Worst Infestation In 16 Years
|
15-04-2011, 00:59
Bericht: #1
|
|||
|
|||
Worst Infestation In 16 Years
Hi..Found this site searching for redirect and update problem...I am a 60 yr old who
knows just enough about computer to get into trouble...Anyway I had AVG free but3deleted it because of running in the background that I couldn't stop..So I deleted it and search for a replacement..In that short time I got some nasty viruses. One with yahoo redirect and 404/forbidden plus some goggle redirects..The other issue is I can no longer update XP. I update it to download and choose but the shield stays red..If I go to Microsoft for help it can't open the web site..It also broke the links to the programs..I used a host of malware and rooted out a mess of nasties plus the TSS killer thing..It just has some things I am missing...I have combi fix downloaded ready to go and a MBR checker...Thanks for any help..God Bless you...K Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:33:55 PM, on 4/14/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\I8kfanGUI\I8kfanGUI.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\user\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Bitdefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...8054891171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...8055004046 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe |
|||
15-04-2011, 08:05
(Dit bericht is het laatst bewerkt op 15-04-2011 om 08:07 door miekiemoes.)
Bericht: #2
|
|||
|
|||
RE: Worst Infestation In 16 Years
Hi,
I see you are running Teatimer. I suggest you to disable it because it can interfere with the changes you'll make on your system. When everything is done and your log is clean again, you can enable it again. If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. How to disable TeaTimer <== click me for instructions. After you disabled Teatimer, download ResetTeaTimer.exe to your desktop. Then run ResetTeaTimer.exe. This will only take a few seconds. Then, start HijackThis and check and fix the following entry in HijackThis O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup This startup is not required anyway. Then, * Please download Malwarebytes' Anti-Malware from Here Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Once we're done with above basics, then we can look deeper and start with Combofix afterwards. But it's important that above needs to be done first. Director of Research @ Malwarebytes ![]() AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter. ![]() |
|||
15-04-2011, 08:51
Bericht: #3
|
|||
|
|||
RE: Worst Infestation In 16 Years
Thanks for getting back..Couldn't get to sleep so I came back out..Tea timer off. Didn't see a confirm box so I just hit enter..Rebooted and icon was gone from systray and when I opened it they were not checked..Line removed with hijack
and mbam run showed up clean...I'm going to try for some sleep and check in later today..Much thanks.. |
|||
15-04-2011, 09:05
Bericht: #4
|
|||
|
|||
RE: Worst Infestation In 16 Years
Ok, if Malwarebytes didn'"t find anything, then proceed with the instructions to run Combofix.
* Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix...e-combofix Post the log from ComboFix in your next reply. Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how. But, you should get some sleep first ![]() I'll read you later. ![]() Director of Research @ Malwarebytes ![]() AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter. ![]() |
|||
16-04-2011, 00:03
Bericht: #5
|
|||
|
|||
RE: Worst Infestation In 16 Years
Hi I did all the disabling I could . I started combifix and it ran and upgraded then did the recovery console.
The malware scan started, ran a bit and disappeared.. |
|||
16-04-2011, 03:27
Bericht: #6
|
|||
|
|||
RE: Worst Infestation In 16 Years
We'll I couldn't fully turn Bit defender off so I ran it and allowed a few exe's through and it finally finished up.
ComboFix 11-04-14.03 - user 04/15/2011 20:11:12.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1488 [GMT -4:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\user\Application Data\intel64.exe c:\documents and settings\user\Application Data\oembios.exe c:\documents and settings\user\Application Data\sdra64.exe c:\documents and settings\user\Application Data\twex.exe c:\documents and settings\user\Application Data\twext.exe c:\documents and settings\user\Templates\js6cy226kpp3fu006bryc5cx757a25077l2 c:\documents and settings\user\Templates\o0117nc2nv5tpb633d15bq765wo1 . . ((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 ))))))))))))))))))))))))))))))) . . 2011-04-16 00:06 . 2011-04-16 00:06 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5CB46B4-9D77-4737-B7DE-F01D84005AC1}\MpKsl18be532c.sys 2011-04-16 00:06 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5CB46B4-9D77-4737-B7DE-F01D84005AC1}\mpengine.dll 2011-04-15 22:48 . 2011-04-15 22:48 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\HP 2011-04-15 05:50 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe 2011-04-14 17:32 . 2007-04-10 22:02 1601536 ----a-w- c:\windows\system32\stlang.dll 2011-04-14 17:32 . 2007-05-10 15:23 4952064 ----a-w- c:\windows\system32\stacgui.cpl 2011-04-14 17:32 . 2007-05-10 15:22 405504 ----a-w- c:\windows\stsystra.exe 2011-04-14 15:27 . 2011-04-14 15:27 -------- d--h--w- c:\documents and settings\user\Local Settings\Application Data\Opera 2011-04-14 15:27 . 2011-04-14 21:30 -------- d-----w- c:\program files\Opera 2011-04-12 04:03 . 2011-04-12 04:03 -------- d--h--w- c:\documents and settings\user\Application Data\FRISK Software 2011-04-12 02:48 . 2011-04-12 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FRISK Software 2011-04-12 01:32 . 2011-04-12 01:32 26624 ----a-w- c:\windows\system32\ssmenu.dll 2011-04-12 01:32 . 2011-04-12 01:32 66048 ----a-w- c:\windows\system32\VCLSMP50.bpl 2011-04-12 01:32 . 2011-04-14 21:35 -------- d-s---w- c:\program files\Common Files\Teknum Systems 2011-04-12 01:32 . 2011-04-12 01:32 2020864 ----a-w- c:\windows\system32\VCL50.bpl 2011-04-12 01:32 . 2011-04-12 01:32 248832 ----a-w- c:\windows\system32\VCLX50.bpl 2011-04-12 01:31 . 2011-04-12 01:32 -------- d-----w- c:\program files\HandyBits 2011-04-11 22:10 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-11 22:10 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-11 22:10 . 2011-04-11 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-11 13:07 . 2011-04-11 13:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\QuickScan 2011-04-11 00:17 . 2011-04-11 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-04-11 00:17 . 2011-04-11 00:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-04-10 00:42 . 2011-04-10 00:42 -------- d--h--w- c:\documents and settings\user\Application Data\BitDefender 2011-04-10 00:41 . 2011-04-10 00:41 -------- d-----w- c:\program files\BitDefender 2011-04-10 00:11 . 