Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

SVCHOST.EXE infected with Trojan.Agent

Started by oxr52a, Jan 30 2012 09:54 PM

This topic is locked

44 replies to this topic

#21 oxr52a

New Member

Members
24 posts

Posted 11 February 2012 - 07:32 PM

No problem. I hope they went well for you. I have completed the first half of your instructions above, but during Combofix running the computer crashed. It produced the blue screen with the typical message that Windows encountered an error and shut down to prevent damage to the computer. Should I try running Combofix again?

#22 Larusso

Selecta Jahrusso

Experts
877 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 11 February 2012 - 08:31 PM

Hy there,

Yes, please give CF a second run

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

I am away from 14-16th of June !!

#23 oxr52a

New Member

Members
24 posts

Posted 13 February 2012 - 05:56 PM

Hi Daniel,

I have tried running Combofix a few more times and the computer is still crashing. It crashes everytime before Combofix can finish scanning. I have made certain that I my antivirus software is off and that I downloaded the most current Combofix. Can you suggest anything I can do so that the Combofix may run completely?

Thank you,

#24 Larusso

Selecta Jahrusso

Experts
877 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 14 February 2012 - 10:24 AM

Could you remember on which "Stage" CF crashed ?

Also, please look for a Combofix.txt in C:\Qoobox.
If exists, please post it here

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

I am away from 14-16th of June !!

#25 oxr52a

New Member

Members
24 posts

Posted 15 February 2012 - 10:11 PM

Hi Daniel,

You'll never guess what happened, I started Combofix so I could watch it run and see where the crash was occuring and the scan ran completely! Maybe one day I will understand this stuff. First here is OTL fix text file and the Combofix text after.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
File C:\Program Files (x86)\Incredibar.com not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\lib folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\MyStart Search.xml moved successfully.
C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\safesearch.xml moved successfully.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Prefs.js: "http://mystart.incre...6OypJgPEHA&i=26" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.2.3.3 removed from extensions.enabledItems
Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3 removed from extensions.enabledItems
C:\Users\Nolan Scott\AppData\Local\cxd8o8j8hsar moved successfully.
C:\ProgramData\cxd8o8j8hsar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33184 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nolan Scott
->Temp folder emptied: 1162692 bytes
->Temporary Internet Files folder emptied: 465225983 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40342622 bytes
->Google Chrome cache emptied: 268654852 bytes
->Flash cache emptied: 3815 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1182884382 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,868.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02112012_173328
Files\Folders moved on Reboot...
C:\Users\Nolan Scott\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\etilqs_GrcyLxDgx6MINFOgJ856 moved successfully.
C:\Windows\temp\etilqs_iCmkNXGcKIav7cyNJ1Ke moved successfully.
C:\Windows\temp\etilqs_IhezocUxugIsw6gweelq moved successfully.
C:\Windows\temp\etilqs_ITVeAqkQfPaVx63mnwIo moved successfully.
C:\Windows\temp\etilqs_PchV7yuSPSsZQdOSOrte moved successfully.
C:\Windows\temp\etilqs_rZ6c5u9nLZUzaK8P5z1W moved successfully.
C:\Windows\temp\etilqs_THc8uwPTXtGnKuNImNH5 moved successfully.
C:\Windows\temp\etilqs_vNNNUP3lh7yQWlasxY3M moved successfully.
File\Folder C:\Windows\temp\fla1D1C.tmp not found!
File\Folder C:\Windows\temp\fla2198.tmp not found!
File\Folder C:\Windows\temp\fla2989.tmp not found!
File\Folder C:\Windows\temp\fla3A9C.tmp not found!
File\Folder C:\Windows\temp\fla6093.tmp not found!
File\Folder C:\Windows\temp\fla7B32.tmp not found!
File\Folder C:\Windows\temp\fla9567.tmp not found!
File\Folder C:\Windows\temp\flaA206.tmp not found!
File\Folder C:\Windows\temp\flaA525.tmp not found!
File\Folder C:\Windows\temp\flaB005.tmp not found!
File\Folder C:\Windows\temp\flaB3BD.tmp not found!
File\Folder C:\Windows\temp\flaB963.tmp not found!
File\Folder C:\Windows\temp\flaD60D.tmp not found!
Registry entries deleted on Reboot...

ComboFix 12-02-15.01 - Nolan Scott 02/15/2012 21:15:50.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5899 [GMT -5:00]
Running from: c:\users\Nolan Scott\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 02:21 . 2012-02-16 02:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 22:33 . 2012-02-11 22:33 -------- d-----w- C:\_OTL
2012-02-07 02:11 . 2012-02-07 02:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6B61.tmp
2012-02-07 02:11 . 2012-02-07 02:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6B60.tmp
2012-02-03 23:52 . 2012-02-03 23:52 -------- d-----w- c:\program files\Western Digital
2012-02-02 23:09 . 2012-02-02 23:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-01 00:22 . 2012-02-01 00:22 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\AppClient
2012-01-29 18:17 . 2012-01-31 03:12 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Deployment
2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Apps
2012-01-28 20:06 . 2012-01-28 20:06 -------- d-----w- c:\windows\Sun
2012-01-28 13:41 . 2012-01-28 19:49 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091
2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BB0.tmp
2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BAF.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-28 13:41 . 2010-03-10 16:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-10 20:24 . 2010-03-10 16:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 14:48 . 2011-05-27 00:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-19 00:22 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2012-01-03 11:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{992FA99F-1C48-4FAB-81EB-F8EDD821CD34}\mpengine.dll
2011-11-19 14:58 . 2012-01-12 00:27 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-12 00:27 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-02_23.29.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-01 02:01 . 2012-02-14 00:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-02-01 02:01 . 2012-01-31 23:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-01-28 19:55 . 2012-02-15 07:16 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-12-02 03:13 . 2012-02-16 02:24 64692 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-16 02:24 32166 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-10 15:57 . 2012-02-16 02:24 23488 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-691728720-1317653375-3200975859-1001_UserData.bin
+ 2009-07-14 05:30 . 2012-02-03 23:53 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-01-31 03:18 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-02-16 22:53 . 2011-02-16 22:53 14464 c:\windows\system32\DriverStore\FileRepository\wdcsam.inf_amd64_neutral_782a203832146fb2\wdcsam64.sys
- 2010-03-10 15:50 . 2012-01-31 02:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-10 15:50 . 2012-02-13 22:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-10 15:50 . 2012-01-31 02:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-11 22:41 . 2012-02-13 22:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-13 22:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-31 02:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-02-09 02:36 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-02-02 23:10 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-04 03:12 . 2012-02-04 03:12 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-12-19 01:35 . 2011-12-19 01:35 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-12-19 01:35 . 2011-12-19 01:35 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-02-04 03:12 . 2012-02-04 03:12 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-02-26 17:06 . 2009-02-26 17:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 17:06 . 2009-02-26 17:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2009-02-26 22:43 . 2009-02-26 22:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 21:45 . 2009-02-26 21:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 17:06 . 2009-02-26 17:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 17:06 . 2009-02-26 17:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2010-06-07 02:25 . 2012-02-08 02:16 6220 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-16 02:22 . 2012-02-16 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-02 23:28 . 2012-02-02 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-16 02:22 . 2012-02-16 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-02 23:28 . 2012-02-02 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-13 19:58 . 2012-02-02 23:01 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-13 19:58 . 2012-02-16 02:23 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-02-02 23:01 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-16 02:23 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-11 07:06 . 2012-02-03 11:24 320458 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:30 . 2012-01-31 03:18 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-02-03 23:53 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-02-03 23:53 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-01-31 03:18 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-02-02 23:27 321104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-16 02:21 321104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-03 23:53 . 2012-02-03 23:53 410598 c:\windows\Installer\{23B47A34-0517-48DA-8B76-015DA8546893}\WDSmartWare_1.exe
+ 2008-10-25 05:51 . 2008-10-25 05:51 844696 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\OICE.EXE
+ 2009-07-14 04:54 . 2012-02-16 02:23 6176768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-02 23:01 6176768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-02-04 13:18 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-02-02 00:07 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-03-10 18:42 . 2012-02-01 04:40 2784688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-03-10 18:42 . 2012-02-07 02:11 2784688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-03-10 18:42 . 2012-02-16 02:21 9847786 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-8192.dat
+ 2011-07-07 07:58 . 2011-07-07 07:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 05:14 . 2011-08-03 05:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2012-02-04 03:10 . 2011-08-30 04:21 12872704 c:\windows\SysWOW64\shell32.dll
+ 2009-07-14 04:54 . 2012-02-16 02:23 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-02 23:01 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-01-26 08:16 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-02-04 03:14 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-02-04 03:10 . 2011-08-30 05:25 14173184 c:\windows\system32\shell32.dll
+ 2010-11-05 13:53 . 2012-02-16 02:21 63037080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-4096.dat
+ 2010-11-26 19:39 . 2012-02-16 02:21 12106660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-09-15 23:37 . 2011-09-15 23:37 38176256 c:\windows\Installer\9a6b40.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 37148160 c:\windows\Installer\9a6b26.msp
+ 2011-08-01 15:13 . 2011-08-01 15:13 11027968 c:\windows\Installer\408559.msi
+ 2011-08-04 00:53 . 2011-08-04 00:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120214.003\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22]
.
2012-02-13 c:\windows\Tasks\HPCeeScheduleForNolan Scott.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133
FF - ProfilePath - c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton Vulnerability Protection: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.instlDay - 15353
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHA
FF - user.js: extensions.incredibar_i.upn2n - 92260720934036790
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-02-15 21:50:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 02:50
ComboFix2.txt 2012-02-03 22:33
ComboFix3.txt 2012-02-02 23:34
.
Pre-Run: 805,090,062,336 bytes free
Post-Run: 805,716,172,800 bytes free
.
- - End Of File - - 3E329E7F76DB6DC997810D8B593ABD6A

#26 Larusso

Selecta Jahrusso

Experts
877 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 16 February 2012 - 08:06 AM

You can compare this with this situation.

