Jump to content

jotaro123

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jotaro123
    thx for the help much, i think il just reformat OS, now that i bought a portable Hard drive. Thx
  2. jotaro123
    i use both, perferably firefox. downloaded, now what i do?
  3. jotaro123
    real player download and plugin was fixed. When i start google pictures, and click on the "google.com" under the search bar to show ALL the pictures. It still cant turn the search options for safesearch. or change any other option. If i try, it takes me to the options page of google, and says. "Your cookies seem to be disabled. Setting preferences will not work until you enable cookies in your browser. " And the cookies are NOT disabled. it is on.
  4. jotaro123
    i tried ms fixit, all the program gives me is, Fixit trouble shooter cannot continue because an error occured This troubleshooter doesnt apply to this computer.
  5. jotaro123
    Sorry, yes i do still need help. I been busy with finals with for the moemnt. I will run the fix right now
  6. jotaro123
    I ran the program, and it restarted without prompt. So im not sure where to find the txt file. All i know is it found 2 viruses. Currently Svchost.exe does not seem to be bothering me, but i havent been long enough to be sure exactly. Google.com, when i search web or pictures, under the search bar it says "google.com" thats a link to the normal one. Before clicking to that link... Web- the links dont take me anywhere, just freeszes at white screen. After clicking "google.com" link, it gets me to the sites. Pictures- firefox, only shows 4-5 rows of pictures, when i press link, and if i get pass the redirect, it gives me all the pictures. Seems like there is a FAKE google...
  7. jotaro123
    Just to say a heads up, heres a problem. I am currently NOT using a router, im connected directly through the modem. There is only a power on and off switch. Our internet service is Arris, which is part phone as well, and im using the "find dns automaticly" option. I also have noticed that when i search google pictures, on firefox, it doesnt show all the pages. And under the search bar, it says "go to google.com" and by clicking that it takes me to the "full" pages of pictures. Im also getting a Scour redirect. Also in my temp folder, random .exe viruses keep popping up time to time. and avg used to block them from running but now i dont have avg so its a problem. Any solutions??
  8. jotaro123
    ComboFix 11-06-14.03 - Jackson 06/14/2011 20:11:05.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2710 [GMT -7:00] Running from: c:\documents and settings\Jackson\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Jackson\Desktop\CFScript.txt . . ((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 ))))))))))))))))))))))))))))))) . . 2011-06-13 22:52 . 2011-06-13 22:52 -------- d-----w- c:\program files\ESET 2011-06-13 22:33 . 2011-06-13 22:33 -------- d-----w- c:\program files\EXordium Team 2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Conduit 2011-06-12 23:18 . 2011-06-12 23:18 -------- d-----w- c:\program files\Conduit 2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\uTorrentBar 2011-06-12 23:13 . 2011-06-12 23:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\temp 2011-06-12 23:12 . 2011-06-12 23:12 -------- d-----w- c:\program files\uTorrent 2011-06-12 23:12 . 2011-06-13 22:28 -------- d-----w- c:\documents and settings\Jackson\Application Data\uTorrent 2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm 2011-06-10 14:55 . 2011-06-10 14:55 -------- d-----w- c:\program files\Siber Systems 2011-06-10 14:52 . 2011-06-10 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff 2011-06-10 14:40 . 2011-06-10 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SwagHack_Galaxy_Edition_3 2011-06-10 04:52 . 2011-06-10 04:52 -------- d--h--w- c:\windows\PIF 2011-06-08 07:30 . 2011-06-08 07:30 -------- d-----w- c:\program files\Microsoft.NET 2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- C:\Hotspot Shield 2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- c:\program files\Hotspot Shield 2011-06-08 03:44 . 2011-06-08 03:44 388096 ----a-r- c:\documents and settings\Jackson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-08 03:44 . 2011-06-08 03:44 -------- d-----w- c:\program files\Trend Micro 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\Jackson\Application Data\Malwarebytes 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-06-07 14:22 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-07 14:22 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-07 05:45 . 2011-06-07 05:45 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-07 05:43 . 2011-06-07 05:43 -------- d-----w- c:\program files\OpenAL 2011-06-07 05:02 . 2011-06-07 05:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-06-04 22:22 . 2011-06-07 05:44 -------- d-----w- c:\program files\AutoHotkey 2011-06-04 22:22 . 2011-06-04 22:22 -------- d-----w- c:\windows\ShellNew 2011-06-04 01:09 . 2011-06-04 01:09 -------- d-----w- c:\program files\Common Files\xing shared 2011-06-04 01:08 . 2011-06-04 01:09 -------- d-----w- c:\program files\Real 2011-06-04 00:58 . 2011-06-04 00:59 -------- d-----w- c:\documents and settings\Jackson\dwhelper 2011-06-03 22:20 . 2011-06-03 22:20 -------- d-----w- C:\AeriaGames 2011-06-03 06:22 . 2011-06-07 22:58 -------- d-----w- c:\program files\Common Files\Akamai 2011-06-01 22:23 . 2011-06-01 22:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-06-01 22:23 . 2011-06-01 22:23 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-06-01 14:29 . 2011-06-07 05:44 -------- d-----w- C:\Gamigo 2011-05-29 22:03 . 2011-05-30 19:57 -------- d-----w- c:\program files\Bounty Bay Online 2011-05-29 02:13 . 2011-05-29 02:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Wicked_Interactive_LTD 2011-05-29 02:02 . 2011-06-04 06:27 -------- d-----w- c:\program files\SubaGames 2011-05-28 22:06 . 2011-05-28 22:07 -------- d-----w- c:\documents and settings\Jackson\Application Data\VMK Pal 2011-05-24 03:21 . 2011-05-24 03:21 -------- d-----w- c:\windows\Sun 2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\program files\Flip Video 2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video 2011-05-24 02:34 . 2011-05-24 02:34 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\WMTools Downloaded Files 2011-05-21 16:25 . 2011-06-14 22:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-21 00:33 . 2011-05-21 00:33 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Mozilla 2011-05-20 06:18 . 2011-05-20 06:42 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Panda3D 2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\Common Files\SourceTec 2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\SourceTec . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-04 01:08 . 2011-04-30 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-04 01:08 . 2011-04-30 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-04 06:17 . 2011-05-04 06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-04 06:17 . 2011-05-04 06:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-30 22:38 . 2011-04-30 22:38 315392 ----a-w- c:\windows\HideWin.exe 2011-04-14 16:26 . 2011-05-21 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-06-14_04.49.53 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-15 03:24 . 2011-06-15 03:24 16384 c:\windows\temp\Perflib_Perfdata_790.dat - 2008-04-14 12:00 . 2011-06-14 04:36 77366 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2011-06-15 03:12 77366 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2011-06-15 03:12 458926 c:\windows\system32\perfh009.dat - 2008-04-14 12:00 . 