2011-04-10 00:11 -------- d--h--w- c:\documents and settings\user\Application Data\QuickScan 2011-04-10 00:10 . 2011-04-10 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2011-04-10 00:10 . 2011-04-10 00:41 -------- d-----w- c:\program files\Common Files\BitDefender 2011-04-10 00:07 . 2011-04-12 13:04 307784 ----a-w- c:\windows\system32\drivers\trufos.sys 2011-04-10 00:07 . 2011-03-24 19:36 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2011-04-10 00:07 . 2010-05-13 21:02 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys 2011-04-10 00:07 . 2011-04-10 00:47 1000974 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin 2011-04-09 17:17 . 2011-04-09 17:17 -------- d--h--w- c:\windows\PIF 2011-04-08 03:34 . 2011-04-08 03:34 0 --sha-w- c:\documents and settings\user\Local Settings\Application Data\usk.exe 2011-04-08 03:34 . 2011-04-08 03:34 0 --sha-w- c:\documents and settings\user\Local Settings\Application Data\npc.exe 2011-04-08 03:34 . 2011-04-08 03:34 0 --sha-w- c:\documents and settings\user\Local Settings\Application Data\fmw.exe 2011-04-08 03:34 . 2011-04-08 03:34 0 --sha-w- c:\documents and settings\user\Local Settings\Application Data\cyo.exe 2011-04-08 03:34 . 2011-04-08 03:34 0 --sha-w- c:\documents and settings\All Users\Application Data\unf.exe 2011-04-08 03:34 . 2011-04-08 03:34 0 --sha-w- c:\documents and settings\All Users\Application Data\sma.exe 2011-04-08 03:34 . 2011-04-08 03:34 0 --sha-w- c:\documents and settings\All Users\Application Data\hna.exe 2011-04-08 03:34 . 2011-04-08 03:34 0 --sha-w- c:\documents and settings\All Users\Application Data\eme.exe 2011-04-08 03:34 . 2011-04-08 03:34 0 --sha-w- c:\documents and settings\All Users\Application Data\avu.exe 2011-04-07 22:34 . 2011-04-07 22:34 -------- d--h--w- c:\documents and settings\user\Application Data\AVG10 2011-04-07 15:53 . 2011-04-07 15:53 -------- d--h--w- c:\documents and settings\user\Local Settings\Application Data\AVG Security Toolbar 2011-04-07 15:44 . 2011-04-07 15:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-04-07 15:42 . 2011-04-10 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-04-07 15:41 . 2011-04-07 15:41 -------- d-----w- c:\program files\AVG 2011-04-07 13:52 . 2011-04-10 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-03-28 03:09 . 2011-04-09 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2011-03-27 17:47 . 2011-04-09 02:12 -------- d-----w- c:\documents and settings\Administrator 2011-03-27 16:55 . 2011-03-27 16:55 -------- d--h--w- c:\documents and settings\user\Application Data\Malwarebytes 2011-03-27 16:55 . 2011-03-27 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-27 15:44 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2011-03-27 15:44 . 2011-03-27 15:45 -------- d-----w- c:\program files\Microsoft Security Client 2011-03-27 06:06 . 2011-03-27 06:06 -------- d-----w- c:\windows\system32\wbem\Repository . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 19:42 . 2008-04-14 04:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-03-27 17:59 . 2011-03-27 17:59 64896 ----a-w- c:\windows\system32\drivers\tosrfcom.sys1C03ABF3 2011-03-15 04:05 . 2010-10-18 15:42 6792528 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-02-28 00:41 . 2011-02-28 00:41 398760 ----a-r- c:\windows\system32\cpnprt2.cid 2011-02-02 22:11 . 2010-10-15 15:40 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2010-09-09 1511424] "i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-04-14 107000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104] "nwiz"="nwiz.exe" [2007-11-17 1626112] "NVHotkey"="nvHotkey.dll" [2007-11-17 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-01-11 71216] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-03-31 1443712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\user\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtProc1.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= . R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [4/9/2011 8:07 PM 12960] R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2/22/2011 2:08 AM 14464] R1 MpKsl18be532c;MpKsl18be532c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5CB46B4-9D77-4737-B7DE-F01D84005AC1}\MpKsl18be532c.sys [4/15/2011 8:06 PM 28752] R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [3/24/2011 7:46 PM 43936] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [4/22/2010 1:19 PM 149520] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys [8/20/2010 3:41 PM 111696] S1 MpKsl001eb6e2;MpKsl001eb6e2; [x] S1 MpKsl0d60ed12;MpKsl0d60ed12;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78EB9B4C-38E8-42E1-AE25-BD95206BF2D6}\MpKsl0d60ed12.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78EB9B4C-38E8-42E1-AE25-BD95206BF2D6}\MpKsl0d60ed12.sys [?] S1 MpKsle83cf3b5;MpKsle83cf3b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{458BA1CF-65C7-40C5-B19E-772684CA60EB}\MpKsle83cf3b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{458BA1CF-65C7-40C5-B19E-772684CA60EB}\MpKsle83cf3b5.sys [?] S1 MpKsle8db783c;MpKsle8db783c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EDEDFD0-8E79-4FE8-A6F0-FEDE087ED508}\MpKsle8db783c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EDEDFD0-8E79-4FE8-A6F0-FEDE087ED508}\MpKsle8db783c.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/9/2010 3:43 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/9/2010 3:43 PM 8456] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [12/9/2010 11:25 AM 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [12/9/2010 11:25 AM 11104] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [11/30/2010 7:19 AM 307544] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [11/29/2010 2:12 PM 535824] S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [11/29/2010 2:12 PM 1066232] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL18BE532C . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/ mStart Page = about:blank IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\bhs7nvm5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://us.mc840.mail.yahoo.com/mc/welcome?.gx=1&.tm=1291520586&.rand=9ri2a78d4abk9 FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9e405f&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 49758 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: NoRedirect: {c1970c0d-dbe6-4d91-804f-c9c0de643a57} - %profile%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - c:\program files\BitDefender\BitDefender 2011\bdaphffext FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox FF - user.js: yahoo.homepage.dontask - true . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-15 20:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-04-15 20:47:13 ComboFix-quarantined-files.txt 2011-04-16 00:46 . Pre-Run: 84,877,410,304 bytes free Post-Run: 85,492,928,512 bytes free . - - End Of File - - C148CD006C5AC9822F08045B34BFB8DC |
|||
16-04-2011, 08:44
(Dit bericht is het laatst bewerkt op 16-04-2011 om 08:45 door miekiemoes.)