Windows gives you a Bluescreen, reboots and the bluescreen never comes back and all works as did before.
We, in the IT, call things like that "It is magic" cause we will never sort out why this happens

The MyStart Toolbar comes back everytime, and we may end up in creating a new userprofile in FF.
Lets try this first.

Open notepad and copy/paste the text in the Code-box below into it:

FireFox::
FF - ProfilePath - c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.instlDay - 15353
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHA
FF - user.js: extensions.incredibar_i.upn2n - 92260720934036790
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26

DirLook::
c:\users\Nolan Scott\AppData\Roaming\Mozilla\Extensions
c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\Extensions

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please press the Posted Image

+ R Key and type notepad into the Run box.
Copy/paste the entire contents of the codebox below, into notepad:

@echo off
for %%g in (
c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\user.js
) do (
zip "%userprofile%\desktop\Firefox" %%g
)
del %0

Now on the top of the window choose File --> Save as
Into the Save as line type in grab.bat
Change the Save as type to All Files (*.*)
Save it on your Desktop.

It should look like this
Run the grab.bat with right- click and choose "Run as Admin"

A Firefox.zip file will be created on your desktop. Please attach this here.

Please post in your next reply
Combofix.txt
Firefox.zip
Note any open issues

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

I am away from 14-16th of June !!

#27 oxr52a

New Member

Members
24 posts

Posted 17 February 2012 - 04:23 PM

Does creating the Firefox.zip typically take very long? I saved and ran it as you instructed, then a separate window opened and quickly disappeared (along with the grab.bat file on the desktop). I have not yet seen it return a Firefox.zip (it has been roughly 1 hour since I ran grab.bat)

Thank you!

#28 Larusso

Selecta Jahrusso

Experts
877 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 18 February 2012 - 04:34 AM

It should only take a few seconds but I made a typo.

Please try this batch

@echo off
for %%g in (
"c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\user.js"
) do zip "%userprofile%\desktop\Firefox" %%g
del %0

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

I am away from 14-16th of June !!

#29 oxr52a

New Member

Members
24 posts

Posted 18 February 2012 - 02:09 PM

Okay, that worked. Here they are, I need to make two posts. The computer is booting slowly, browsing slowly and still crashes periodically.

