\Firefox\Profiles\a68qhmyu.default\searchplugins\youtube-video-search.xml
[2011/11/10 16:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BENJAMIN PROVOST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A68QHMYU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BENJAMIN PROVOST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A68QHMYU.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BENJAMIN PROVOST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A68QHMYU.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BENJAMIN PROVOST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A68QHMYU.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI
[2012/01/07 17:46:11 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/05 16:12:12 | 000,229,376 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npcpbrk7.dll
[2009/11/30 18:28:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2003/11/18 12:37:32 | 000,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2009/11/24 12:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2009/11/28 11:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011/05/11 23:20:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 16:41:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/09 14:34:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Benjamin Provost\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Benjamin Provost\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2578987924-3179448702-1791641027-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
 
OTL.txt (continued)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D732B4C-69FE-4DB7-A1FD-D1898D7042A1}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D732B4C-69FE-4DB7-A1FD-D1898D7042A1}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8056995-A140-4724-BC62-8F78DC7D4C91}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: wave1 - 19918014261.CPX File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/11 04:46:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Benjamin Provost\Recent
[2012/01/11 00:32:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/09 19:21:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/09 15:55:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Benjamin Provost\Desktop\OTL.exe
[2012/01/04 12:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin Provost\Desktop\16flashdrive
[2012/01/04 02:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin Provost\Desktop\type 2
[2012/01/04 02:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin Provost\Desktop\systems
[2012/01/04 01:23:27 | 001,005,262 | ---- | C] (pendrivelinux.com) -- C:\Documents and Settings\Benjamin Provost\Desktop\Universal-USB-Installer-1.8.7.5.exe
[2012/01/03 18:31:05 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2012/01/02 00:14:55 | 004,376,389 | R--- | C] (Swearware) -- C:\Documents and Settings\Benjamin Provost\Desktop\ComboFix.exe
[2011/12/30 10:35:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/30 10:35:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/30 10:35:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/30 10:35:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/28 21:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2011/12/28 21:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2011/12/28 20:28:13 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Benjamin Provost\Desktop\aswMBR.exe
[2011/12/28 20:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/12/28 20:11:14 | 085,874,016 | ---- | C] (COMODO) -- C:\Documents and Settings\Benjamin Provost\Desktop\cav_installer.exe
[2011/12/27 15:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/12/27 14:40:58 | 000,000,000 | ---D | C] -- C:\backups
[2011/12/27 14:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/12/23 14:11:11 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Benjamin Provost\Desktop\arose.exe
[2011/12/19 18:59:24 | 000,097,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/12/19 18:59:22 | 000,494,816 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/12/19 18:59:22 | 000,031,704 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/12/19 18:59:20 | 000,018,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/12/19 18:58:58 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/12/19 18:58:56 | 000,301,224 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2005/08/28 17:51:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[26 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp files -> C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/11 00:04:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/11 00:04:22 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/11 00:04:07 | 000,151,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/01/09 19:53:03 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\music2.bmp
[2012/01/09 19:52:44 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\music.bmp
[2012/01/09 15:55:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin Provost\Desktop\OTL.exe
[2012/01/09 14:34:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/09 13:34:40 | 004,376,389 | R--- | M] (Swearware) -- C:\Documents and Settings\Benjamin Provost\Desktop\ComboFix.exe
[2012/01/04 16:09:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\MBR.dat
[2012/01/04 12:43:01 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/04 06:26:50 | 000,000,732 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2012/01/04 01:23:19 | 001,005,262 | ---- | M] (pendrivelinux.com) -- C:\Documents and Settings\Benjamin Provost\Desktop\Universal-USB-Installer-1.8.7.5.exe
[2012/01/03 19:16:24 | 000,075,950 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\worstday homer.jpg
[2012/01/03 14:53:18 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/12/31 15:11:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/31 00:01:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 23:58:58 | 000,013,530 | -HS- | M] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2
[2011/12/30 23:58:58 | 000,013,530 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2
[2011/12/30 09:00:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/28 20:28:03 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Benjamin Provost\Desktop\aswMBR.exe
[2011/12/28 20:24:43 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
[2011/12/28 20:23:43 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/12/28 20:23:43 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
[2011/12/28 20:23:06 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2011/12/28 20:15:52 | 085,874,016 | ---- | M] (COMODO) -- C:\Documents and Settings\Benjamin Provost\Desktop\cav_installer.exe
[2011/12/28 03:29:20 | 000,089,781 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\songity.MUS
[2011/12/27 14:47:31 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\ibnov2bj.exe
[2011/12/27 14:34:05 | 000,251,392 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\hijackthis_sfx.exe
[2011/12/27 13:06:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/23 13:46:42 | 000,014,268 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y6jt60i6vx7dac
[2011/12/23 13:46:40 | 000,014,268 | -HS- | M] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\y6jt60i6vx7dac
[2011/12/19 18:59:24 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/12/19 18:59:22 | 000,494,816 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/12/19 18:59:22 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/12/19 18:59:20 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/12/19 18:58:58 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/12/19 18:58:56 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/12/14 07:58:06 | 002,235,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[26 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp files -> C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/09 19:52:57 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\music2.bmp