Bericht: #7
|
|||
|
|||
RE: Worst Infestation In 16 Years
Hi,
It looks that this computer was already infected for a while, because I see some older Malware variants in your log as well. Anyway, let's deal with the rest now.. First of all, we need to delete the malicious proxy set in firefox. So open Firefox > Under "Tools" in the browser tool bar select "Options". In the "Options" window that pops up, click the "Advanced" tab at the top. Click the "Network" subtab, and then click the "Settings" button in the "Connections" area. In there, you'll see the proxy 49758 will be set. Empty out everything under the Manual proxy configuration part and then check the "No proxy" on top. So, it has to look as in the image below: http://www.library.kent.edu/page/14299#winff Then... * Open notepad - don't use any other texteditor than notepad or the script will fail. Copy/paste the text in the quotebox below into notepad: Citaat:File:: Save this as txtfile CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below. ![]() This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. Director of Research @ Malwarebytes ![]() AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter. ![]() |
|||
17-04-2011, 01:31
Bericht: #8
|
|||
|
|||
RE: Worst Infestation In 16 Years
Here you go..I had already changed the proxy in Firefox but I deleted the numbers...Here's the CF report...I am amazed someone understands all of it..When I was young and savvy we had what was called a TI-99 to play with..Thanks for any help..Right now I and trying to fix unresponsive script errors in firefox..Thanks again...One thing I am learning through this is not to rely on using one program to fix everything..BTW, should I turn off MS
security essentials and just use Bit Defender ? ComboFix 11-04-15.06 - user 04/16/2011 15:24:50.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1407 [GMT -4:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . FILE :: "c:\documents and settings\All Users\Application Data\avu.exe" "c:\documents and settings\All Users\Application Data\eme.exe" "c:\documents and settings\All Users\Application Data\hna.exe" "c:\documents and settings\All Users\Application Data\sma.exe" "c:\documents and settings\All Users\Application Data\unf.exe" "c:\documents and settings\user\Local Settings\Application Data\cyo.exe" "c:\documents and settings\user\Local Settings\Application Data\fmw.exe" "c:\documents and settings\user\Local Settings\Application Data\npc.exe" "c:\documents and settings\user\Local Settings\Application Data\usk.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\avu.exe c:\documents and settings\All Users\Application Data\eme.exe c:\documents and settings\All Users\Application Data\hna.exe c:\documents and settings\All Users\Application Data\sma.exe c:\documents and settings\All Users\Application Data\unf.exe c:\documents and settings\user\Local Settings\Application Data\cyo.exe c:\documents and settings\user\Local Settings\Application Data\fmw.exe c:\documents and settings\user\Local Settings\Application Data\npc.exe c:\documents and settings\user\Local Settings\Application Data\usk.exe . . ((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 ))))))))))))))))))))))))))))))) . . 2011-04-16 19:16 . 2011-04-16 19:16 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F7CDCD4-4FB8-4532-904C-8996C03AC6CC}\MpKsl5d0544c2.sys 2011-04-16 19:16 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F7CDCD4-4FB8-4532-904C-8996C03AC6CC}\mpengine.dll 2011-04-15 22:48 . 2011-04-15 22:48 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\HP 2011-04-15 05:50 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe 2011-04-14 17:32 . 2007-04-10 22:02 1601536 ----a-w- c:\windows\system32\stlang.dll 2011-04-14 17:32 . 2007-05-10 15:23 4952064 ----a-w- c:\windows\system32\stacgui.cpl 2011-04-14 17:32 . 2007-05-10 15:22 405504 ----a-w- c:\windows\stsystra.exe 2011-04-14 15:27 . 2011-04-14 15:27 -------- d--h--w- c:\documents and settings\user\Local Settings\Application Data\Opera 2011-04-14 15:27 . 2011-04-14 21:30 -------- d-----w- c:\program files\Opera 2011-04-12 04:03 . 2011-04-12 04:03 -------- d--h--w- c:\documents and settings\user\Application Data\FRISK Software 2011-04-12 02:48 . 2011-04-12 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FRISK Software 2011-04-12 01:32 . 2011-04-12 01:32 26624 ----a-w- c:\windows\system32\ssmenu.dll 2011-04-12 01:32 . 2011-04-12 01:32 66048 ----a-w- c:\windows\system32\VCLSMP50.bpl 2011-04-12 01:32 . 2011-04-14 21:35 -------- d-s---w- c:\program files\Common Files\Teknum Systems 2011-04-12 01:32 . 2011-04-12 01:32 2020864 ----a-w- c:\windows\system32\VCL50.bpl 2011-04-12 01:32 . 2011-04-12 01:32 248832 ----a-w- c:\windows\system32\VCLX50.bpl 2011-04-12 01:31 . 2011-04-12 01:32 -------- d-----w- c:\program files\HandyBits 2011-04-11 22:10 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-11 22:10 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-11 22:10 . 2011-04-11 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-11 13:07 . 2011-04-11 13:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\QuickScan 2011-04-11 00:17 . 2011-04-11 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-04-11 00:17 . 2011-04-11 00:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-04-10 00:42 . 2011-04-10 00:42 -------- d--h--w- c:\documents and settings\user\Application Data\BitDefender 2011-04-10 00:41 . 2011-04-10 00:41 -------- d-----w- c:\program files\BitDefender 2011-04-10 00:11 . 2011-04-10 00:11 -------- d--h--w- c:\documents and settings\user\Application Data\QuickScan 2011-04-10 00:10 . 2011-04-10 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2011-04-10 00:10 . 2011-04-10 00:41 -------- d-----w- c:\program files\Common Files\BitDefender 2011-04-10 00:07 . 2011-04-12 13:04 307784 ----a-w- c:\windows\system32\drivers\trufos.sys 2011-04-10 00:07 . 2011-03-24 19:36 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2011-04-10 00:07 . 2010-05-13 21:02 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys 2011-04-10 00:07 . 2011-04-10 00:47 1000974 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin 2011-04-09 17:17 . 2011-04-09 17:17 -------- d--h--w- c:\windows\PIF 2011-04-07 22:34 . 2011-04-07 22:34 -------- d--h--w- c:\documents and settings\user\Application Data\AVG10 2011-04-07 15:53 . 2011-04-07 15:53 -------- d--h--w- c:\documents and settings\user\Local Settings\Application Data\AVG Security Toolbar 2011-04-07 15:44 . 2011-04-07 15:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-04-07 15:42 . 2011-04-10 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-04-07 15:41 . 2011-04-07 15:41 -------- d-----w- c:\program files\AVG 2011-04-07 13:52 . 2011-04-10 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-03-28 03:09 . 2011-04-09 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2011-03-27 17:47 . 2011-04-09 02:12 -------- d-----w- c:\documents and settings\Administrator 2011-03-27 16:55 . 2011-03-27 16:55 -------- d--h--w- c:\documents and settings\user\Application Data\Malwarebytes 2011-03-27 16:55 . 2011-03-27 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-27 15:44 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2011-03-27 15:44 . 2011-03-27 15:45 -------- d-----w- c:\program files\Microsoft Security Client 2011-03-27 06:06 . 