ComboFix 12-02-16.02 - Nolan Scott 02/16/2012 20:19:35.9.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5838 [GMT -5:00]
Running from: c:\users\Nolan Scott\Desktop\ComboFix.exe
Command switches used :: c:\users\Nolan Scott\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 01:27 . 2012-02-17 01:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 00:41 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 00:41 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 00:41 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 00:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 00:41 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 00:41 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 00:41 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 00:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-11 22:33 . 2012-02-11 22:33 -------- d-----w- C:\_OTL
2012-02-07 02:11 . 2012-02-07 02:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6B61.tmp
2012-02-07 02:11 . 2012-02-07 02:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6B60.tmp
2012-02-03 23:52 . 2012-02-03 23:52 -------- d-----w- c:\program files\Western Digital
2012-02-02 23:09 . 2012-02-02 23:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-01 00:22 . 2012-02-01 00:22 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\AppClient
2012-01-29 18:17 . 2012-01-31 03:12 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Deployment
2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Apps
2012-01-28 20:06 . 2012-01-28 20:06 -------- d-----w- c:\windows\Sun
2012-01-28 13:41 . 2012-01-28 19:49 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091
2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BB0.tmp
2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BAF.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-28 13:41 . 2010-03-10 16:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-10 20:24 . 2010-03-10 16:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 14:48 . 2011-05-27 00:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2012-01-03 11:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{992FA99F-1C48-4FAB-81EB-F8EDD821CD34}\mpengine.dll
2011-11-19 14:58 . 2012-01-12 00:27 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-12 00:27 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Nolan Scott\AppData\Roaming\Mozilla\Extensions ----
.
.
---- Directory of c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\Extensions ----
.
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-16_02.24.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-16 04:22 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-12-19 01:22 . 2011-11-03 22:32 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-02-16 04:22 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-12-19 01:22 . 2011-11-03 22:37 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-02-16 04:22 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
- 2011-12-19 01:22 . 2011-11-03 22:37 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-01-28 19:55 . 2012-02-15 07:16 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-28 19:55 . 2012-02-17 00:24 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-12-02 03:13 . 2012-02-17 01:30 64882 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-17 01:30 32246 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-10 15:57 . 2012-02-17 01:30 24258 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-691728720-1317653375-3200975859-1001_UserData.bin
- 2011-12-19 01:22 . 2011-11-04 01:35 96256 c:\windows\system32\mshtmled.dll
+ 2012-02-16 04:22 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
- 2011-12-19 01:22 . 2011-11-04 01:41 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-02-16 04:22 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-02-16 04:22 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
- 2011-12-19 01:22 . 2011-11-04 01:41 85504 c:\windows\system32\jsproxy.dll
+ 2010-03-10 15:50 . 2012-02-17 01:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-10 15:50 . 2012-02-13 22:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-11 22:41 . 2012-02-13 22:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-11 22:41 . 2012-02-17 01:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 01:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-13 22:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-02-17 00:41 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-16 04:28 . 2012-02-16 04:28 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-16 04:27 . 2012-02-16 04:27 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-12 03:07 . 2012-01-12 03:07 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-12 03:07 . 2012-01-12 03:07 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-16 04:27 . 2012-02-16 04:27 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-09-13 00:03 . 2012-02-16 04:25 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-09-13 00:03 . 2012-01-12 03:17 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-09-13 00:03 . 2012-01-12 03:17 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-09-13 00:03 . 2012-02-16 04:25 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-09-13 00:03 . 2012-01-12 03:17 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-09-13 00:03 . 2012-02-16 04:25 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-09-13 00:03 . 2012-02-16 04:25 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-09-13 00:03 . 2012-01-12 03:17 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-06-04 07:01 . 2011-10-13 07:09 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 07:01 . 2012-02-16 04:26 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 73728 c:\windows\assembly\NativeImages_v2.0.50727_64\UIXControls\66de33e46703dd18ec7d3045452bede9\UIXControls.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\265f654b8eed2ac1e42d225a30433c37\System.Windows.Presentation.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\62889e05923a83fa32400e7f3b28f9c6\System.Web.DynamicData.Design.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\c1577aa4e5874f1debc9a63343e5a0d7\PresentationFontCache.ni.exe
+ 2012-02-16 21:29 . 2012-02-16 21:29 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\697c9c4ec947a0a5e21bc9e4c6471b74\PresentationCFFRasterizer.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\2d80e48139b13bf06e85c0c1db06bc20\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\df5c0dac9e7db175acc8a9755942f87f\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8a9356f77bd1d1155202f59119ee57c9\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4e53199f22c13aa3e4bc6f063da0aee7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0f361440d7cbda4bf5b44bfbd4623812\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-16 22:58 . 2012-02-16 22:58 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f8f0b08845fb76dfcf57e00d86fc13fc\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\8cd347067dbe1ec5a79c9d261d2d75d9\LoadMxf.ni.exe
+ 2012-02-16 22:58 . 2012-02-16 22:58 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\4089bf2cec6e1a1539076c5bd6d95ce7\ehiTVMSMusic.ni.dll
+ 2012-02-17 00:00 . 2012-02-17 00:00 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\f15fa2345f2673b95ac0570da21525f2\WindowsLiveWriter.ni.exe
+ 2012-02-17 00:01 . 2012-02-17 00:01 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bcfabefedbeb1188aa4e53769aeac91b\WindowsLive.Writer.Passport.ni.dll
+ 2012-02-16 22:22 . 2012-02-16 22:22 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\dcdbd6714f689d7be2a15fe8ed1bc095\PresentationCFFRasterizer.ni.dll
+ 2012-02-16 04:23 . 2012-02-17 01:27 4338 c:\windows\SoftwareDistribution\PostRebootEventCache\{1BA040DA-02A4-4F92-BAE9-7B4B67FFDA23}.bin
- 2012-02-16 02:22 . 2012-02-16 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-17 01:28 . 2012-02-17 01:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-16 02:22 . 2012-02-16 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-17 01:28 . 2012-02-17 01:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-13 00:03 . 2012-02-16 04:25 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-09-13 00:03 . 2012-01-12 03:17 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2012-02-16 04:22 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
- 2011-12-19 01:22 . 2011-11-03 22:38 231936 c:\windows\SysWOW64\url.dll
- 2011-12-19 01:22 . 2011-11-03 22:34 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-02-16 04:22 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
- 2011-12-19 01:22 . 2011-11-03 22:28 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-02-16 04:22 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
+ 2010-03-13 19:58 . 2012-02-17 01:29 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-13 19:58 . 2012-02-16 02:23 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-02-17 01:29 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-16 02:23 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-16 04:22 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
- 2011-12-19 01:22 . 2011-11-04 01:43 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-01-12 03:07 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-16 04:27 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-12 03:07 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-16 04:27 106316 c:\windows\system32\perfc009.dat
+ 2012-02-16 04:22 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
- 2011-12-19 01:22 . 2011-11-04 01:39 818688 c:\windows\system32\jscript.dll
+ 2012-02-16 04:22 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
- 2011-12-19 01:22 . 2011-11-04 01:30 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:45 . 2012-02-16 21:03 361680 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2011-12-19 10:08 361680 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:01 . 2012-02-17 01:27 321104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-16 02:21 321104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-12 03:09 . 2012-01-12 03:09 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-12 03:08 . 2012-02-16 04:28 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-12 03:08 . 2012-02-16 04:28 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-16 04:27 . 2012-02-16 04:27 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 03:07 . 2012-01-12 03:07 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 03:07 . 2012-01-12 03:07 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-16 04:27 . 2012-02-16 04:27 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-09-13 00:03 . 2012-02-16 04:25 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-09-13 00:03 . 2012-01-12 03:17 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-09-13 00:03 . 2012-01-12 03:17 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2010-09-13 00:03 . 2012-02-16 04:25 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-09-13 00:03 . 2012-01-12 03:17 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-09-13 00:03 . 2012-02-16 04:25 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-09-13 00:03 . 2012-01-12 03:17 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-09-13 00:03 . 2012-02-16 04:25 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2012-01-12 03:09 . 2012-01-12 03:09 288616 c:\windows\assembly\temp\FDBJJIGTFE\System.Transactions.dll
+ 2012-01-12 03:08 . 2012-01-12 03:08 125440 c:\windows\assembly\temp\3RXOCV2IGL\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\6bc2cf9d31ae7e22349af3ddb1306c96\System.Xml.Linq.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\f9e5fcb862d898327924fcac2ff47c4d\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\5f61f0305f22aed705e0680f58fc5d89\System.Transactions.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\d8342f4b914e190a9e5c89c7703dd11f\System.Security.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\9426384a1d2d2e815e093a0fe88da585\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\73d3849c909668636452b43f54edb54e\System.Runtime.Remoting.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\fef2650a5b3bf39527150b4058762611\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\994e60f26b11755207e9c7ebb9fd688b\System.Dynamic.ni.dll
+ 2012-02-17 01:27 . 2012-02-17 01:27 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\938f42c2d694b3935ca890fee7d0c8a7\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 01:27 . 2012-02-17 01:27 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\cde466cd9b88dc7857c40ac43bf7632c\System.Configuration.Install.ni.dll