2011-06-14 04:36 458926 c:\windows\system32\perfh009.dat + 2011-06-14 22:21 . 2011-06-14 22:21 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe + 2011-05-26 23:39 . 2011-06-14 22:21 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll - 2011-05-26 23:39 . 2011-05-26 23:39 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424] "NVHotkey"="nvHotkey.dll" [2011-01-08 178792] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664] "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-04 273544] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Outspark\\Project Powder\\Run.exe"= "c:\\Program Files\\REACTOR\\REACTOR.exe"= "c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"= "c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"= "c:\\Gamigo\\Elements of War Online\\EoW.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Jackson\\My Documents\\Downloads\\utorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56371:TCP"= 56371:TCP:Pando Media Booster "56371:UDP"= 56371:UDP:Pando Media Booster "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1033:TCP"= 1033:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [6/2/2011 4:18 PM 298824] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?] S0 cerc6;cerc6; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/7/2011 7:22 AM 22712] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 7:22 AM 366640] . Contents of the 'Scheduled Tasks' folder . 2011-06-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-630328440-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-630328440-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - about:home . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-14 20:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1672) c:\windows\system32\WININET.dll c:\windows\System32\BCMLogon.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll . - - - - - - - > 'lsass.exe'(1732) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3940) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\windows\RTHDCPL.EXE c:\program files\Flip Video\FlipShare\FlipShareService.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\DellTPad\HidFind.exe c:\program files\Hotspot Shield\bin\hsswd.exe c:\program files\DellTPad\Apntex.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Completion time: 2011-06-14 20:30:59 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-15 03:30 ComboFix2.txt 2011-06-15 00:26 ComboFix3.txt 2011-06-14 04:55 ComboFix4.txt 2011-06-12 22:11 ComboFix5.txt 2011-06-15 03:03 . Pre-Run: 183,495,106,560 bytes free Post-Run: 183,816,896,512 bytes free . - - End Of File - - AC1A31A650664B38067B3928D124B3E9 ======================= SAME PROBLEMS STILL =======================
  9. jotaro123
    Heres the first one, and imma do the next one u told me just now. ComboFix 11-06-14.01 - Jackson 06/14/2011 17:05:54.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2710 [GMT -7:00] Running from: c:\documents and settings\Jackson\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Jackson\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\LocalService\Local Settings\Application Data\ecbvksryx.exe c:\program files\ConduitEngine c:\program files\ConduitEngine\appContextMenu.xml c:\program files\ConduitEngine\ConduitEngine.dll c:\program files\ConduitEngine\ConduitEngineHelper.exe c:\program files\ConduitEngine\ConduitEngineUninstall.exe c:\program files\ConduitEngine\engineContextMenu.xml c:\program files\ConduitEngine\EngineSettings.json c:\program files\ConduitEngine\INSTALL.LOG c:\program files\ConduitEngine\toolbar.cfg c:\program files\uTorrentBar c:\program files\uTorrentBar\GottenAppsContextMenu.xml c:\program files\uTorrentBar\INSTALL.LOG c:\program files\uTorrentBar\OtherAppsContextMenu.xml c:\program files\uTorrentBar\SharedAppsContextMenu.xml c:\program files\uTorrentBar\tbuTor.dll c:\program files\uTorrentBar\toolbar.cfg c:\program files\uTorrentBar\ToolbarContextMenu.xml c:\program files\uTorrentBar\UNWISE.EXE c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe . . ((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 ))))))))))))))))))))))))))))))) . . 2011-06-13 22:52 . 2011-06-13 22:52 -------- d-----w- c:\program files\ESET 2011-06-13 22:33 . 2011-06-13 22:33 -------- d-----w- c:\program files\EXordium Team 2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Conduit 2011-06-12 23:18 . 2011-06-12 23:18 -------- d-----w- c:\program files\Conduit 2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\uTorrentBar 2011-06-12 23:13 . 2011-06-12 23:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\temp 2011-06-12 23:12 . 2011-06-12 23:12 -------- d-----w- c:\program files\uTorrent 2011-06-12 23:12 . 2011-06-13 22:28 -------- d-----w- c:\documents and settings\Jackson\Application Data\uTorrent 2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm 2011-06-10 14:55 . 2011-06-10 14:55 -------- d-----w- c:\program files\Siber Systems 2011-06-10 14:52 . 2011-06-10 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff 2011-06-10 14:40 . 2011-06-10 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SwagHack_Galaxy_Edition_3 2011-06-10 04:52 . 2011-06-10 04:52 -------- d--h--w- c:\windows\PIF 2011-06-08 07:30 . 2011-06-08 07:30 -------- d-----w- c:\program files\Microsoft.NET 2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- C:\Hotspot Shield 2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- c:\program files\Hotspot Shield 2011-06-08 03:44 . 2011-06-08 03:44 388096 ----a-r- c:\documents and settings\Jackson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-08 03:44 . 2011-06-08 03:44 -------- d-----w- c:\program files\Trend Micro 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\Jackson\Application Data\Malwarebytes 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-06-07 14:22 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-07 14:22 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-07 05:45 . 2011-06-07 05:45 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-07 05:43 . 2011-06-07 05:43 -------- d-----w- c:\program files\OpenAL 2011-06-07 05:02 . 2011-06-07 05:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-06-04 22:22 . 2011-06-07 05:44 -------- d-----w- c:\program files\AutoHotkey 2011-06-04 22:22 . 2011-06-04 22:22 -------- d-----w- c:\windows\ShellNew 2011-06-04 01:09 . 2011-06-04 01:09 -------- d-----w- c:\program files\Common Files\xing shared 2011-06-04 01:08 . 2011-06-04 01:09 -------- d-----w- c:\program files\Real 2011-06-04 00:58 . 2011-06-04 00:59 -------- d-----w- c:\documents and settings\Jackson\dwhelper 2011-06-03 22:20 . 2011-06-03 22:20 -------- d-----w- C:\AeriaGames 2011-06-03 06:22 . 2011-06-07 22:58 -------- d-----w- c:\program files\Common Files\Akamai 2011-06-01 22:23 . 2011-06-01 22:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-06-01 22:23 . 2011-06-01 22:23 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-06-01 14:29 . 2011-06-07 05:44 -------- d-----w- C:\Gamigo 2011-05-29 22:03 . 2011-05-30 19:57 -------- d-----w- c:\program files\Bounty Bay Online 2011-05-29 02:13 . 2011-05-29 02:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Wicked_Interactive_LTD 2011-05-29 02:02 . 2011-06-04 06:27 -------- d-----w- c:\program files\SubaGames 2011-05-28 22:06 . 2011-05-28 22:07 -------- d-----w- c:\documents and settings\Jackson\Application Data\VMK Pal 2011-05-24 03:21 . 2011-05-24 03:21 -------- d-----w- c:\windows\Sun 2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\program files\Flip Video 2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video 2011-05-24 02:34 . 2011-05-24 02:34 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\WMTools Downloaded Files 2011-05-21 16:25 . 