2011-03-27 06:06 -------- d-----w- c:\windows\system32\wbem\Repository . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-27 17:59 . 2011-03-27 17:59 64896 ----a-w- c:\windows\system32\drivers\tosrfcom.sys1C03ABF3 2011-03-15 04:05 . 2010-10-18 15:42 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-03-07 05:33 . 2009-11-12 19:08 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2008-04-14 09:42 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2008-04-14 05:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-28 00:41 . 2011-02-28 00:41 398760 ----a-r- c:\windows\system32\cpnprt2.cid 2011-02-22 23:06 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 23:06 . 2008-04-14 09:42 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 11:41 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2008-04-14 04:47 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2008-04-14 04:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2009-11-12 19:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2008-04-14 09:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-08 13:33 . 2008-04-14 09:41 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2007-04-03 12:44 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 22:11 . 2010-10-15 15:40 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-04-16_00.26.49 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-16 13:04 . 2011-04-16 13:04 16384 c:\windows\Temp\Perflib_Perfdata_3d8.dat + 2004-08-04 12:00 . 2011-04-16 13:08 88602 c:\windows\system32\perfc009.dat - 2008-04-14 09:42 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll + 2008-04-14 09:42 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll - 2009-03-08 09:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll + 2009-03-08 09:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll - 2008-04-14 09:41 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll + 2008-04-14 09:41 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll + 2008-04-14 09:41 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll - 2008-04-14 09:41 . 2008-04-14 09:41 45568 c:\windows\system32\dnsrslvr.dll + 2009-11-12 20:11 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll - 2009-11-12 20:11 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll + 2008-04-14 09:42 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll - 2008-04-14 09:42 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll + 2009-11-12 20:11 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2009-11-12 20:11 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2008-04-14 09:41 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll + 2008-04-14 09:41 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll - 2008-04-14 09:41 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll + 2008-04-14 09:41 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll + 2008-04-14 09:41 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll - 2008-04-14 09:41 . 2008-04-14 09:41 45568 c:\windows\system32\dllcache\dnsrslvr.dll + 2011-02-10 08:10 . 2011-02-10 08:10 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - 2010-03-18 17:16 . 2010-03-18 17:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll + 2011-04-16 04:29 . 2011-04-16 04:29 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll - 2010-10-18 15:16 . 2010-10-18 15:16 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll - 2010-10-18 15:16 . 2010-10-18 15:16 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll + 2011-04-16 04:29 . 2011-04-16 04:29 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll - 2010-10-18 15:16 . 2010-10-18 15:16 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2011-04-16 04:29 . 2011-04-16 04:29 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll - 2010-10-18 15:16 . 2010-10-18 15:16 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll + 2011-04-16 04:29 . 2011-04-16 04:29 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll + 2011-04-16 04:29 . 2011-04-16 04:29 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll - 2010-10-18 15:16 . 2010-10-18 15:16 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll - 2010-10-18 15:15 . 2010-10-18 15:15 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll + 2011-04-16 04:29 . 2011-04-16 04:29 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll - 2010-10-18 15:15 . 2010-10-18 15:15 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll + 2011-04-16 04:29 . 2011-04-16 04:29 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll - 2010-10-18 15:15 . 2010-10-18 15:15 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll + 2011-04-16 04:29 . 2011-04-16 04:29 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll + 2011-04-16 04:29 . 2011-04-16 04:29 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll - 2010-10-18 15:15 . 2010-10-18 15:15 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll + 2011-04-16 04:29 . 2011-04-16 04:29 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll - 2010-10-18 15:15 . 2010-10-18 15:15 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll - 2010-10-18 15:14 . 2010-10-18 15:14 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2011-04-16 04:29 . 2011-04-16 04:29 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2011-04-16 04:29 . 2011-04-16 04:29 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll - 2010-10-18 15:15 . 2010-10-18 15:15 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll + 2011-04-16 04:29 . 2011-04-16 04:29 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll - 2010-10-18 15:15 . 2010-10-18 15:15 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll + 2011-04-16 04:29 . 2011-04-16 04:29 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll - 2010-10-18 15:15 . 2010-10-18 15:15 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll - 2010-10-18 15:14 . 2010-10-18 15:14 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2011-04-16 04:29 . 2011-04-16 04:29 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2010-10-18 15:15 . 2010-10-18 15:15 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2011-04-16 04:29 . 2011-04-16 04:29 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2011-04-16 04:29 . 2011-04-16 04:29 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2010-10-18 15:14 . 2010-10-18 15:14 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2011-04-16 04:29 . 2011-04-16 04:29 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2010-10-18 15:14 . 2010-10-18 15:14 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2011-04-16 04:29 . 2011-04-16 04:29 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2010-10-18 15:14 . 2010-10-18 15:14 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2011-02-22 01:44 . 2011-04-16 04:42 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe - 2011-02-22 01:44 . 2011-02-22 01:45 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2011-04-16 04:41 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll + 2011-04-16 04:40 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll + 2011-04-16 04:40 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll + 2011-04-16 04:40 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll + 2011-04-16 04:40 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll + 2011-04-16 13:48 . 