+ 2012-02-17 01:27 . 2012-02-17 01:27 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\081bebeff0574ed1969b05eafab5b342\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 01:27 . 2012-02-17 01:27 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\e88489a8cc6a68a7ebb4617d1a20e5e7\System.AddIn.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\ba36345815c2011c3f054ebee01a0569\System.Activities.DurableInstancing.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\70edc7fbf7505880ab1652b35f6e9517\SMSvcHost.ni.exe
+ 2012-02-17 01:25 . 2012-02-17 01:25 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\9d160b8d7c69ce50ac1db59a8fa2bcb5\SMDiagnostics.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\dbb2bb145d0bac0d0615f52739ad2702\PresentationFramework.Aero.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\4d9a6f376f83a6ea5b71a678566ee1de\PresentationFramework.Royale.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\3ec560f5f3b643e02b6025363034d624\PresentationFramework.Luna.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1767cdd5d245b5087045d1ad2fbdd8fd\PresentationFramework.Classic.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 421888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b2f041e3a657e1cec82954a72e0106fb\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\385ffb17c4890d76682d1d0c81f39e09\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\f7ddf9585d0b4b46437dc07b50955b64\System.Security.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\746a79ac47809d2658daf85f2b5a2ad9\System.Dynamic.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a58dbf4346bc2bd65df689cb6b25326c\System.ComponentModel.Composition.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\870a3f81e3fa889dfd5f63ea813d1bb5\PresentationFramework.Royale.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5bf1ff80129ae0bca17f47ccf3dbc0c4\PresentationFramework.Classic.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\590ab08a24d15cb6891608c80fdebb1a\PresentationFramework.Luna.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\600f8ca5fcc54f10623903952fcc10ac\WsatConfig.ni.exe
+ 2012-02-16 23:03 . 2012-02-16 23:03 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\ddb96c334583dc79463edcb14ae16c99\WindowsFormsIntegration.ni.dll
+ 2012-02-17 00:34 . 2012-02-17 00:34 353280 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\6fc4601977b374ec94be988a6b1c8d69\WindowsFormsIntegration.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\152b577b846875cb3ac5e2097451daf0\UIAutomationClient.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\fb5fce5cf09733b71a796d1da399f07a\TaskScheduler.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\bc3bbe78635aeacaeea3b310ea5ff002\System.Xml.Linq.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\894b696a87ad47b5e18ac89954813a94\System.Web.Routing.ni.dll
+ 2012-02-16 22:28 . 2012-02-16 22:28 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\ed681c0aefa909f528d50d0d7f87b799\System.Web.RegularExpressions.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\a6885ee42ea49eb80f1bd18a5252684d\System.Web.Entity.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\88ffeea88ac9ce23de0c5a27a95e773a\System.Web.Entity.Design.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\7a311c3305dbbd5cfa2613997608a4ae\System.Web.DynamicData.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\e5069f3c90b4413dd2f3dc226c80bc68\System.Web.Abstractions.ni.dll
+ 2012-02-16 22:26 . 2012-02-16 22:26 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\caa6d0e3ec056ab964616da777c2fcb1\System.Transactions.ni.dll
+ 2012-02-16 22:28 . 2012-02-16 22:28 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\872d9ab7e9259b407668c38b6112499e\System.ServiceProcess.ni.dll
+ 2012-02-16 21:28 . 2012-02-16 21:28 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\ffc67ee81b75ac04dfc1fee6a7fef8c5\System.Security.ni.dll
+ 2012-02-16 21:29 . 2012-02-16 21:29 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\bc8c5bdae37a113b2274279ceb94d6d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\e238ca4ca02f9309283c98e1a4235bbd\System.Net.ni.dll
+ 2012-02-16 22:57 . 2012-02-16 22:57 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\9880905a6fde778e564adf54b2afbaa5\System.Messaging.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\c340633057ed6b9ffcf2214cb348a1fa\System.Management.Instrumentation.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\c24a84d54ad05618cf6cab545c31b06b\System.IO.Log.ni.dll
+ 2012-02-16 22:57 . 2012-02-16 22:57 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\2ba95581264a766410a6dbbe767c5ed8\System.IdentityModel.Selectors.ni.dll
+ 2012-02-16 22:26 . 2012-02-16 22:26 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\dbd535c6b73a9d9ffab8b91124ea7dda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 22:28 . 2012-02-16 22:28 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\f1fd4593259aaf5fd2b2e9a7aed2d8cb\System.Drawing.Design.ni.dll
+ 2012-02-16 22:28 . 2012-02-16 22:28 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\3c2c8f083f34a3c75e0aa17ef9ac4127\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\be6635364f1af379afff83dd877a4e03\System.Data.Services.Design.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\027959159200e828ccfddaef5f01b3a9\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 22:28 . 2012-02-16 22:28 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\e71e38d2ca2cd291467d890336f45931\System.Configuration.Install.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\8c954be3f8d070b1364844741ff4b4b1\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\bd9159951d0caa9bf5c90c44fc96661b\System.AddIn.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\8bfc7a328911ae69686576bd24f4f771\SMSvcHost.ni.exe
+ 2012-02-16 22:57 . 2012-02-16 22:57 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\823bd996cb5aefd6c2b2fa7e19e0ef40\SMDiagnostics.ni.dll
+ 2012-02-16 22:29 . 2012-02-16 22:29 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\cc864feeea3e918e3d9790b301bb2004\PresentationFramework.Royale.ni.dll
+ 2012-02-16 22:29 . 2012-02-16 22:29 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\ab440c134c4d619f82ba6eab569c8fed\PresentationFramework.Luna.ni.dll
+ 2012-02-16 22:29 . 2012-02-16 22:29 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0e79d12dc8bede29dc337dba8d803bfa\PresentationFramework.Aero.ni.dll
+ 2012-02-16 22:29 . 2012-02-16 22:29 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0e6121dbd31ce6b51354b38075dc9007\PresentationFramework.Classic.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\9c808282a0cfdc5bafcb43e1778d97d6\napsnap.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\616ce317134d4225fc7eec80f9351855\napinit.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\a4b5d98bf175a3f10c47f223195c34b0\MSBuild.ni.exe
+ 2012-02-16 22:59 . 2012-02-16 22:59 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\b94e1c9115d8e37e734b27b48f54d236\MMCFxCommon.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\04532b2b5174ca249e01a8b21d0ba6fd\Microsoft.WSMan.Management.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\5cd854d075caf8b50de3c803b4303e03\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\cb1c199305d00b2424e707311eb9dcfd\Microsoft.Vsa.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b2438f632ab1dcbb1cb91c5a1226aaf1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d7f5b39fba028d2f9e2b3a772845a2a6\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99bb7896ddbe74236efaa97733c63cbc\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\71542ecf96342dc1464fe471852be89a\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0bafa5e2dc431bb12108395cf2e18773\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ddd2f252bea1cce14bb498257992635a\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cf9be66d53dddbf49b75cead76ef3cea\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\55172dec8f1353d1a8d9cdc4c0b9fac0\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5495e7eca3dac7eee473e30a3611f178\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\35ce662c1368782ede0852134106ea43\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\505549b05e5c3ceccd26ad9c398381e8\Microsoft.ManagementConsole.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f356844d3667b88d03bde2ae524659b6\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\86f7fa65013864ae7da2fba058199dae\Microsoft.Build.Utilities.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\c467a4d9eeda620e3e7602a9ecf9ae76\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\304068df803748d7743a6a4dc344915f\Mcx2Dvcs.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\fb79aad0c745ff7b45151bc58b4dc8e9\mcupdate.ni.exe
+ 2012-02-16 22:58 . 2012-02-16 22:58 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\4a29229fecf805779bee25b756d78a0d\mcstoredb.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\8affc4346a86b80727282966ce58662b\mcplayerinterop.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\756a74d6b322877662a0f6da4bc7d8e6\mcGlidHostObj.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\2ce02776e0f2f1770f4bb77e1f6d7472\MCESidebarCtrl.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\956ca0e08e881df7f16f7d6d1381f71d\EventViewer.ni.dll
+ 2012-02-16 22:58 . 2012-02-16 22:58 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\307ca4b67db79b05b4781634ea8ec0d7\ehRecObj.ni.dll
+ 2012-02-16 22:58 . 2012-02-16 22:58 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5f53457f49927ecf00156d20466cc5a6\ehExtHost.ni.exe
+ 2012-02-16 22:58 . 2012-02-16 22:58 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b49168b11f5f60ddafed2ab1fdd4540f\ehCIR.ni.dll
+ 2012-02-16 22:56 . 2012-02-16 22:56 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f2808fb3389d3e28e2b0223dcd654e02\ComSvcConfig.ni.exe
+ 2012-02-16 22:55 . 2012-02-16 22:55 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\45af2aab82a69a1a6fe0f7cef4024673\BDATunePIA.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\378a75654ab243a7c87425580ef5247f\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e8295ba92cc9500c11e4326da94aa23d\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccd8a870d49f1f6901964f3009e44704\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bc3de6e386e49d56770ce7026b0b0b42\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa6f0d8e2ce841ad6cfa150e7d19cbbf\WindowsLive.Writer.Controls.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8fb8f7ad92da63392ebd50214f98966c\WindowsLive.Writer.Interop.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\613e9162c5a92e05695b8ec520b6a6f5\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\54a1c00276597643ced64cad94707c44\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\52df063720cfdfb7e286e6c575bcdc98\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3dc4ea44bcc90dc7fdd088969895feb6\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\369786c29e4bb601f95f4c9f38ca4fb1\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\22e9d9744c2bf7881ac1662232d688c2\WindowsLive.Writer.Api.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\203986a6f0128bf77b62f19d8b1076cf\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\7d367b5b97b897ff0e52d30b0a02d4ba\WindowsLive.Client.ni.dll
+ 2012-02-16 21:47 . 2012-02-16 21:47 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8AC1.tmp\System.Configuration.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\84ee5a23a20b65773686657254ea9831\System.Web.RegularExpressions.ni.dll
+ 2012-02-16 22:23 . 2012-02-16 22:23 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
+ 2012-02-16 22:20 . 2012-02-16 22:20 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\dc4a4350f8c0c0919b5fb78f0c44291b\System.Security.ni.dll
+ 2012-02-16 22:22 . 2012-02-16 22:22 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\adb2fc93e7a4462eb399442c678be681\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 22:23 . 2012-02-16 22:23 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
+ 2012-02-16 22:23 . 2012-02-16 22:23 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 22:23 . 2012-02-16 22:23 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\a09d397c3a4eb60b04a0628cc187ce34\System.Drawing.Design.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\eebb837dbb8e5781e448c72eeda27983\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 22:19 . 2012-02-16 22:19 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\47e25ae9163f4624a66f99ede0ea98fe\System.Configuration.Install.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fbcb09488417e40b6f7f7737f737bbfd\PresentationFramework.Luna.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbd1929fa377b354903e37469838d9a1\PresentationFramework.Classic.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4ff6c887092d4db687441d71e2c812ff\PresentationFramework.Royale.ni.dll
+ 2012-02-17 00:00 . 2012-02-17 00:00 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\d89086a63a9d85aa9d719d7088e5ae69\BDATunePIA.ni.dll