2011-06-14 22:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-21 00:33 . 2011-05-21 00:33 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Mozilla 2011-05-20 06:18 . 2011-05-20 06:42 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Panda3D 2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\Common Files\SourceTec 2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\SourceTec . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-04 01:08 . 2011-04-30 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-04 01:08 . 2011-04-30 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-04 06:17 . 2011-05-04 06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-04 06:17 . 2011-05-04 06:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-30 22:38 . 2011-04-30 22:38 315392 ----a-w- c:\windows\HideWin.exe 2011-04-14 16:26 . 2011-05-21 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-06-14_04.49.53 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-15 00:20 . 2011-06-15 00:20 16384 c:\windows\temp\Perflib_Perfdata_108.dat - 2008-04-14 12:00 . 2011-06-14 04:36 77366 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2011-06-15 00:07 77366 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2011-06-15 00:07 458926 c:\windows\system32\perfh009.dat - 2008-04-14 12:00 . 2011-06-14 04:36 458926 c:\windows\system32\perfh009.dat + 2011-06-14 22:21 . 2011-06-14 22:21 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe + 2011-05-26 23:39 . 2011-06-14 22:21 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll - 2011-05-26 23:39 . 2011-05-26 23:39 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424] "NVHotkey"="nvHotkey.dll" [2011-01-08 178792] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664] "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-04 273544] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Outspark\\Project Powder\\Run.exe"= "c:\\Program Files\\REACTOR\\REACTOR.exe"= "c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"= "c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"= "c:\\Gamigo\\Elements of War Online\\EoW.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Jackson\\My Documents\\Downloads\\utorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56371:TCP"= 56371:TCP:Pando Media Booster "56371:UDP"= 56371:UDP:Pando Media Booster "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1033:TCP"= 1033:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "11991:TCP"= 11991:TCP:spport . R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [6/2/2011 4:18 PM 298824] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?] S0 cerc6;cerc6; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/7/2011 7:22 AM 22712] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 7:22 AM 366640] . Contents of the 'Scheduled Tasks' folder . 2011-06-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-630328440-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-630328440-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - about:home . - - - - ORPHANS REMOVED - - - - . AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-14 17:20 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1668) c:\windows\system32\WININET.dll c:\windows\System32\BCMLogon.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll . - - - - - - - > 'lsass.exe'(1728) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(320) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\windows\RTHDCPL.EXE c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\HidFind.exe c:\program files\DellTPad\Apntex.exe c:\program files\Flip Video\FlipShare\FlipShareService.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Hotspot Shield\bin\hsswd.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Completion time: 2011-06-14 17:26:39 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-15 00:26 ComboFix2.txt 2011-06-14 04:55 ComboFix3.txt 2011-06-12 22:11 ComboFix4.txt 2011-06-12 20:34 . Pre-Run: 183,617,363,968 bytes free Post-Run: 183,903,727,616 bytes free . - - End Of File - - 7E1610BA38FC6B37DF5AAE3B55238952 Im gonna do the next one now. === Issues === Svchost.exe -extensive internet connection and CPU usage. Redirection- internet Random Internet tab opens up, page is unknown, i always close the page before looking at it.
  10. jotaro123
    Security Shield FAKE antivirus keeps popping back up. This was the virus i was talking about earlier. Why is that? Log for RKILL ================================================================== This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 06/14/2011 at 15:47:39. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\ecbvksryx.exe C:\WINDOWS\system32\grpconv.exe Rkill completed on 06/14/2011 at 15:47:50. =============================================================== I don't know if this helps so i just thought to post it.
  11. jotaro123
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424] "NVHotkey"="nvHotkey.dll" [2011-01-08 178792] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664] "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-04 273544] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Outspark\\Project Powder\\Run.exe"= "c:\\Program Files\\REACTOR\\REACTOR.exe"= "c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"= "c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"= "c:\\Gamigo\\Elements of War Online\\EoW.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Jackson\\My Documents\\Downloads\\utorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56371:TCP"= 56371:TCP:Pando Media Booster "56371:UDP"= 56371:UDP:Pando Media Booster "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1033:TCP"= 1033:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "11991:TCP"= 11991:TCP:spport . R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [6/2/2011 4:18 PM 298824] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?] S0 cerc6;cerc6; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/7/2011 7:22 AM 22712] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 7:22 AM 366640] . Contents of the 'Scheduled Tasks' folder . 2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-630328440-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-06-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-630328440-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - about:home . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-13 21:49 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1672) c:\windows\system32\WININET.dll c:\windows\System32\BCMLogon.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll . - - - - - - - > 'lsass.exe'(1732) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2380) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Flip Video\FlipShare\FlipShareService.exe c:\windows\system32\rundll32.exe c:\windows\RTHDCPL.EXE c:\program files\DellTPad\ApMsgFwd.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\DellTPad\HidFind.exe c:\program files\Hotspot Shield\bin\hsswd.exe c:\program files\DellTPad\Apntex.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Completion time: 2011-06-13 21:55:35 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-14 04:55 ComboFix2.txt 2011-06-12 22:11 ComboFix3.txt 2011-06-12 20:34 . Pre-Run: 183,115,476,992 bytes free Post-Run: 183,917,113,344 bytes free . - - End Of File - - 925DDD023317803FC123F6AC450812DF ==Problems as of now== -Svchost.exe excessive cpu usage (slows internet down) -Browser redirection. (i tested to see if it would happen, took me to STOPzilla) -Not of importance, but msn messenger, friend pics stopped showing in "friends list". After this comboFix session. Quick question, what program should i use as antivirus? since i do not have avg currently.