2011-04-16 13:48 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9824b202ffe88c945577effdc7fc8fc3\UIAutomationProvider.ni.dll + 2011-04-16 13:51 . 2011-04-16 13:51 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\8e97109a6278b73bf4fd77b61ce6c154\System.Xaml.Hosting.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\6474ae2cebac637025eab3cbcdc9ffe6\System.Windows.Presentation.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\1070fda1dc17a4b0f121195f9c1ebcfe\System.Web.Routing.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\5a41a2282d6b6ac525073db4f0604677\System.Web.DynamicData.Design.ni.dll + 2011-04-16 13:47 . 2011-04-16 13:47 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\50cbf014f60fa88f67a763dfbead1fee\System.Web.ApplicationServices.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\8aa6f2e7225a8c20edda9ee3a260692a\System.Web.Abstractions.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f472171edc898ea876f14b97b4f332b8\System.ServiceModel.Channels.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2f4398558c8128f92887fde8660f1ca8\System.ServiceModel.ServiceMoniker40.ni.dll + 2011-04-16 13:48 . 2011-04-16 13:48 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\473102f936b4a823e5e2b2e6282c5104\System.AddIn.Contract.ni.dll + 2011-04-16 13:46 . 2011-04-16 13:46 37376 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\c4eae41feecde838e71941f5b7359b48\Microsoft.Workflow.Compiler.ni.exe + 2011-04-16 13:46 . 2011-04-16 13:46 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\1a21a54acf18fabfddb0b94d40e509a1\Microsoft.VisualC.ni.dll + 2011-04-16 13:44 . 2011-04-16 13:44 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\7600f9d2a3bc01ba15674667283c2e53\Accessibility.ni.dll + 2011-04-16 13:08 . 2011-04-16 13:08 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll + 2011-04-16 13:44 . 2011-04-16 13:44 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll + 2011-04-16 13:44 . 2011-04-16 13:44 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll + 2011-04-16 13:11 . 2011-04-16 13:11 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll + 2011-04-16 13:11 . 2011-04-16 13:11 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll + 2011-04-16 04:41 . 2011-04-16 04:41 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe + 2011-04-16 04:41 . 2011-04-16 04:41 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll + 2011-04-16 13:43 . 2011-04-16 13:43 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll + 2011-04-16 13:11 . 2011-04-16 13:11 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll + 2011-04-16 13:11 . 2011-04-16 13:11 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll + 2011-04-16 13:10 . 2011-04-16 13:10 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe + 2011-04-16 13:10 . 2011-04-16 13:10 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll + 2011-04-16 04:39 . 2011-04-16 04:39 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2010-10-18 14:36 . 2010-10-18 14:36 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2011-04-16 04:39 . 2011-04-16 04:39 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2010-10-18 14:36 . 2010-10-18 14:36 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2011-04-16 04:39 . 2011-04-16 04:39 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2010-10-18 14:37 . 2010-10-18 14:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2010-10-18 14:36 . 2010-10-18 14:36 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2011-04-16 04:39 . 2011-04-16 04:39 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2010-10-18 14:36 . 2010-10-18 14:36 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2011-04-16 04:39 . 2011-04-16 04:39 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2011-04-16 04:39 . 2011-04-16 04:39 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2010-10-18 14:36 . 2010-10-18 14:36 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2011-04-16 04:39 . 2011-04-16 04:39 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2010-10-18 14:36 . 2010-10-18 14:36 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2010-10-18 14:36 . 2010-10-18 14:36 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2011-04-16 04:39 . 2011-04-16 04:39 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2010-10-18 14:36 . 2010-10-18 14:36 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2011-04-16 04:39 . 2011-04-16 04:39 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2010-10-18 14:36 . 2010-10-18 14:36 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2011-04-16 04:39 . 2011-04-16 04:39 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2010-10-18 14:36 . 2010-10-18 14:36 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2011-04-16 04:39 . 2011-04-16 04:39 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2010-10-18 14:36 . 2010-10-18 14:36 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2011-04-16 04:39 . 2011-04-16 04:39 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2011-04-16 04:39 . 2011-04-16 04:39 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2010-10-18 14:36 . 2010-10-18 14:36 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2010-10-18 14:36 . 2010-10-18 14:36 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2011-04-16 04:39 . 2011-04-16 04:39 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2011-04-16 13:45 . 2011-04-16 13:45 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\1a4701c5a061d081b78353bd04349c3e\dfsvc.ni.exe + 2011-04-16 04:39 . 2011-04-16 04:39 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2010-10-18 14:36 . 2010-10-18 14:36 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2011-04-16 04:39 . 2011-04-16 04:39 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2010-10-18 14:36 . 2010-10-18 14:36 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2010-10-18 14:36 . 2010-10-18 14:36 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2011-04-16 04:39 . 2011-04-16 04:39 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2010-10-18 14:36 . 2010-10-18 14:36 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2011-04-16 04:39 . 2011-04-16 04:39 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2010-10-18 15:14 . 2010-10-18 15:14 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll + 2011-04-16 04:29 . 2011-04-16 04:29 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll + 2011-04-16 04:29 . 2011-04-16 04:29 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll - 2010-10-18 15:14 . 2010-10-18 15:14 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll - 2010-10-18 14:36 . 2010-10-18 14:36 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2011-04-16 04:39 . 2011-04-16 04:39 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2010-10-18 14:36 . 2010-10-18 14:36 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2011-04-16 04:39 . 2011-04-16 04:39 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2004-08-04 12:00 . 