Attached Files

Firefox.zip 22bytes 7 downloads

#30 oxr52a

New Member

Members
24 posts

Posted 18 February 2012 - 02:09 PM

- 2011-12-19 01:22 . 2011-11-03 22:39 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-02-16 04:22 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
- 2011-12-19 01:22 . 2011-11-03 22:40 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-02-16 04:22 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-02-16 04:22 . 2011-12-14 03:04 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-02-16 04:22 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
- 2011-12-19 01:22 . 2011-11-03 22:32 1792000 c:\windows\SysWOW64\iertutil.dll
- 2011-12-19 01:22 . 2011-11-03 22:46 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-02-16 04:22 . 2011-12-14 03:10 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2009-07-14 04:54 . 2012-02-17 01:29 6176768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-16 02:23 6176768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-16 04:22 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
- 2011-12-19 01:22 . 2011-11-04 01:44 1390080 c:\windows\system32\wininet.dll
+ 2012-02-16 04:22 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
- 2011-12-19 01:22 . 2011-11-04 01:46 1345536 c:\windows\system32\urlmon.dll
+ 2012-02-16 04:22 . 2011-12-14 07:11 2308096 c:\windows\system32\jscript9.dll
- 2011-12-19 01:22 . 2011-11-04 01:36 2144256 c:\windows\system32\iertutil.dll
+ 2012-02-16 04:22 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2012-02-04 13:18 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-02-16 22:25 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-03-10 18:42 . 2012-02-07 02:11 2784688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-03-10 18:42 . 2012-02-17 01:27 2784688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-03-10 18:42 . 2012-02-16 02:21 9847786 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-8192.dat
+ 2010-03-10 18:42 . 2012-02-17 01:27 9847786 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-8192.dat
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
- 2011-08-10 20:28 . 2011-05-04 22:31 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-02-16 00:41 . 2011-10-31 23:15 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-08-10 20:28 . 2011-05-04 22:32 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-16 00:41 . 2011-10-31 23:16 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-12 03:09 . 2012-01-12 03:09 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-16 04:27 . 2012-02-16 04:27 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-12 03:07 . 2012-01-12 03:07 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-12 03:07 . 2012-01-12 03:07 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-16 04:27 . 2012-02-16 04:27 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-12 03:08 . 2012-01-12 03:08 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-16 04:28 . 2012-02-16 04:28 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-26 21:36 . 2011-10-26 21:36 2829312 c:\windows\Installer\508fc1.msp
+ 2012-01-25 19:55 . 2012-01-25 19:55 5520384 c:\windows\Installer\508faa.msp
+ 2012-01-12 03:08 . 2012-01-12 03:08 3116376 c:\windows\assembly\temp\NJ9TVR0162\System.Data.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\9d5feeb6727e222673d5bd89f0620ddd\WindowsBase.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ff247393a6deb90d63811aa88c84dc7e\System.Xml.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\e158bd31f13cbc20f6fc7c7f426113d7\System.Xaml.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\717540eea541a2769a6cf621fd948678\System.Runtime.Serialization.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\dc7fbde064d5710780a6b8f27554dc57\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\31c34917df5f24f1ffdd62bfa23f2fb7\System.Printing.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\fef2650a5b3bf39527150b4058762611\System.EnterpriseServices.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0443ad47a6be56beca12a7a13261c8ed\System.Drawing.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\026c74ff72ba4fce837134953778e755\System.DirectoryServices.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\e8e5fcc8e7eb9ce898be3c22e8902ee4\System.Deployment.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\8d734fe538fe6f226eab465c8d8e3d5c\System.Data.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\83aa1c4f17f57067d3be29e560331349\System.Data.SqlXml.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\2672be84bcad1c772163d15db0e2864e\System.Configuration.ni.dll
+ 2012-02-17 01:27 . 2012-02-17 01:27 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\228bb21cab2c9ce2f69d5e24a9352a3f\System.ComponentModel.Composition.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\36f5aa69b510e3aeb24ef402d12c20e0\System.Activities.ni.dll
+ 2012-02-17 01:27 . 2012-02-17 01:27 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\7be5ac01354a0c03d5587607687de1e1\System.Activities.Presentation.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\8d549e47084ec2661c944a1eeb9a2be5\System.Activities.Core.Presentation.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8d8f46afc9b2b65144f29a609f63398e\ReachFramework.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\735f127d0957bacdfe6522f0b8a2dcb0\PresentationUI.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\710482e876a08aaf596a1418b13eb349\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6b82e7a7001a661cb712067b75b7c5ec\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\60ff6c1510fb0e2d70e616650eb7ae47\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2e6537fafd64c81032b0aaebb7d3180a\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 01:24 . 2012-02-17 01:24 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\1cf22b5ea0ef63e71b6416a36b656b8a\Microsoft.CSharp.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll
+ 2012-02-16 04:30 . 2012-02-16 04:30 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\25a90057cd6623c3b3cc07e53c8de77a\System.Data.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\79ff5fcb68fc0f3dce4571f8fa950a51\System.Data.SqlXml.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\ae45172466a99ef79ed2ab3ae5ad0ef9\System.Data.Linq.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\bc7e22b7991a4f23c6bb9e83e2241d05\Microsoft.CSharp.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 5660672 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneShell\a903b2f03be177019632a901da23fc76\ZuneShell.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 3635712 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\af0bae3e5840d2ac89aefcb53d7b2470\ZuneDBApi.ni.dll
+ 2012-02-16 21:28 . 2012-02-16 21:28 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\a6d9b6658c7778345cc60fe0d9bb6e64\WindowsBase.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 6220288 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX\da8d3e8b1197688b343080488ce7c70c\UIX.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 2632704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX.RenderApi\8136aa0561a5fa7c0de1404148163c56\UIX.RenderApi.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\dac9f71ca1332da2a359e2d07589b7e9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 21:27 . 2012-02-16 21:27 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\e04d9231de2f5d2ababdb425df670e63\System.Xml.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5571a92171f93c8a4806b9f1805f1c56\System.WorkflowServices.ni.dll
+ 2012-02-16 22:30 . 2012-02-16 22:30 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\3b2e60a9cfedffc4c850f1d0ef17e5e1\System.Workflow.Runtime.ni.dll
+ 2012-02-16 22:29 . 2012-02-16 22:29 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\809f0c7c2d0233f086f83b75f6aa9560\System.Workflow.ComponentModel.ni.dll
+ 2012-02-16 22:29 . 2012-02-16 22:29 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f09110bd4c01129e8ef2e345e8b58920\System.Workflow.Activities.ni.dll
+ 2012-02-16 22:27 . 2012-02-16 22:27 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\28c5f5bb725935286936596e3f5f4f38\System.Web.Services.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\2b012fd0a270bdac848843047bb93312\System.Web.Mobile.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cf203792167bd243b057b8daf79e0d98\System.Web.Extensions.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\7f261dc1eaa3e4e0b93c44678888dd44\System.Web.Extensions.Design.ni.dll
+ 2012-02-16 23:03 . 2012-02-16 23:03 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\a49bc70b640e21c9bcecbd8122203283\System.Speech.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\8ef813ce3f85ea3b3f499d734ac8019e\System.ServiceModel.Web.ni.dll
+ 2012-02-16 22:57 . 2012-02-16 22:57 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f99728bbb535157b904873158379dc67\System.Runtime.Serialization.ni.dll
+ 2012-02-16 22:26 . 2012-02-16 22:26 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\8b193e216f8cf8cd74d7f63cc3ebd2d9\System.Runtime.Remoting.ni.dll
+ 2012-02-16 21:31 . 2012-02-16 21:31 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\1194371f7bf016fa5f5db6a6003af63e\System.Printing.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\6860203a3f244d4c6b89ff38a9c9cadb\System.Management.ni.dll
+ 2012-02-16 22:57 . 2012-02-16 22:57 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\3fae8a8515a716f1fae4a64a7f2a4b05\System.IdentityModel.ni.dll
+ 2012-02-16 22:26 . 2012-02-16 22:26 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\dbd535c6b73a9d9ffab8b91124ea7dda\System.EnterpriseServices.ni.dll
+ 2012-02-16 21:29 . 2012-02-16 21:29 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6c52a4ed4a4d301b51cae24e0d0b28ac\System.Drawing.ni.dll
+ 2012-02-16 21:32 . 2012-02-16 21:32 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\cc26a70ca09b5e09736df4f2f4af045a\System.DirectoryServices.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\48a91957a4b86c3bcebec68eb1471def\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-16 21:29 . 2012-02-16 21:29 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6d33e51aa1dd1c4c8ac5bff1c7ad7b4b\System.Deployment.ni.dll
+ 2012-02-16 21:32 . 2012-02-16 21:32 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\bc98c6a47226c05d244f7ffb07b6d6bf\System.Data.ni.dll
+ 2012-02-16 21:28 . 2012-02-16 21:28 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\134d55401aae7ef73c10ad743774127f\System.Data.SqlXml.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\2dd10ff57a987aa347518b0abfcaf8b3\System.Data.Services.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\0177f6ff2b3faf1805b3ba63e0e20ad0\System.Data.Services.Client.ni.dll
+ 2012-02-16 22:28 . 2012-02-16 22:28 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\7892bc65d0be332ab0d4f5dae01d2c3c\System.Data.OracleClient.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\dd28d55dd94fb4d1e4dca6393e4b15a4\System.Data.Linq.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\caf124d5431e8d8aba046e54a8b7dea5\System.Data.Entity.Design.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\9e59bc2c8cf98cd315468ca01f68663c\System.Core.ni.dll
+ 2012-02-16 21:27 . 2012-02-16 21:27 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\da9e586395168489e96323c7cbd635a3\System.Configuration.ni.dll
+ 2012-02-16 21:31 . 2012-02-16 21:31 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\c2b60ec84728f2a0b99f2113ed7eba37\ReachFramework.ni.dll
+ 2012-02-16 21:31 . 2012-02-16 21:31 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\d5b793b7c0429d61e51fe917d1066df8\PresentationUI.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\0618574a66f03040f765c43693bf58f6\PresentationBuildTasks.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\24f9a2d494b01bcbc6919f60a278c715\Narrator.ni.exe
+ 2012-02-16 23:01 . 2012-02-16 23:01 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\8988116626390eae76ef9e492c0e2894\MMCEx.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\77c418992d39a8c1ce569194f9b1ff1e\MIGUIControls.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\e05059a258a8b75d8981f29ecd9baf72\Microsoft.VisualBasic.ni.dll
+ 2012-02-16 22:57 . 2012-02-16 22:57 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\11bd9381aca79215bc01b45a5e7bddce\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ecc930a57b339ba3d126b05b2d756a01\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8d5a4862d0e61fdd2e958fc989df3cca\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\713f3cf6037ed7047485c738934f9054\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-16 23:01 . 2012-02-16 23:01 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\09516cb547f50c165051c5512c0770d3\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-16 22:58 . 2012-02-16 22:58 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d7d03c116e282c198f398652dbddc074\Microsoft.MediaCenter.ni.dll
+ 2012-02-16 22:58 . 2012-02-16 22:58 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bf5f76b58c88f17410effc17059685a8\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b54d398a06452904630482f2f83d21dd\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f69561da0086365718db46e1172d204\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5e550f8b6414d82551174d1dd0f8f15c\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\551b383e39b9fedb84e25c9fc7d763ee\Microsoft.JScript.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\2ec15928bc76c2a6af54ad507c513cd4\Microsoft.Ink.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4ccd2dddff73b52cd77ecaed30075b09\Microsoft.Build.Tasks.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\35cee0a531b3136b21b2c7e2ff56b5eb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a22f83fa561173b77ee1215e0dfd7a76\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\5cd9b4020f38edbdc2718884fe3e68f0\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 22:58 . 2012-02-16 22:58 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\0217b5f9a72020bee3d0291bbae125ff\mcstore.ni.dll
+ 2012-02-16 22:58 . 2012-02-16 22:58 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\905166e37a4a5f45a7d1672fb756d96e\mcepg.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a468e7062f69218aada710149fe64a9f\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5831e8e7ec7a294d7daf5d20ea697176\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\57f2870b60df33107c4360c356da72b7\WindowsLive.Writer.Localization.ni.dll
+ 2012-02-17 00:01 . 2012-02-17 00:01 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\34b4db9f6a72b19fe1842e9f6fdad5b7\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-02-16 22:20 . 2012-02-16 22:20 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
+ 2012-02-16 21:47 . 2012-02-16 21:47 7967232 c:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
+ 2012-02-16 22:20 . 2012-02-16 22:20 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
+ 2012-02-16 22:25 . 2012-02-16 22:25 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ee22bb1fef89981da77783c69aa1f154\System.Workflow.Runtime.ni.dll
+ 2012-02-16 22:25 . 2012-02-16 22:25 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5fc69203193c26b91b068695b00bcebf\System.Workflow.ComponentModel.ni.dll
+ 2012-02-16 22:25 . 2012-02-16 22:25 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\e5bfe89d19b368c5eb64bdf2c3c29d7a\System.Workflow.Activities.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll
+ 2012-02-16 22:22 . 2012-02-16 22:22 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e20ce129c23781d9a8430b63edc3c24e\System.Printing.ni.dll
+ 2012-02-16 22:21 . 2012-02-16 22:21 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
+ 2012-02-16 22:23 . 2012-02-16 22:23 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2d379df0010f87d5c3d8c2be00b3de7a\System.DirectoryServices.ni.dll
+ 2012-02-16 22:21 . 2012-02-16 22:21 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\45fedf46ca69b8437800ffed652fb2e4\System.Deployment.ni.dll
+ 2012-02-16 22:23 . 2012-02-16 22:23 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
+ 2012-02-16 22:20 . 2012-02-16 22:20 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d7621134717a86f5062dcf80206ab164\System.Data.SqlXml.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c3e0c299c00016b5ffb5006bc32dd0db\System.Data.OracleClient.ni.dll
+ 2012-02-16 22:22 . 2012-02-16 22:22 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\9f09338d4240f6ea19318665fcea008f\ReachFramework.ni.dll
+ 2012-02-16 22:22 . 2012-02-16 22:22 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\10d61b241fbf27d82942eecb454105e1\PresentationUI.ni.dll
- 2011-08-10 20:28 . 2011-05-04 22:32 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-16 00:41 . 2011-10-31 23:16 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-16 00:41 . 2012-01-04 08:59 12872704 c:\windows\SysWOW64\shell32.dll
- 2012-02-04 03:10 . 2011-08-30 04:21 12872704 c:\windows\SysWOW64\shell32.dll
+ 2012-02-16 04:22 . 2011-12-14 03:30 12282368 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 04:54 . 2012-02-16 02:23 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 01:29 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-02-16 21:02 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-02-04 03:14 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-02-16 00:41 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
+ 2012-02-16 04:22 . 2011-12-14 07:43 17790464 c:\windows\system32\mshtml.dll
+ 2010-04-08 14:33 . 2012-02-16 04:23 54585368 c:\windows\system32\MRT.exe
+ 2012-02-16 04:22 . 2011-12-14 07:16 10887168 c:\windows\system32\ieframe.dll
- 2010-11-05 13:53 . 2012-02-16 02:21 63037080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-4096.dat
+ 2010-11-05 13:53 . 2012-02-17 01:27 63037080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-4096.dat
- 2010-11-26 19:39 . 2012-02-16 02:21 12106660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2010-11-26 19:39 . 2012-02-17 01:27 12106660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-02-16 04:25 . 2012-02-16 04:25 20333056 c:\windows\Installer\508fb7.msp
+ 2012-02-16 04:28 . 2012-02-16 04:28 11879936 c:\windows\assembly\NativeImages_v4.0.30319_64\System\bbcac65b1d0045229354424a7595e258\System.ni.dll
+ 2012-02-17 01:26 . 2012-02-17 01:26 17290752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\97347a1967260991cca95e94b5ba2d41\System.Windows.Forms.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\fcefa2871c7dc4d397ff8c6f92abf0d5\System.Core.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d0dddbe96a81cd6869f9643fa2809d71\PresentationFramework.ni.dll
+ 2012-02-17 01:25 . 2012-02-17 01:25 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\efb6d518bb284cdc29a96068726320c0\PresentationCore.ni.dll
+ 2012-02-16 04:30 . 2012-02-16 04:30 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll
+ 2012-02-16 04:30 . 2012-02-16 04:30 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll
+ 2012-02-16 04:29 . 2012-02-16 04:29 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll
+ 2012-02-16 21:27 . 2012-02-16 21:27 10624512 c:\windows\assembly\NativeImages_v2.0.50727_64\System\d5bc322d03a6628891b1e1232c4815af\System.ni.dll
+ 2012-02-16 21:29 . 2012-02-16 21:29 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\87a79dd88275c7e7536a0476f2ed79aa\System.Windows.Forms.ni.dll
+ 2012-02-16 22:27 . 2012-02-16 22:27 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\3ea6f4cb8bba38f9d66275c36dd8825e\System.Web.ni.dll
+ 2012-02-16 22:56 . 2012-02-16 22:57 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\0b51b0626d95de7446d132c73edd77cc\System.ServiceModel.ni.dll
+ 2012-02-16 23:00 . 2012-02-16 23:00 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e18dbed9e34d7d56cc7e2f683de12237\System.Management.Automation.ni.dll
+ 2012-02-16 22:28 . 2012-02-16 22:28 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\0ad116b6a293e4fad1add26610df466d\System.Design.ni.dll
+ 2012-02-16 23:02 . 2012-02-16 23:02 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\00b730e56986ad4f378e420fa8606395\System.Data.Entity.ni.dll
+ 2012-02-16 21:31 . 2012-02-16 21:31 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\be975224912fc63f0398ad0c969ba144\PresentationFramework.ni.dll
+ 2012-02-16 21:29 . 2012-02-16 21:29 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\0fa603af6ee814498c20f46e00e5f891\PresentationCore.ni.dll
- 2011-10-13 07:28 . 2011-10-13 07:28 15568384 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\1d2d3e57724bcacaea5e41063dc565c1\mscorlib.ni.dll
+ 2012-02-16 21:26 . 2012-02-16 21:26 15568384 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\1d2d3e57724bcacaea5e41063dc565c1\mscorlib.ni.dll
+ 2012-02-16 22:59 . 2012-02-16 22:59 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\089d0fee0e702f9b9a611f761cb3bd8a\ehshell.ni.dll
+ 2012-02-16 22:21 . 2012-02-16 22:21 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
+ 2012-02-16 22:23 . 2012-02-16 22:23 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
+ 2012-02-16 22:24 . 2012-02-16 22:24 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f89f5d786e54381f9058656271a0aca8\System.Design.ni.dll
+ 2012-02-16 22:22 . 2012-02-16 22:22 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
+ 2012-02-16 22:21 . 2012-02-16 22:21 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120215.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22]
.
2012-02-13 c:\windows\Tasks\HPCeeScheduleForNolan Scott.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MRT"="c:\windows\system32\MRT.exe" [2012-02-16 54585368]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton Vulnerability Protection: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn
.

- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-02-16 20:52:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 01:52
ComboFix2.txt 2012-02-16 02:50
ComboFix3.txt 2012-02-03 22:33
ComboFix4.txt 2012-02-02 23:34
.
Pre-Run: 802,893,471,744 bytes free
Post-Run: 802,918,182,912 bytes free
.
- - End Of File - - 966116F53E224D85F58F1170B9DB8471

#31 Larusso

Selecta Jahrusso

Experts
877 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 20 February 2012 - 09:32 AM

Hy there and sorry for the delay, We had an event this weekend.

for some reason the Firefox.zip is empty. Anyway, the toolbar does not appear anymore in your last CF Log.

How is your system behaving now ?

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

I am away from 14-16th of June !!

#32 oxr52a

New Member

Members
24 posts

Posted 20 February 2012 - 06:23 PM

Cool. The computer is still performing poorly. Booting slowly, browsing slowly and crashing periodically.

Also whenever I boot up the computer, something called Microsoft Windows Malicious Software Removal Tool prompts me if I want to let it make changes to my the computer. Windows automatically installed updates recently when I shut the computer down, and I did not notice it before then. Is it anything to be concerned about?

Thanks,

#33 Larusso

Selecta Jahrusso

Experts
877 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 21 February 2012 - 01:53 AM

Hy there.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool.
Vista/Windows 7 users: Right click to "Run as Administrator
The tool may ask you

Quote
This application can use AVAST! Free Antivirus to scanning
Would you like to download latest AVAST! virus definitions ?
Please click Yes ( The download could take some time )
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

I am away from 14-16th of June !!

#34 oxr52a

New Member

Members
24 posts

Posted 22 February 2012 - 06:25 PM

Here is the aswmbr text. I am having trouble with the MBR.dat file. Anytime I try to right click and Send To>Compressed (zipped), I get the error message "Compressed (zipped) Folders Error - Unable to complete the operation. Access is denied." Any tips?