[2012/01/09 19:52:40 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\music.bmp
[2012/01/07 03:17:52 | 000,091,345 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\what the heck is this.MUS
[2012/01/07 03:17:42 | 000,089,781 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\songity.MUS
[2012/01/07 03:15:09 | 394,235,022 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\HeartStringTheory at the Stella 6-4-11.wav
[2012/01/04 16:09:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\MBR.dat
[2012/01/03 19:13:54 | 000,075,950 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\worstday homer.jpg
[2011/12/31 00:01:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 23:56:28 | 000,013,530 | -HS- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2
[2011/12/30 23:56:28 | 000,013,530 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\quv20my10cj5tlhuinyj242353h6tak115s14xiosf2
[2011/12/30 10:35:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/30 10:35:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/30 10:35:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/30 10:35:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/30 10:35:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/28 21:32:34 | 000,151,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/12/28 20:24:43 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
[2011/12/28 20:23:43 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/12/28 20:23:43 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
[2011/12/28 20:23:06 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2011/12/27 14:52:55 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\ibnov2bj.exe
[2011/12/27 14:34:21 | 000,251,392 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Desktop\hijackthis_sfx.exe
[2011/12/23 13:54:46 | 000,001,205 | ---- | C] () -- C:\FixNCR.reg
[2011/12/23 13:43:59 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/23 13:11:05 | 000,014,268 | -HS- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\y6jt60i6vx7dac
[2011/12/23 13:11:05 | 000,014,268 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y6jt60i6vx7dac
[2011/11/27 12:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\I8j5y.com.b
[2011/11/27 12:56:58 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xF7tW6h.dat
[2011/11/27 01:18:00 | 000,012,948 | -HS- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\aoekmg7h0xsk3fhh0kqq1s574o1q
[2011/11/27 01:18:00 | 000,012,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aoekmg7h0xsk3fhh0kqq1s574o1q
[2010/05/15 20:49:19 | 000,000,604 | ---- | C] () -- C:\Program Files\STFT Notifier
[2009/07/30 17:13:04 | 000,001,680 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/06/01 13:54:20 | 000,013,888 | ---- | C] () -- C:\WINDOWS\BOC427.INI
[2009/04/12 23:19:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/04/12 23:18:43 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2009/04/12 23:18:43 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2009/01/20 19:42:20 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\WT2
[2009/01/14 12:38:50 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2008/09/27 15:20:54 | 000,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
[2008/03/21 21:21:16 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
[2007/08/12 17:44:55 | 000,000,580 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/07/02 12:21:36 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/05/31 13:10:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/04/14 18:15:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2007/04/14 18:15:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/04/14 18:15:57 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/03/19 18:48:53 | 000,004,519 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/10/29 20:01:11 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/10/26 08:13:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/05/21 10:21:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2006/02/07 19:07:25 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/02/07 19:06:05 | 000,011,585 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/11/24 16:57:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2005/10/17 16:25:25 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/28 20:38:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/09/26 14:48:31 | 000,002,733 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/09/06 17:43:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/09/06 17:09:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/09/01 23:38:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/31 20:52:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/31 18:44:42 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Benjamin Provost\Local Settings\Application Data\fusioncache.dat
[2005/08/31 17:49:38 | 000,000,732 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/28 18:37:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/28 18:27:31 | 000,002,750 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/28 18:21:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/28 18:16:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/08/28 18:16:53 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/08/28 18:16:27 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/08/28 18:16:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/28 18:16:15 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/28 17:51:36 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/08/28 17:51:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/08/28 17:51:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/08/28 17:51:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/08/28 17:51:02 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/04 19:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/15 05:18:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2005/04/15 05:18:38 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2005/04/15 05:18:22 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2005/04/15 04:57:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2005/04/15 04:57:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2005/04/15 04:57:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2005/04/15 04:56:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2005/04/15 04:42:34 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2005/04/12 21:20:38 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2005/04/12 21:19:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2005/02/23 21:14:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2004/08/19 16:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 16:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 16:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 16:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 15:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 15:57:07 | 002,235,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 15:49:47 | 000,678,240 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 15:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 15:49:47 | 000,160,228 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 15:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 15:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 15:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 15:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 15:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 15:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 15:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1999/03/21 20:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/03/22 12:50:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