2011-04-16 13:08 503576 c:\windows\system32\perfh009.dat - 2008-04-14 09:42 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll + 2008-04-14 09:42 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll + 2008-04-14 09:42 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll - 2008-04-14 09:42 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll - 2008-04-14 09:42 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll + 2008-04-14 09:42 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll + 2009-03-08 09:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll - 2009-03-08 09:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll - 2008-04-14 09:41 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll + 2008-04-14 09:41 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll - 2008-04-14 09:41 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll + 2008-04-14 09:41 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll - 2008-04-14 09:41 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll + 2008-04-14 09:41 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll + 2008-04-14 09:42 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe - 2008-04-14 09:42 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe - 2009-11-12 13:59 . 2011-03-27 17:08 117360 c:\windows\system32\FNTCACHE.DAT + 2009-11-12 13:59 . 2011-04-16 13:04 117360 c:\windows\system32\FNTCACHE.DAT - 2008-04-14 04:49 . 2011-04-06 19:42 138496 c:\windows\system32\drivers\afd.sys + 2008-04-14 04:49 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys + 2008-04-14 09:41 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll + 2008-04-14 09:42 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll - 2008-04-14 09:42 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll + 2008-04-14 09:42 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll + 2008-04-14 04:45 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys - 2008-04-14 09:42 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll + 2008-04-14 09:42 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll - 2008-04-14 09:42 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll + 2008-04-14 09:42 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll + 2008-04-14 09:42 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll - 2008-04-14 09:42 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll - 2009-11-12 20:11 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll + 2009-11-12 20:11 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll + 2009-11-12 19:47 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys - 2007-04-03 12:44 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll + 2007-04-03 12:44 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll + 2008-04-14 09:41 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll - 2008-04-14 09:41 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll + 2008-04-14 09:41 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll - 2009-11-12 19:08 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll + 2009-11-12 19:08 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll + 2009-11-12 20:11 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll - 2009-11-12 20:11 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll + 2008-04-14 09:41 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll - 2008-04-14 09:41 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll + 2010-10-15 15:59 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll - 2010-10-15 15:59 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll - 2008-04-14 09:41 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2008-04-14 09:41 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2008-04-14 09:42 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe - 2008-04-14 09:42 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe + 2008-04-14 09:41 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll + 2008-04-14 09:39 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll - 2008-04-14 04:49 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys + 2008-04-14 04:49 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys - 2010-03-18 17:16 . 2010-03-18 17:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll + 2011-02-10 08:10 . 2011-02-10 08:10 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll + 2011-02-10 08:10 . 2011-02-10 08:10 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll - 2010-03-18 17:16 . 2010-03-18 17:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll - 2010-03-18 17:16 . 2010-03-18 17:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll + 2011-02-10 08:10 . 2011-02-10 08:10 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll + 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll + 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2011-04-16 04:29 . 2011-04-16 04:29 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll - 2010-10-18 15:16 . 2010-10-18 15:16 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll - 2010-10-18 15:16 . 2010-10-18 15:16 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2011-04-16 04:29 . 2011-04-16 04:29 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2011-04-16 04:29 . 2011-04-16 04:29 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll - 2010-10-18 15:15 . 2010-10-18 15:15 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll + 2011-04-16 04:29 . 2011-04-16 04:29 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll - 2010-10-18 15:15 . 2010-10-18 15:15 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll - 2010-10-18 15:15 . 2010-10-18 15:15 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2011-04-16 04:29 . 2011-04-16 04:29 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2010-10-18 15:15 . 2010-10-18 15:15 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll + 2011-04-16 04:29 . 2011-04-16 04:29 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll - 2010-10-18 15:15 . 2010-10-18 15:15 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2011-04-16 04:29 . 2011-04-16 04:29 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2011-04-16 04:29 . 2011-04-16 04:29 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll - 2010-10-18 15:15 . 2010-10-18 15:15 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll + 2011-04-16 04:29 . 2011-04-16 04:29 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll - 2010-10-18 15:15 . 2010-10-18 15:15 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll + 2011-04-16 04:29 . 2011-04-16 04:29 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll - 2010-10-18 15:15 . 2010-10-18 15:15 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll - 2010-10-18 15:15 . 2010-10-18 15:15 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2011-04-16 04:29 . 2011-04-16 04:29 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2011-04-16 04:29 . 2011-04-16 04:29 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2010-10-18 15:15 . 2010-10-18 15:15 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2011-04-16 04:29 . 2011-04-16 04:29 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2010-10-18 15:15 . 2010-10-18 15:15 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2011-04-16 04:29 . 2011-04-16 04:29 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll - 2010-10-18 15:15 . 2010-10-18 15:15 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll - 2010-10-18 15:15 . 2010-10-18 15:15 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll + 2011-04-16 04:29 . 2011-04-16 04:29 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll - 2010-10-18 15:15 . 2010-10-18 15:15 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2011-04-16 04:29 . 