Thanks,

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-21 22:41:25
-----------------------------
22:41:25.688 OS Version: Windows x64 6.1.7601 Service Pack 1
22:41:25.688 Number of processors: 4 586 0x402
22:41:25.688 ComputerName: NES-PC UserName:
22:41:46.951 Initialize success
22:41:53.269 AVAST engine defs: 12022101
22:41:59.743 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
22:41:59.743 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
22:41:59.743 Device \Driver\nvstor64 -> MajorFunction fffffa8008a115c4
22:41:59.743 Disk 0 MBR read successfully
22:41:59.743 Disk 0 MBR scan
22:41:59.743 Disk 0 unknown MBR code
22:41:59.790 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:41:59.821 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942735 MB offset 206848
22:41:59.946 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11032 MB offset 1930928128
22:42:00.086 Disk 0 scanning C:\Windows\system32\drivers
22:42:50.390 Service scanning
22:43:43.196 Modules scanning
22:43:43.212 Disk 0 trace - called modules:
22:43:43.727 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8008a115c4]<<
22:43:43.727 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073bf060]
22:43:43.727 3 CLASSPNP.SYS[fffff88001b4d43f] -> nt!IofCallDriver -> [0xfffffa80066dee40]
22:43:43.727 5 ACPI.sys[fffff88000f557a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa800680e060]
22:43:43.742 \Driver\nvstor64[0xfffffa8007266990] -> IRP_MJ_CREATE -> 0xfffffa8008a115c4
22:43:50.731 AVAST engine scan C:\Windows
22:44:04.225 AVAST engine scan C:\Windows\system32
22:51:27.073 AVAST engine scan C:\Windows\system32\drivers
22:51:43.391 AVAST engine scan C:\Users\Nolan Scott
22:53:23.512 Disk 0 MBR has been saved successfully to "C:\Users\Nolan Scott\Desktop\MBR.dat"
22:53:23.527 The log file has been saved successfully to "C:\Users\Nolan Scott\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-21 23:01:14
-----------------------------
23:01:14.957 OS Version: Windows x64 6.1.7601 Service Pack 1
23:01:14.957 Number of processors: 4 586 0x402
23:01:14.957 ComputerName: NES-PC UserName:
23:01:23.740 Initialize success
23:01:33.240 AVAST engine defs: 12022101
23:01:39.870 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
23:01:39.870 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
23:01:39.870 Device \Driver\nvstor64 -> MajorFunction fffffa80089f25c4
23:01:39.886 Disk 0 MBR read successfully
23:01:39.886 Disk 0 MBR scan
23:01:39.902 Disk 0 unknown MBR code
23:01:40.026 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:01:40.042 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942735 MB offset 206848
23:01:40.151 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11032 MB offset 1930928128
23:01:40.448 Disk 0 scanning C:\Windows\system32\drivers
23:02:41.709 Service scanning
23:04:23.499 Modules scanning
23:04:23.514 Disk 0 trace - called modules:
23:04:23.530 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80089f25c4]<<
23:04:23.530 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073fa060]
23:04:23.530 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80067c3e40]
23:04:23.530 5 ACPI.sys[fffff88000e487a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8006800410]
23:04:23.546 \Driver\nvstor64[0xfffffa80089f02a0] -> IRP_MJ_CREATE -> 0xfffffa80089f25c4
23:04:40.097 AVAST engine scan C:\Windows
23:05:03.358 AVAST engine scan C:\Windows\system32
23:14:54.103 AVAST engine scan C:\Windows\system32\drivers
23:15:31.064 AVAST engine scan C:\Users\Nolan Scott
23:29:22.326 AVAST engine scan C:\ProgramData
23:30:13.536 File: C:\ProgramData\Microsoft\Windows\DRM\4BAF.tmp **INFECTED** Win32:Malware-gen
23:30:13.586 File: C:\ProgramData\Microsoft\Windows\DRM\4BB0.tmp **INFECTED** Win32:Malware-gen
23:30:13.636 File: C:\ProgramData\Microsoft\Windows\DRM\6B60.tmp **INFECTED** Win32:Malware-gen
23:30:13.676 File: C:\ProgramData\Microsoft\Windows\DRM\6B61.tmp **INFECTED** Win32:Malware-gen
23:32:52.652 Scan finished successfully
23:33:03.932 Disk 0 MBR has been saved successfully to "C:\Users\Nolan Scott\Desktop\MBR.dat"
23:33:03.932 The log file has been saved successfully to "C:\Users\Nolan Scott\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-21 23:01:14
-----------------------------
23:01:14.957 OS Version: Windows x64 6.1.7601 Service Pack 1
23:01:14.957 Number of processors: 4 586 0x402
23:01:14.957 ComputerName: NES-PC UserName:
23:01:23.740 Initialize success
23:01:33.240 AVAST engine defs: 12022101
23:01:39.870 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
23:01:39.870 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
23:01:39.870 Device \Driver\nvstor64 -> MajorFunction fffffa80089f25c4
23:01:39.886 Disk 0 MBR read successfully
23:01:39.886 Disk 0 MBR scan
23:01:39.902 Disk 0 unknown MBR code
23:01:40.026 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:01:40.042 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942735 MB offset 206848
23:01:40.151 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11032 MB offset 1930928128
23:01:40.448 Disk 0 scanning C:\Windows\system32\drivers
23:02:41.709 Service scanning
23:04:23.499 Modules scanning
23:04:23.514 Disk 0 trace - called modules:
23:04:23.530 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80089f25c4]<<
23:04:23.530 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073fa060]
23:04:23.530 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80067c3e40]
23:04:23.530 5 ACPI.sys[fffff88000e487a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8006800410]
23:04:23.546 \Driver\nvstor64[0xfffffa80089f02a0] -> IRP_MJ_CREATE -> 0xfffffa80089f25c4
23:04:40.097 AVAST engine scan C:\Windows
23:05:03.358 AVAST engine scan C:\Windows\system32
23:14:54.103 AVAST engine scan C:\Windows\system32\drivers
23:15:31.064 AVAST engine scan C:\Users\Nolan Scott
23:29:22.326 AVAST engine scan C:\ProgramData
23:30:13.536 File: C:\ProgramData\Microsoft\Windows\DRM\4BAF.tmp **INFECTED** Win32:Malware-gen
23:30:13.586 File: C:\ProgramData\Microsoft\Windows\DRM\4BB0.tmp **INFECTED** Win32:Malware-gen
23:30:13.636 File: C:\ProgramData\Microsoft\Windows\DRM\6B60.tmp **INFECTED** Win32:Malware-gen
23:30:13.676 File: C:\ProgramData\Microsoft\Windows\DRM\6B61.tmp **INFECTED** Win32:Malware-gen
23:32:52.652 Scan finished successfully
23:33:03.932 Disk 0 MBR has been saved successfully to "C:\Users\Nolan Scott\Desktop\MBR.dat"
23:33:03.932 The log file has been saved successfully to "C:\Users\Nolan Scott\Desktop\aswMBR.txt"
23:33:41.996 Disk 0 MBR has been saved successfully to "C:\Users\Nolan Scott\Desktop\MBR.dat"
23:33:41.996 The log file has been saved successfully to "C:\Users\Nolan Scott\Desktop\aswMBR.txt"

#35 Larusso

Selecta Jahrusso

Experts
877 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 23 February 2012 - 02:27 AM

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Double click on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

I am away from 14-16th of June !!