  12. jotaro123
    ComboFix 11-06-13.02 - Jackson 06/13/2011 21:34:44.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2686 [GMT -7:00] Running from: c:\documents and settings\Jackson\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Jackson\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Jackson\Application Data\PriceGong c:\documents and settings\Jackson\Application Data\PriceGong\Data\mru.xml . . ((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 ))))))))))))))))))))))))))))))) . . 2011-06-13 22:52 . 2011-06-13 22:52 -------- d-----w- c:\program files\ESET 2011-06-13 22:33 . 2011-06-13 22:33 -------- d-----w- c:\program files\EXordium Team 2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Conduit 2011-06-12 23:18 . 2011-06-12 23:18 -------- d-----w- c:\program files\Conduit 2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\uTorrentBar 2011-06-12 23:13 . 2011-06-12 23:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\temp 2011-06-12 23:12 . 2011-06-12 23:12 -------- d-----w- c:\program files\uTorrent 2011-06-12 23:12 . 2011-06-13 22:28 -------- d-----w- c:\documents and settings\Jackson\Application Data\uTorrent 2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm 2011-06-10 14:55 . 2011-06-10 14:55 -------- d-----w- c:\program files\Siber Systems 2011-06-10 14:52 . 2011-06-10 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff 2011-06-10 14:40 . 2011-06-10 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SwagHack_Galaxy_Edition_3 2011-06-10 04:52 . 2011-06-10 04:52 -------- d--h--w- c:\windows\PIF 2011-06-08 07:30 . 2011-06-08 07:30 -------- d-----w- c:\program files\Microsoft.NET 2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- C:\Hotspot Shield 2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- c:\program files\Hotspot Shield 2011-06-08 03:44 . 2011-06-08 03:44 388096 ----a-r- c:\documents and settings\Jackson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-08 03:44 . 2011-06-08 03:44 -------- d-----w- c:\program files\Trend Micro 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\Jackson\Application Data\Malwarebytes 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-06-07 14:22 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-07 14:22 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-07 05:45 . 2011-06-07 05:45 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-07 05:43 . 2011-06-07 05:43 -------- d-----w- c:\program files\OpenAL 2011-06-07 05:02 . 2011-06-07 05:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-06-04 22:22 . 2011-06-07 05:44 -------- d-----w- c:\program files\AutoHotkey 2011-06-04 22:22 . 2011-06-04 22:22 -------- d-----w- c:\windows\ShellNew 2011-06-04 01:09 . 2011-06-04 01:09 -------- d-----w- c:\program files\Common Files\xing shared 2011-06-04 01:08 . 2011-06-04 01:09 -------- d-----w- c:\program files\Real 2011-06-04 00:58 . 2011-06-04 00:59 -------- d-----w- c:\documents and settings\Jackson\dwhelper 2011-06-03 22:20 . 2011-06-03 22:20 -------- d-----w- C:\AeriaGames 2011-06-03 06:22 . 2011-06-07 22:58 -------- d-----w- c:\program files\Common Files\Akamai 2011-06-01 22:23 . 2011-06-01 22:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-06-01 22:23 . 2011-06-01 22:23 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-06-01 14:29 . 2011-06-07 05:44 -------- d-----w- C:\Gamigo 2011-05-29 22:03 . 2011-05-30 19:57 -------- d-----w- c:\program files\Bounty Bay Online 2011-05-29 02:13 . 2011-05-29 02:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Wicked_Interactive_LTD 2011-05-29 02:02 . 2011-06-04 06:27 -------- d-----w- c:\program files\SubaGames 2011-05-28 22:06 . 2011-05-28 22:07 -------- d-----w- c:\documents and settings\Jackson\Application Data\VMK Pal 2011-05-24 03:21 . 2011-05-24 03:21 -------- d-----w- c:\windows\Sun 2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\program files\Flip Video 2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video 2011-05-24 02:34 . 2011-05-24 02:34 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\WMTools Downloaded Files 2011-05-21 16:25 . 2011-05-26 23:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-21 00:33 . 2011-05-21 00:33 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Mozilla 2011-05-20 06:18 . 2011-05-20 06:42 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Panda3D 2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\Common Files\SourceTec 2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\SourceTec 2011-05-15 21:29 . 2011-05-15 21:29 -------- d-----w- c:\documents and settings\Jackson\Application Data\Need for Speed World . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-04 01:08 . 2011-04-30 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-04 01:08 . 2011-04-30 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-04 06:17 . 2011-05-04 06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-04 06:17 . 2011-05-04 06:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-30 22:38 . 2011-04-30 22:38 315392 ----a-w- c:\windows\HideWin.exe 2011-04-14 16:26 . 2011-05-21 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-06-12_20.29.02 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-13 04:39 . 2011-06-13 04:39 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe - 2011-06-08 07:37 . 2011-06-08 07:37 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe + 2011-06-14 04:49 . 2011-06-14 04:49 16384 c:\windows\temp\Perflib_Perfdata_550.dat + 2008-04-14 12:00 . 2011-06-14 04:36 77366 c:\windows\system32\perfc009.dat + 2011-04-30 18:07 . 2011-06-13 14:47 53029 c:\windows\system32\nvModes.dat - 2011-04-30 18:07 . 2011-06-10 15:30 53029 c:\windows\system32\nvModes.dat - 2010-03-18 20:16 . 2010-03-18 20:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll + 2011-02-10 11:10 . 2011-02-10 11:10 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - 2011-06-08 07:37 . 2011-06-08 07:37 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll + 2011-06-13 04:39 . 2011-06-13 04:39 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll - 2011-06-08 07:32 . 2011-06-08 07:32 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2011-06-13 04:35 . 2011-06-13 04:35 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll - 2011-06-08 07:32 . 2011-06-08 07:32 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll + 2011-06-13 04:35 . 2011-06-13 04:35 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll - 2011-06-08 07:32 . 2011-06-08 07:32 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2011-06-13 04:35 . 2011-06-13 04:35 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll - 2011-06-08 07:37 . 2011-06-08 07:37 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll + 2011-06-13 04:39 . 2011-06-13 04:39 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll - 2011-06-08 07:32 . 2011-06-08 07:32 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll + 2011-06-13 04:35 . 2011-06-13 04:35 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll - 2011-06-08 07:32 . 2011-06-08 07:32 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll + 2011-06-13 04:35 . 2011-06-13 04:35 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll - 2011-06-08 07:37 . 2011-06-08 07:37 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll + 2011-06-13 04:39 . 2011-06-13 04:39 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll + 2011-06-13 04:39 . 2011-06-13 04:39 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll - 2011-06-08 07:36 . 2011-06-08 07:36 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll - 2011-06-08 07:37 . 2011-06-08 07:37 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2011-06-13 04:39 . 2011-06-13 04:39 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2011-06-13 04:39 . 2011-06-13 04:39 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll - 2011-06-08 07:36 . 