========== LOP Check ==========

[2009/02/01 00:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2010/06/06 11:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2007/11/17 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/06/19 20:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOC427
[2011/12/30 09:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2008/01/18 17:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/07/26 13:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2007/09/07 18:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
[2008/02/17 18:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/04/22 09:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/01/18 00:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/26 19:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/06 11:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\acccore
[2010/06/06 22:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Ambient Design
[2009/08/11 15:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Any Video Converter
[2011/05/31 13:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Chime
[2012/01/11 00:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Dropbox
[2009/04/22 09:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\FileZilla
[2009/11/30 18:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Foxit
[2010/03/08 13:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Foxit Software
[2009/08/14 13:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\GenieSoft
[2010/07/28 20:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\InfraRecorder
[2006/01/27 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Leadertech
[2010/07/26 13:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\MakeMusic
[2010/06/23 00:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Moyea
[2010/12/27 23:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Notepad++
[2009/08/29 18:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin Provost\Application Data\Trillian
[2009/04/22 09:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\ACAMPREF
[2005/10/24 06:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\Leadertech
[2009/04/22 09:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\MSNInstaller
[2009/04/22 09:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\Registry Cleaner
[2006/10/09 15:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\Systweak
[2007/02/23 08:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne Provost\Application Data\Viewpoint
[2009/02/01 00:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Jetico Personal Firewall
[2009/01/20 19:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Personal Composer DEMO
[2009/04/22 09:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/23 16:21:58 | 000,005,984 | ---- | M] () -- C:\aaw7boot.log
[2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/09/18 16:49:54 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/05/24 12:12:20 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2012/01/09 14:51:50 | 000,152,725 | ---- | M] () -- C:\ComboFix.txt
[2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/08/28 17:56:14 | 000,005,935 | R--- | M] () -- C:\dell.sdr
[2008/09/08 00:35:35 | 000,004,365 | ---- | M] () -- C:\dlbt.log
[2010/04/15 21:42:32 | 000,000,027 | ---- | M] () -- C:\dscript.log
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2011/11/09 01:32:14 | 000,001,205 | ---- | M] () -- C:\FixNCR.reg
[2012/01/11 00:21:11 | 000,303,236 | ---- | M] () -- C:\git_shell_ext_debug.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/01/11 00:04:22 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2005/09/01 21:49:42 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2011/02/12 04:25:04 | 000,001,922 | ---- | M] () -- C:\IPH.PH
[2010/12/26 14:24:35 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2009/04/22 17:51:45 | 000,047,564 | ---- | M] () -- C:\ntdetect.com
[2001/08/23 07:00:00 | 000,674,304 | ---- | M] (Microsoft Corporation) -- C:\NTDLL.DLL
[2009/04/22 17:51:45 | 000,250,048 | ---- | M] () -- C:\ntldr
[2006/12/04 16:30:00 | 000,004,096 | ---- | M] () -- C:\ntldr.srm
[2012/01/11 00:04:08 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2011/12/23 14:06:06 | 000,000,528 | ---- | M] () -- C:\rkill.log
[2005/08/28 18:23:02 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2011/10/04 23:21:50 | 000,000,000 | ---- | M] () -- C:\t10o.1
[2011/03/17 23:52:20 | 000,000,000 | ---- | M] () -- C:\t11k.1
[2011/07/20 22:09:09 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_20.07.2011_23.08.45_log.txt
[2009/09/13 03:47:44 | 000,000,000 | ---- | M] () -- C:\tr8.1
[2010/01/13 00:23:19 | 000,000,000 | ---- | M] () -- C:\tr8.2
[2009/11/19 20:12:56 | 000,000,000 | ---- | M] () -- C:\tro.1
[2010/01/25 20:13:02 | 000,000,000 | ---- | M] () -- C:\ts0.1
[2011/10/03 23:14:30 | 000,000,000 | ---- | M] () -- C:\ts8.1
[2010/03/20 20:05:16 | 000,000,000 | ---- | M] () -- C:\tv0.1
[2011/06/02 22:07:15 | 000,000,000 | ---- | M] () -- C:\tv0.2
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2007/06/12 19:17:33 | 001,326,066 | -HS- | M] () -- C:\vm404.log

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/19 16:06:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/02/28 19:57:40 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/11/25 13:31:09 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/05/15 20:49:19 | 000,000,604 | ---- | M] () -- C:\Program Files\STFT Notifier

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/19 15:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/19 15:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/19 15:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/11/09 01:48:58 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Benjamin Provost\Desktop\arose.exe
[2011/12/28 20:28:03 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Benjamin Provost\Desktop\aswMBR.exe
[2011/12/28 20:15:52 | 085,874,016 | ---- | M] (COMODO) -- C:\Documents and Settings\Benjamin Provost\Desktop\cav_installer.exe
[2012/01/09 13:34:40 | 004,376,389 | R--- | M] (Swearware) -- C:\Documents and Settings\Benjamin Provost\Desktop\ComboFix.exe
[2011/12/27 14:34:05 | 000,251,392 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\hijackthis_sfx.exe
[2011/12/27 14:47:31 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Benjamin Provost\Desktop\ibnov2bj.exe
[2012/01/09 15:55:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin Provost\Desktop\OTL.exe
[2012/01/04 01:23:19 | 001,005,262 | ---- | M] (pendrivelinux.com) -- C:\Documents and Settings\Benjamin Provost\Desktop\Universal-USB-Installer-1.8.7.5.exe
[1 C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp files -> C:\Documents and Settings\Benjamin Provost\Desktop\*.tmp -> ]
< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/21 15:25:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Benjamin Provost\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/11 12:15:38 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\Benjamin Provost\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005/01/28 12:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Back