#36 oxr52a

New Member

Members
24 posts

Posted 23 February 2012 - 11:02 PM

ComboFix 12-02-23.02 - Nolan Scott 02/23/2012 22:27:13.10.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5882 [GMT -5:00]
Running from: c:\users\Nolan Scott\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 03:32 . 2012-02-24 03:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 00:41 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 00:41 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 00:41 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 00:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 00:41 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 00:41 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 00:41 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 00:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-11 22:33 . 2012-02-11 22:33 -------- d-----w- C:\_OTL
2012-02-07 02:11 . 2012-02-07 02:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6B61.tmp
2012-02-07 02:11 . 2012-02-07 02:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6B60.tmp
2012-02-03 23:52 . 2012-02-03 23:52 -------- d-----w- c:\program files\Western Digital
2012-02-02 23:09 . 2012-02-02 23:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-01 00:22 . 2012-02-01 00:22 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\AppClient
2012-01-29 18:17 . 2012-01-31 03:12 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Deployment
2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Apps
2012-01-28 20:06 . 2012-01-28 20:06 -------- d-----w- c:\windows\Sun
2012-01-28 13:41 . 2012-01-28 19:49 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091
2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BB0.tmp
2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BAF.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-28 13:41 . 2010-03-10 16:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-10 20:24 . 2010-03-10 16:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 14:48 . 2011-05-27 00:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-17_01.30.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-01 02:01 . 2012-02-14 00:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-02-01 02:01 . 2012-02-24 00:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-01-28 19:55 . 2012-02-24 00:18 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-01-28 19:55 . 2012-02-17 00:24 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-12-02 03:13 . 2012-02-22 23:06 65232 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-17 01:30 32246 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-24 03:36 32246 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-10 15:57 . 2012-02-24 03:36 24770 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-691728720-1317653375-3200975859-1001_UserData.bin
+ 2010-03-10 15:50 . 2012-02-23 23:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-10 15:50 . 2012-02-17 01:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-11 22:41 . 2012-02-17 01:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-11 22:41 . 2012-02-23 23:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-17 01:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-23 23:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-10 16:28 . 2010-10-28 01:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-10 16:28 . 2012-02-23 22:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-02-23 22:25 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-10 16:28 . 2012-02-23 22:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-10 16:28 . 2010-10-28 01:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-10 16:28 . 2012-02-23 22:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-10 16:28 . 2010-10-28 01:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-17 02:33 . 2012-02-17 02:33 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\42d44cc48edbf4d5b19af6d6afc6cd62\System.Windows.Presentation.ni.dll
+ 2012-02-17 02:33 . 2012-02-17 02:33 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\5c5a54c265c044f359659e6eeff29171\System.Web.ApplicationServices.ni.dll
- 2012-02-17 01:28 . 2012-02-17 01:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-24 03:33 . 2012-02-24 03:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-17 01:28 . 2012-02-17 01:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-24 03:33 . 2012-02-24 03:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-13 19:58 . 2012-02-17 01:29 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-13 19:58 . 2012-02-24 03:35 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-02-24 03:35 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-02-17 01:27 321104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-24 03:32 321104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-17 02:33 . 2012-02-17 02:33 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\6bdb6c455153a223a2180c883ea5a06c\WindowsFormsIntegration.ni.dll
+ 2012-02-17 02:33 . 2012-02-17 02:33 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\8df6331b51fe3ae5b9d0cf8c582d3f84\UIAutomationClient.ni.dll
+ 2012-02-17 02:33 . 2012-02-17 02:33 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\6afb4b90a21aae2e499f577b92102b85\System.ServiceProcess.ni.dll
+ 2012-02-17 02:33 . 2012-02-17 02:33 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\bfb5e1c0961fe330c89c043a188cc807\System.ServiceModel.Routing.ni.dll
+ 2012-02-17 02:33 . 2012-02-17 02:33 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\671c48760746239f2dfb0b64a7413624\System.ServiceModel.Channels.ni.dll
+ 2012-02-17 02:32 . 2012-02-17 02:32 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\21fa922f90a47d10fd11107efff5ea4f\System.Net.ni.dll
+ 2012-02-17 02:32 . 2012-02-17 02:32 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\c07fc2256ec2210bfd7f7abf1639833e\System.Messaging.ni.dll
+ 2012-02-17 01:52 . 2012-02-17 01:52 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\655c314109b3ab211e13b88d0769651b\System.Management.Instrumentation.ni.dll
+ 2012-02-17 01:52 . 2012-02-17 01:52 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\cf1c0c4152c5548179dd3e2870f25cc4\System.IO.Log.ni.dll
+ 2012-02-17 01:52 . 2012-02-17 01:52 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\d8dc2ea040e12c679b5d779370a19e58\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 01:51 . 2012-02-17 01:51 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\bc62e3c6c42db6e63c18038e9bac5a5c\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 01:51 . 2012-02-17 01:51 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\5373b5adf6f12ca3ac8806827259a986\System.Device.ni.dll
+ 2009-07-14 04:54 . 2012-02-24 03:35 8323072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-10 18:42 . 2012-02-17 01:27 2784688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-03-10 18:42 . 2012-02-20 22:56 2784688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-03-10 18:42 . 2012-02-17 01:27 9847786 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-8192.dat
+ 2010-03-10 18:42 . 2012-02-24 03:32 9847786 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-8192.dat
+ 2010-11-11 08:18 . 2012-02-24 03:32 7105366 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-12288.dat
+ 2012-02-17 02:33 . 2012-02-17 02:33 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\68f44d619637fac197ee6c8ac9f2aec9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 02:33 . 2012-02-17 02:33 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\843d0370292b7b124f9b9231f87e8e6a\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-17 02:33 . 2012-02-17 02:33 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\be0e793afecb54a67a688e4528676e70\System.Web.Services.ni.dll
+ 2012-02-17 02:33 . 2012-02-17 02:33 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\ae3a837b63de8d3f3fc63a7bfc16589a\System.Speech.ni.dll
+ 2012-02-17 02:33 . 2012-02-17 02:33 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\aec154cbfb0eec1497fb89ebd6deb344\System.ServiceModel.Discovery.ni.dll
+ 2012-02-17 02:33 . 2012-02-17 02:33 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\80b8b6324a73493227b2672b2d6820d3\System.ServiceModel.Activities.ni.dll
+ 2012-02-17 02:32 . 2012-02-17 02:32 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\15112a35e0e355fc344792e49c41628f\System.Management.ni.dll
+ 2012-02-17 01:52 . 2012-02-17 01:52 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\bffc049b6775c3f6f144917a4387a0be\System.IdentityModel.ni.dll
+ 2012-02-17 01:51 . 2012-02-17 01:51 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\d94ef12e883b2354af26f19ec7e25110\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 01:51 . 2012-02-17 01:51 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\6a0bcd0e756819ea795b161d2156e9a8\System.Data.Services.Client.ni.dll
+ 2012-02-17 01:51 . 2012-02-17 01:51 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\1548624d8ec5142825864c5f59be9b49\System.Data.Linq.ni.dll
+ 2012-02-17 02:32 . 2012-02-17 02:32 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\f38dbc9d7ebe981a7c22b72dffb4a2af\Microsoft.JScript.ni.dll
- 2009-07-14 04:54 . 2012-02-17 01:29 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-24 03:35 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-05 13:53 . 2012-02-24 03:33 63052719 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-4096.dat
+ 2010-11-26 19:39 . 2012-02-24 03:32 12378660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-02-17 02:33 . 2012-02-17 02:33 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\49314ff27e3a21bbb1fb675a295f6571\System.ServiceModel.ni.dll
+ 2012-02-17 01:50 . 2012-02-17 01:50 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\78e35b4bf12ee4833ed720a490e958f2\System.Data.Entity.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120223.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22]
.
2012-02-13 c:\windows\Tasks\HPCeeScheduleForNolan Scott.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton Vulnerability Protection: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-02-23 22:54:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 03:54
ComboFix2.txt 2012-02-17 01:52
ComboFix3.txt 2012-02-16 02:50
ComboFix4.txt 2012-02-03 22:33
ComboFix5.txt 2012-02-24 03:26
.
Pre-Run: 803,247,443,968 bytes free
Post-Run: 805,334,921,216 bytes free
.
- - End Of File - - B06A632B7260734081C22BA1E513835D

#37 Larusso

Selecta Jahrusso

Experts
877 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 24 February 2012 - 01:58 AM

Hy there,

May your AVP detect the zipped MBR as an infection. In your case, it always comes back so I need you to create an offline MBR dump.

Download http://unetbootin.so...dows-latest.exe & http://noahdfear.net.../xpud-0.9.2.iso to the desktop of your clean computer

Insert your USB drive
Press Start > My Computer > right click your USB drive > choose Format > Quick format
Double click the unetbootin-xpud-windows-387.exe that you just downloaded
Press Run then OK
Select the DiskImage option then click the browse button located on the right side of the textbox field.
Browse to and select the xpud-0.9.2.iso file you downloaded
Verify the correct drive letter is selected for your USB device then click OK
It will install a little bootable OS on your USB device
Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
After it has completed do not choose to reboot the clean computer simply close the installer.

Download dumpit and save it on the xPUD USB.

Insert your USB stick to your infected PC
Boot the Sick computer
Press F12 and choose to boot from the USB
Follow the prompts
A Welcome to xPUD screen will appear
Press File
Expand mnt
sda1,2...usually corresponds to your HDD
sdb1 is likely your USB
Doubleclick on the dumpit file

MBR.zip should be created on your flash drive, please attach it to your next reply.

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

I am away from 14-16th of June !!

#38 oxr52a

New Member

Members
24 posts

Posted 27 February 2012 - 06:10 PM

Hi Daniel,

I don't have ready access to a clean PC. I have been trying to find one I can use. I will keep you notified on here when I get one.

Thanks for your help,

#39 Larusso

Selecta Jahrusso

Experts
877 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 28 February 2012 - 07:44 AM

Feel free to try it with the infected one

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

I am away from 14-16th of June !!

#40 oxr52a

New Member

Members
24 posts

Posted 01 March 2012 - 09:30 PM

Hi Daniel,

I have begun to try with the sick computer, could you please advise. I'm getting to the point in your instructions where I reboot with the xpud USB plugged in and press F12. In the boot options, I am only able to select Windows 7 as the OS and I do not see another option. I don't think this is correct because there is not another OS listed to select.

Thank you,

Back to Resolved HijackThis Logs

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

SVCHOST.EXE infected with Trojan.Agent

Attached Files

3 user(s) are reading this topic

Sign In