2011-06-08 07:36 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll + 2011-06-13 04:39 . 2011-06-13 04:39 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll - 2011-06-08 07:36 . 2011-06-08 07:36 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll - 2011-06-08 07:31 . 2011-06-08 07:31 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll + 2011-06-13 04:35 . 2011-06-13 04:35 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll - 2011-06-08 07:36 . 2011-06-08 07:36 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll + 2011-06-13 04:39 . 2011-06-13 04:39 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll - 2011-06-08 07:37 . 2011-06-08 07:37 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2011-06-13 04:39 . 2011-06-13 04:39 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll - 2011-06-08 07:37 . 2011-06-08 07:37 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll + 2011-06-13 04:39 . 2011-06-13 04:39 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll - 2011-06-08 07:31 . 2011-06-08 07:31 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll + 2011-06-13 04:35 . 2011-06-13 04:35 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll - 2011-06-08 07:36 . 2011-06-08 07:36 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll + 2011-06-13 04:39 . 2011-06-13 04:39 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll + 2011-06-13 04:35 . 2011-06-13 04:35 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll - 2011-06-08 07:31 . 2011-06-08 07:31 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll - 2011-06-08 07:36 . 2011-06-08 07:36 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2011-06-13 04:39 . 2011-06-13 04:39 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2011-06-08 07:31 . 2011-06-08 07:31 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll + 2011-06-13 04:35 . 2011-06-13 04:35 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll + 2011-06-13 04:35 . 2011-06-13 04:35 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll - 2011-06-08 07:31 . 2011-06-08 07:31 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll + 2011-06-13 04:34 . 2011-06-13 04:34 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2011-06-08 07:31 . 2011-06-08 07:31 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2011-06-13 04:35 . 2011-06-13 04:35 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll - 2011-06-08 07:31 . 2011-06-08 07:31 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll + 2011-06-13 04:35 . 2011-06-13 04:35 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll - 2011-06-08 07:31 . 2011-06-08 07:31 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll - 2011-06-08 07:31 . 2011-06-08 07:31 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll + 2011-06-13 04:35 . 2011-06-13 04:35 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll - 2011-06-08 07:37 . 2011-06-08 07:37 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe + 2011-06-13 04:39 . 2011-06-13 04:39 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe + 2011-06-13 04:34 . 2011-06-13 04:34 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2011-06-08 07:31 . 2011-06-08 07:31 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2011-06-08 07:36 . 2011-06-08 07:36 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll + 2011-06-13 04:39 . 2011-06-13 04:39 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll + 2011-06-13 04:35 . 2011-06-13 04:35 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2011-06-08 07:31 . 2011-06-08 07:31 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2011-06-13 04:39 . 2011-06-13 04:39 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll - 2011-06-08 07:37 . 2011-06-08 07:37 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll - 2011-06-08 07:31 . 2011-06-08 07:31 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2011-06-13 04:34 . 2011-06-13 04:34 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2011-06-13 04:34 . 2011-06-13 04:34 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2011-06-08 07:31 . 2011-06-08 07:31 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2011-06-13 04:34 . 2011-06-13 04:34 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2011-06-08 07:31 . 2011-06-08 07:31 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2011-06-13 05:30 . 2011-06-13 05:30 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\d5041fb072aaf67ac45360a47e23f034\UIAutomationProvider.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\d1a8b9a40ba87da3ea0c2c91ff51e47d\System.Xaml.Hosting.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\cc3e76326ee0e01ca86f8bb4456591c2\System.Windows.Presentation.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\8a8f45f8da85ed5b12b5f9278f77698b\System.Web.Routing.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\8cd8a9c440d0bc26f067ff2e52847987\System.Web.DynamicData.Design.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\81e1e3056d0c52027becb2f41ad9485d\System.Web.ApplicationServices.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\28dc31cd52a08c6791d423880ce5fdeb\System.Web.Abstractions.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ca5ab53ed64b64fbe0ea452dfb01fbb5\System.ServiceModel.Channels.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9aab569e93ab042f448660f9f1622dda\System.ServiceModel.ServiceMoniker40.ni.dll + 2011-06-13 05:31 . 2011-06-13 05:31 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\20c8c3c45d3422008f183f450401169a\System.AddIn.Contract.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 37376 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\d6a22b4b33d5888483a41b40be4c63e4\Microsoft.Workflow.Compiler.ni.exe + 2011-06-13 05:30 . 2011-06-13 05:30 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\104c4014266e2fc285779f63f14baee8\Microsoft.VisualC.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\ac4619f20486b1bae2d8666b57568bb5\Accessibility.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b1c4b8eb5d8e39b56b6808b1c171d48b\dfsvc.ni.exe - 2011-06-08 07:31 . 2011-06-08 07:31 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll + 2011-06-13 04:34 . 2011-06-13 04:34 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll - 2011-06-08 07:31 . 2011-06-08 07:31 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll + 2011-06-13 04:34 . 2011-06-13 04:34 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll + 2008-04-14 12:00 . 2011-06-14 04:36 458926 c:\windows\system32\perfh009.dat + 2011-02-10 11:10 . 2011-02-10 11:10 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll - 2010-03-18 20:16 . 2010-03-18 20:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll - 2010-03-18 20:16 . 2010-03-18 20:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll + 2011-02-10 11:10 . 2011-02-10 11:10 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll - 2010-03-18 20:16 . 2010-03-18 20:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll + 2011-02-10 11:10 . 2011-02-10 11:10 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - 2011-06-08 07:32 . 2011-06-08 07:32 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll + 2011-06-13 04:35 . 2011-06-13 04:35 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll - 2011-06-08 07:32 . 2011-06-08 07:32 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2011-06-13 04:35 . 2011-06-13 04:35 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2011-06-13 04:35 . 2011-06-13 04:35 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll - 2011-06-08 07:31 . 2011-06-08 07:31 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll - 2011-06-08 07:32 . 2011-06-08 07:32 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll + 2011-06-13 04:35 . 2011-06-13 04:35 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll + 2011-06-13 04:39 . 2011-06-13 04:39 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll - 2011-06-08 07:37 . 