2011-04-16 04:29 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2010-10-18 15:15 . 2010-10-18 15:15 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2011-04-16 04:29 . 2011-04-16 04:29 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2011-04-16 04:29 . 2011-04-16 04:29 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll - 2010-10-18 15:15 . 2010-10-18 15:15 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll - 2010-10-18 15:15 . 2010-10-18 15:15 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2011-04-16 04:29 . 2011-04-16 04:29 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll - 2010-10-18 15:15 . 2010-10-18 15:15 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2011-04-16 04:29 . 2011-04-16 04:29 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll - 2010-10-18 15:15 . 2010-10-18 15:15 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll + 2011-04-16 04:29 . 2011-04-16 04:29 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll + 2011-04-16 04:29 . 2011-04-16 04:29 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll - 2010-10-18 15:14 . 2010-10-18 15:14 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll + 2011-04-16 04:29 . 2011-04-16 04:29 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2010-10-18 15:14 . 2010-10-18 15:14 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2011-04-16 04:29 . 2011-04-16 04:29 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2010-10-18 15:14 . 2010-10-18 15:14 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2010-10-18 15:14 . 2010-10-18 15:14 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2011-04-16 04:29 . 2011-04-16 04:29 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2011-04-16 04:29 . 2011-04-16 04:29 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll - 2010-10-18 15:14 . 2010-10-18 15:14 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll - 2010-10-18 15:14 . 2010-10-18 15:14 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2011-04-16 04:29 . 2011-04-16 04:29 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2010-10-18 15:14 . 2010-10-18 15:14 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2011-04-16 04:29 . 2011-04-16 04:29 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2011-04-16 04:29 . 2011-04-16 04:29 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll - 2010-10-18 15:15 . 2010-10-18 15:15 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll + 2011-04-16 04:29 . 2011-04-16 04:29 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll - 2010-10-18 15:15 . 2010-10-18 15:15 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll + 2011-04-16 04:29 . 2011-04-16 04:29 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2010-10-18 15:14 . 2010-10-18 15:14 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2010-10-18 15:15 . 2010-10-18 15:15 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll + 2011-04-16 04:29 . 2011-04-16 04:29 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll - 2010-10-18 15:15 . 2010-10-18 15:15 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll + 2011-04-16 04:29 . 2011-04-16 04:29 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll + 2011-04-16 04:29 . 2011-04-16 04:29 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll - 2010-10-18 15:15 . 2010-10-18 15:15 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll + 2011-04-16 04:29 . 2011-04-16 04:29 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll - 2010-10-18 15:15 . 2010-10-18 15:15 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll + 2011-04-16 04:29 . 2011-04-16 04:29 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2010-10-18 15:14 . 2010-10-18 15:14 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2011-04-16 04:29 . 2011-04-16 04:29 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll - 2010-10-18 15:16 . 2010-10-18 15:16 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll - 2010-10-18 15:16 . 2010-10-18 15:16 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2011-04-16 04:29 . 2011-04-16 04:29 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2011-04-16 04:29 . 2011-04-16 04:29 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll - 2010-10-18 15:16 . 2010-10-18 15:16 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll - 2010-10-18 15:16 . 2010-10-18 15:16 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll + 2011-04-16 04:29 . 2011-04-16 04:29 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll + 2011-04-16 04:29 . 2011-04-16 04:29 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll - 2010-10-18 15:16 . 2010-10-18 15:16 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2011-04-16 04:29 . 2011-04-16 04:29 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll - 2010-10-18 15:16 . 2010-10-18 15:16 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll + 2011-04-16 04:29 . 2011-04-16 04:29 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2010-10-18 15:14 . 2010-10-18 15:14 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2010-10-18 15:15 . 2010-10-18 15:15 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2011-04-16 04:29 . 2011-04-16 04:29 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2011-04-16 04:29 . 2011-04-16 04:29 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll - 2010-10-18 15:15 . 2010-10-18 15:15 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll + 2011-04-16 04:29 . 2011-04-16 04:29 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2010-10-18 15:14 . 2010-10-18 15:14 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2010-10-18 15:14 . 2010-10-18 15:14 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll + 2011-04-16 04:29 . 2011-04-16 04:29 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll + 2011-04-16 04:29 . 2011-04-16 04:29 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2010-10-18 15:15 . 2010-10-18 15:15 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2010-10-18 15:16 . 2010-10-18 15:16 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2011-04-16 04:29 . 2011-04-16 04:29 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2010-10-18 15:14 . 2010-10-18 15:14 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2011-04-16 04:29 . 2011-04-16 04:29 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2010-10-18 15:14 . 2010-10-18 15:14 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2011-04-16 04:29 . 2011-04-16 04:29 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2011-04-16 04:29 . 2011-04-16 04:29 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll - 2010-10-18 15:15 . 2010-10-18 15:15 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2011-02-22 01:44 . 2011-04-16 04:42 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2011-02-22 01:44 . 