2011-06-08 07:37 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll + 2011-06-13 04:39 . 2011-06-13 04:39 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll - 2011-06-08 07:37 . 2011-06-08 07:37 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll - 2011-06-08 07:32 . 2011-06-08 07:32 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2011-06-13 04:35 . 2011-06-13 04:35 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2011-06-13 04:39 . 2011-06-13 04:39 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2011-06-08 07:37 . 2011-06-08 07:37 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2011-06-08 07:36 . 2011-06-08 07:36 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll + 2011-06-13 04:39 . 2011-06-13 04:39 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll + 2011-06-13 04:39 . 2011-06-13 04:39 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll - 2011-06-08 07:36 . 2011-06-08 07:36 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll - 2011-06-08 07:36 . 2011-06-08 07:36 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll + 2011-06-13 04:39 . 2011-06-13 04:39 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll + 2011-06-13 04:39 . 2011-06-13 04:39 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll - 2011-06-08 07:36 . 2011-06-08 07:36 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll - 2011-06-08 07:32 . 2011-06-08 07:32 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll + 2011-06-13 04:35 . 2011-06-13 04:35 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll - 2011-06-08 07:31 . 2011-06-08 07:31 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2011-06-13 04:34 . 2011-06-13 04:34 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2011-06-13 04:39 . 2011-06-13 04:39 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll - 2011-06-08 07:37 . 2011-06-08 07:37 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll + 2011-06-13 04:35 . 2011-06-13 04:35 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll - 2011-06-08 07:31 . 2011-06-08 07:31 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll - 2011-06-08 07:31 . 2011-06-08 07:31 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll + 2011-06-13 04:35 . 2011-06-13 04:35 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll - 2011-06-08 07:31 . 2011-06-08 07:31 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll + 2011-06-13 04:35 . 2011-06-13 04:35 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll + 2011-06-13 04:39 . 2011-06-13 04:39 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll - 2011-06-08 07:37 . 2011-06-08 07:37 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll - 2011-06-08 07:31 . 2011-06-08 07:31 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2011-06-13 04:34 . 2011-06-13 04:34 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2011-06-13 04:35 . 2011-06-13 04:35 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2011-06-08 07:31 . 2011-06-08 07:31 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2011-06-13 04:35 . 2011-06-13 04:35 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2011-06-08 07:32 . 2011-06-08 07:32 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2011-06-08 07:31 . 2011-06-08 07:31 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll + 2011-06-13 04:35 . 2011-06-13 04:35 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll - 2011-06-08 07:31 . 2011-06-08 07:31 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll + 2011-06-13 04:35 . 2011-06-13 04:35 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll + 2011-06-13 04:35 . 2011-06-13 04:35 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2011-06-08 07:31 . 2011-06-08 07:31 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2011-06-08 07:31 . 2011-06-08 07:31 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2011-06-13 04:34 . 2011-06-13 04:34 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2011-06-08 07:31 . 2011-06-08 07:31 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll + 2011-06-13 04:35 . 2011-06-13 04:35 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll + 2011-06-13 04:35 . 2011-06-13 04:35 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll - 2011-06-08 07:31 . 2011-06-08 07:31 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2011-06-13 04:35 . 2011-06-13 04:35 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll - 2011-06-08 07:31 . 2011-06-08 07:31 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2011-06-13 04:35 . 2011-06-13 04:35 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll - 2011-06-08 07:31 . 2011-06-08 07:31 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll - 2011-06-08 07:31 . 2011-06-08 07:31 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll + 2011-06-13 04:34 . 2011-06-13 04:34 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll - 2011-06-08 07:31 . 2011-06-08 07:31 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2011-06-13 04:34 . 2011-06-13 04:34 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2011-06-08 07:31 . 2011-06-08 07:31 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2011-06-13 04:34 . 2011-06-13 04:34 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2011-06-08 07:31 . 2011-06-08 07:31 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2011-06-13 04:34 . 2011-06-13 04:34 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2011-06-08 07:31 . 2011-06-08 07:31 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll + 2011-06-13 04:34 . 2011-06-13 04:34 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll + 2011-06-13 04:34 . 2011-06-13 04:34 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2011-06-08 07:31 . 2011-06-08 07:31 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2011-06-13 04:34 . 2011-06-13 04:34 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2011-06-08 07:31 . 2011-06-08 07:31 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2011-06-13 04:39 . 2011-06-13 04:39 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll - 2011-06-08 07:36 . 2011-06-08 07:36 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll - 2011-06-08 07:36 . 2011-06-08 07:36 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll + 2011-06-13 04:39 . 2011-06-13 04:39 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll + 2011-06-13 04:35 . 2011-06-13 04:35 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll - 2011-06-08 07:31 . 2011-06-08 07:31 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll + 2011-06-13 04:35 . 2011-06-13 04:35 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll - 2011-06-08 07:31 . 2011-06-08 07:31 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll + 2011-06-13 04:39 . 2011-06-13 04:39 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll - 2011-06-08 07:36 . 2011-06-08 07:36 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll - 2011-06-08 07:31 . 2011-06-08 07:31 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2011-06-13 04:34 . 2011-06-13 04:34 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2011-06-13 04:35 . 2011-06-13 04:35 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll - 2011-06-08 07:31 . 2011-06-08 07:31 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll + 2011-06-13 04:35 . 2011-06-13 04:35 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll - 2011-06-08 07:31 . 2011-06-08 07:31 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll + 2011-06-13 04:35 . 2011-06-13 04:35 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll - 2011-06-08 07:31 . 2011-06-08 07:31 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll - 2011-06-08 07:31 . 2011-06-08 07:31 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll + 2011-06-13 04:35 . 2011-06-13 04:35 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll - 2011-06-08 07:31 . 