2011-02-22 01:45 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2011-04-16 04:25 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll + 2011-04-16 04:25 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll + 2011-04-16 04:25 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe + 2011-04-16 04:25 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll + 2011-04-16 04:40 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll + 2011-04-16 04:41 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll + 2011-04-16 04:41 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe + 2011-04-16 04:40 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll + 2011-04-16 04:40 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll + 2011-04-16 04:40 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll + 2011-04-16 04:41 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll + 2011-04-16 04:40 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll + 2011-04-16 04:41 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll + 2011-04-16 04:40 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll + 2011-04-16 04:41 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe + 2009-11-12 19:47 . 2011-02-17 13:18 455936 c:\windows\Driver Cache\i386\mrxsmb.sys + 2011-04-16 13:53 . 2011-04-16 13:53 399360 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\071230a3e7b1d19779210ed709761da4\XamlBuildTask.ni.dll + 2011-04-16 13:45 . 2011-04-16 13:45 353792 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\308200c3a43e5cd40f7ca07328be5d56\WsatConfig.ni.exe + 2011-04-16 13:53 . 2011-04-16 13:53 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\c854ff737035c79fdf1b56b95e28fdbc\WindowsFormsIntegration.ni.dll + 2011-04-16 13:48 . 2011-04-16 13:48 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c085fc0d222fb39afe14cc8e5eb32eee\UIAutomationTypes.ni.dll + 2011-04-16 13:53 . 2011-04-16 13:53 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\974f99cb0c5b67484ce5a3fd1fc5e7dd\UIAutomationClient.ni.dll + 2011-04-16 13:46 . 2011-04-16 13:46 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6d7c87b19bf40f2bc57ec4429b628c9a\System.Xml.Linq.ni.dll + 2011-04-16 13:48 . 2011-04-16 13:48 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\21eb4743be4fdd8df5f0a9cd0dd52f5d\System.Windows.Input.Manipulations.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 192512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\506e5c072114a604751e589a03818287\System.Windows.Forms.DataVisualization.Design.ni.dll + 2011-04-16 13:47 . 2011-04-16 13:48 218624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\4f6ed094f67cf65019b24b7ae4950047\System.Web.RegularExpressions.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 858112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\e48ad421c99a1dff1680d775abf7fdec\System.Web.Extensions.Design.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 332288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\25f74ac76ed1a5762f05984a8e8f675c\System.Web.Entity.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 296448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\022f7f8e65394aab269df0a14f3f8757\System.Web.Entity.Design.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c1a917d7d45e2e5731ab1a2c69bc3c79\System.Web.DynamicData.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\79696f4c00767d1db7c4a93b9e417359\System.Web.DataVisualization.Design.ni.dll + 2011-04-16 13:47 . 2011-04-16 13:47 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1fac5b5769af4e4dd0aa3f09d9834734\System.Transactions.ni.dll + 2011-04-16 13:48 . 2011-04-16 13:48 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\4e5c6a1e261c43961b19f4712359234f\System.ServiceProcess.ni.dll + 2011-04-16 13:51 . 2011-04-16 13:51 421888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d1f5920c45a89d29bfcaaf3e913f5b43\System.ServiceModel.Activation.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9fc58e83505ef6bf05a4529665c7737d\System.ServiceModel.Routing.ni.dll + 2011-04-16 04:33 . 2011-04-16 04:33 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\df00a90a0ca189eb49b071dfd9530347\System.Security.ni.dll + 2011-04-16 13:45 . 2011-04-16 13:45 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7de8fccb064fff0d219e8594a014b600\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2011-04-16 13:47 . 2011-04-16 13:47 767488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\585f1cfab91fc0c2c3e2a9f483a2a4a2\System.Runtime.Remoting.ni.dll + 2011-04-16 13:47 . 2011-04-16 13:47 239616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\46ecc1e6de3fba31062fe27e5bc2ef9c\System.Runtime.Caching.ni.dll + 2011-04-16 04:30 . 2011-04-16 04:30 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\f2304201110addb8170997ff442e87fc\System.Numerics.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56158e581a3dfce8f930fe7388cfe156\System.Net.ni.dll + 2011-04-16 13:51 . 2011-04-16 13:51 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\8b3e59239912537657fc7f9c6b88dd8a\System.Messaging.ni.dll + 2011-04-16 13:52 . 2011-04-16 13:52 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\117067671949b80852b0a7c112888b7b\System.Management.Instrumentation.ni.dll + 2011-04-16 13:51 . 2011-04-16 13:51 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\a483116d4df8444911c9d47fd99b8b95\System.IO.Log.ni.dll + 2011-04-16 13:51 . 2011-04-16 13:51 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3891b868ee83ca630686d547c328da31\System.IdentityModel.Selectors.ni.dll + 2011-04-16 13:47 . 2011-04-16 13:47 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.Wrapper.dll + 2011-04-16 13:47 . 2011-04-16 13:47 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.ni.dll + 2011-04-16 04:34 . 2011-04-16 04:34 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\f9b335b9f86afcae5a54949288010a0f\System.Dynamic.ni.dll + 2011-04-16 04:35 . 2011-04-16 04:35 223744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\bbb1323c2a613d3f4e9cfce17e03ee70\System.Drawing.Design.ni.dll + 2011-04-16 13:51 . 2011-04-16 13:51 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8a7ceaec74327e2be758e7291b8a5849\System.DirectoryServices.AccountManagement.ni.dll + 2011-04-16 13:48 . 2011-04-16 13:48 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\698dd101afeceb8ffc4a435b9be82038\System.DirectoryServices.Protocols.ni.dll + 2011-04-16 13:51 . 2011-04-16 13:51 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\65b4592d5d04a0c5b6f102f8d1e065e8\System.Device.ni.dll + 2011-04-16 13:51 . 2011-04-16 13:51 499712 |
|||
17-04-2011, 07:48
Bericht: #9
|
|||
|
|||
RE: Worst Infestation In 16 Years
Hi,
Your log got cut off at the end because it's too lenghty. This may be because you were probably in the middle of some Windows updates. Anyway, no need to repost it since the most important part (removal part) is listed and that looks OK. Citaat:BTW, should I turn off MS As long as you are using Bitdefender, I would disable MS Security Essentials. Even though they can work together, both running in the background may cause extra slowdowns. I don't know if you have purchased Bitdefender, or if this is a trial you are using. Keep in mind that, once the trial has expired, it won't be able to update anymore, thus won't protect you either for future threats. So, in that case, you can enable MS again afterwards (or purchase bitdefender in case you haven't done so). * Go to start > run and copy and paste next command in the field: ComboFix /Uninstall Make sure there's a space between Combofix and / Then hit enter. This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again. Let me know in your next reply how things are now. Director of Research @ Malwarebytes ![]() AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter. ![]() |
|||
|
Gebruikers die deze discussie lezen: 1 gast(en)