2011-06-08 07:31 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2011-06-13 04:34 . 2011-06-13 04:34 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2011-06-08 07:32 . 2011-06-08 07:32 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2011-06-13 04:35 . 2011-06-13 04:35 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2011-06-13 04:35 . 2011-06-13 04:35 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll - 2011-06-08 07:32 . 2011-06-08 07:32 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2011-06-13 04:35 . 2011-06-13 04:35 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll - 2011-06-08 07:32 . 2011-06-08 07:32 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2011-06-13 04:35 . 2011-06-13 04:35 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll - 2011-06-08 07:32 . 2011-06-08 07:32 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll - 2011-06-08 07:32 . 2011-06-08 07:32 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2011-06-13 04:35 . 2011-06-13 04:35 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2011-06-13 04:35 . 2011-06-13 04:35 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll - 2011-06-08 07:32 . 2011-06-08 07:32 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll - 2011-06-08 07:37 . 2011-06-08 07:37 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll + 2011-06-13 04:39 . 2011-06-13 04:39 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll - 2011-06-08 07:31 . 2011-06-08 07:31 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2011-06-13 04:34 . 2011-06-13 04:34 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2011-06-13 04:35 . 2011-06-13 04:35 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2011-06-08 07:31 . 2011-06-08 07:31 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2011-06-13 04:35 . 2011-06-13 04:35 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll - 2011-06-08 07:31 . 2011-06-08 07:31 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll - 2011-06-08 07:31 . 2011-06-08 07:31 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2011-06-13 04:34 . 2011-06-13 04:34 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2011-06-08 07:31 . 2011-06-08 07:31 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll + 2011-06-13 04:34 . 2011-06-13 04:34 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll - 2011-06-08 07:37 . 2011-06-08 07:37 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll + 2011-06-13 04:39 . 2011-06-13 04:39 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll + 2011-06-13 04:39 . 2011-06-13 04:39 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2011-06-08 07:37 . 2011-06-08 07:37 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2011-06-08 07:37 . 2011-06-08 07:37 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2011-06-13 04:39 . 2011-06-13 04:39 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2011-06-13 04:39 . 2011-06-13 04:39 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2011-06-08 07:37 . 2011-06-08 07:37 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2011-06-08 07:32 . 2011-06-08 07:32 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2011-06-13 04:35 . 2011-06-13 04:35 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2011-06-13 04:35 . 2011-06-13 04:35 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2011-06-08 07:32 . 2011-06-08 07:32 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2011-06-13 04:34 . 2011-06-13 04:34 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2011-06-08 07:31 . 2011-06-08 07:31 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2011-06-13 04:34 . 2011-06-13 04:34 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2011-06-08 07:31 . 2011-06-08 07:31 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2011-06-08 07:36 . 2011-06-08 07:36 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2011-06-13 04:39 . 2011-06-13 04:39 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll - 2011-06-08 07:31 . 2011-06-08 07:31 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2011-06-13 04:35 . 2011-06-13 04:35 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2010-11-25 16:01 . 2010-11-25 16:01 510464 c:\windows\Installer\5ccae.msp + 2011-06-13 05:34 . 2011-06-13 05:34 399360 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\5be9c660364780494bf977b60c4873fc\XamlBuildTask.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 353792 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\87afe24263416769cb144af9cd582c2c\WsatConfig.ni.exe + 2011-06-13 05:34 . 2011-06-13 05:34 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\8fc284e8227966cd2b53dde575a560ca\WindowsFormsIntegration.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5dbaa5605b1c70fc64f0413709f0fd3e\UIAutomationTypes.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\0ceb105fca50f472ec753d820e4aeeda\UIAutomationClient.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e8063e4a016ce5f612047826ce85192d\System.Xml.Linq.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\9cea70e2d0008b1c669381e647fe38b8\System.Windows.Input.Manipulations.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 192512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\fbc7001b7c3cc439df295b189d40de6c\System.Windows.Forms.DataVisualization.Design.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 218624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\a28da3f29a331a1ed80f5665ab2e15de\System.Web.RegularExpressions.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 858112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\1927d954907ecbfc2df4459b0a962707\System.Web.Extensions.Design.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 332288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\5c45d3bf0c403e67603ddae213722ba9\System.Web.Entity.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 296448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\a7af69183096798a7f19b14292c1d3e9\System.Web.Entity.Design.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c4bf15738f0e114041b0b3f3bb7adba2\System.Web.DynamicData.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\3ce1524e8800e3b978bc31a82b1830ba\System.Web.DataVisualization.Design.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\f3f4677f38cae89e4f3da7aef67a8286\System.Transactions.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d20b42d2a1e8b587218255d94cf9d51d\System.ServiceProcess.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 421888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8a17a217531a547573ada931b04ecb2a\System.ServiceModel.Activation.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\63d43147c361a5ea56a438f9c9f405ab\System.ServiceModel.Routing.ni.dll + 2011-06-13 04:36 . 2011-06-13 04:36 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\433e0563cc3bdaed1d5d580a976c5e9e\System.Security.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3e118dc6bd8e3139f8e67e4c3b8743b2\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 767488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\02fefb241c18e9c0fb2d293d279a2cfc\System.Runtime.Remoting.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 239616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\9ff84c48443974b0a002cc6afe14ab7b\System.Runtime.Caching.ni.dll + 2011-06-13 04:35 . 2011-06-13 04:35 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\be40dc77e976b72345841d9b3090addf\System.Numerics.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\632fa87e063c2cd93ca6c974f4083370\System.Net.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\1219fbafa287ea332a64be7b858fce5c\System.Messaging.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\a40d6c00e44903ecd90ed228c684be78\System.Management.Instrumentation.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\03b7ea60ade16ef4e1be509050942005\System.IO.Log.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\c0d6bf93aa2d4ae88198cc74303444f7\System.IdentityModel.Selectors.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\9d0dacabf0328c67bdc5bcde92c8a6a0\System.EnterpriseServices.Wrapper.dll + 2011-06-13 05:30 . 2011-06-13 05:30 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\9d0dacabf0328c67bdc5bcde92c8a6a0\System.EnterpriseServices.ni.dll + 2011-06-13 04:36 . 2011-06-13 04:36 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\ab6b818c24bf13aec8a322e19f2e097e\System.Dynamic.ni.dll + 2011-06-13 04:37 . 2011-06-13 04:37 223744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\129a693945fce76af8b8b215d657b236\System.Drawing.Design.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\ff9eff4b13bf2907808f44072528a058\System.DirectoryServices.Protocols.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\71e1815286162efb41ca0b818562d816\System.DirectoryServices.AccountManagement.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\9db033b3b35d3244138a3d8ecd9463aa\System.Device.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 499712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\eda5558e0298bb8ed40238a09e23b8b9\System.Data.Services.Design.ni.dll + 2011-06-13 05:31 . 2011-06-13 05:31 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\17da63b9c8064159c9171c04f3ee7dbb\System.Data.DataSetExtensions.ni.dll + 2011-06-13 04:36 . 2011-06-13 04:36 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7402f1ee7efe4d136b686df4594355a9\System.Configuration.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\57590739c0280784ea5cc75a0b954f41\System.Configuration.Install.ni.dll + 2011-06-13 04:37 . 2011-06-13 04:37 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\2d2e931b15a2673aae0dd09c3dc4fc00\System.ComponentModel.Composition.ni.dll + 2011-06-13 05:31 . 2011-06-13 05:31 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\05f5ebde5d831cdeff3373cfce7222b2\System.ComponentModel.DataAnnotations.ni.dll + 2011-06-13 05:31 . 2011-06-13 05:31 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\3a1d261bf1c23b8e7a448dcab04862ec\System.AddIn.ni.dll + 2011-06-13 05:31 . 2011-06-13 05:31 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\06112c8e86e63fa5af32514204d9319d\System.Activities.DurableInstancing.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\fe2a7d68ae44b756dff80870742899e5\SMSvcHost.ni.exe + 2011-06-13 05:30 . 2011-06-13 05:30 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4e17631c0f733accb86b9b30547ad408\SMDiagnostics.ni.dll + 2011-06-13 04:37 . 2011-06-13 04:37 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d896455ac820e0a28f0cfe8ae611ab2f\PresentationFramework.Luna.ni.dll + 2011-06-13 04:36 . 2011-06-13 04:37 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\84347cf0d80a63e04e386abf9b34d0e0\PresentationFramework.Royale.ni.dll + 2011-06-13 04:37 . 2011-06-13 04:37 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\43efb9cfeaa447752d2ccb53f2ff0e42\PresentationFramework.Aero.ni.dll + 2011-06-13 04:36 . 2011-06-13 04:36 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2feb56a801c952c6708baa69111b3e1e\PresentationFramework.Classic.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 273920 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\f5e6eae3ab444f9c836282a0ce0d2bc0\MSBuild.ni.exe + 2011-06-13 05:30 . 2011-06-13 05:30 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09d9db7b3925040d94b1a832a7837fec\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\e8ca1bcc246baee865abf9ff069793c0\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 629248 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\e27c398e528894a8fbb43691f74f6cb8\Microsoft.Build.Utilities.v4.0.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 257536 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\e6536fcb645277de4b1c0502370e34ba\Microsoft.Build.Framework.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\a571f51c0f95a3a7e1d6360fb7c3cddc\Microsoft.Build.Conversion.v4.0.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e8379e6b1e0dca52e26b1159ed6b7348\CustomMarshalers.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 471040 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\096211f2aba8e228d56da113dd3fd914\ComSvcConfig.ni.exe + 2011-06-13 05:29 . 2011-06-13 05:29 842752 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\2bdbec4b8b9a93dd6cf0231a2ff4b1fb\AspNetMMCExt.ni.dll + 2010-09-22 12:55 . 2010-09-22 12:55 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll - 2010-03-18 23:47 . 2010-03-18 23:47 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll + 2010-09-22 12:55 . 2010-09-22 12:55 5176144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll + 2011-02-10 11:10 . 2011-02-10 11:10 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll - 2010-03-18 20:16 . 2010-03-18 20:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll + 2011-02-10 11:10 . 2011-02-10 11:10 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll + 2011-02-10 11:10 . 2011-02-10 11:10 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll + 2011-06-13 04:35 . 2011-06-13 04:35 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll - 2011-06-08 07:32 . 2011-06-08 07:32 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll - 2011-06-08 07:31 . 2011-06-08 07:31 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll + 2011-06-13 04:34 . 2011-06-13 04:34 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll - 2011-06-08 07:31 . 2011-06-08 07:31 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2011-06-13 04:35 . 2011-06-13 04:35 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll - 2011-06-08 07:37 . 2011-06-08 07:37 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll + 2011-06-13 04:39 . 2011-06-13 04:39 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll - 2011-06-08 07:37 . 2011-06-08 07:37 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll + 2011-06-13 04:39 . 2011-06-13 04:39 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll + 2011-06-13 04:34 . 2011-06-13 04:34 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2011-06-08 07:31 . 2011-06-08 07:31 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2011-06-08 07:31 . 2011-06-08 07:31 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll + 2011-06-13 04:34 . 2011-06-13 04:34 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll - 2011-06-08 07:37 . 2011-06-08 07:37 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll + 2011-06-13 04:39 . 2011-06-13 04:39 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll + 2011-06-13 04:39 . 2011-06-13 04:39 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll - 2011-06-08 07:36 . 2011-06-08 07:36 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll - 2011-06-08 07:31 . 2011-06-08 07:31 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2011-06-13 04:35 . 2011-06-13 04:35 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll - 2011-06-08 07:31 . 2011-06-08 07:31 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll + 2011-06-13 04:35 . 2011-06-13 04:35 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll + 2011-06-13 04:39 . 2011-06-13 04:39 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2011-06-08 07:36 . 2011-06-08 07:36 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2011-06-08 07:31 . 2011-06-08 07:31 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll + 2011-06-13 04:35 . 2011-06-13 04:35 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll - 2011-06-08 07:31 . 2011-06-08 07:31 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll + 2011-06-13 04:35 . 2011-06-13 04:35 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll - 2011-06-08 07:31 . 2011-06-08 07:31 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll + 2011-06-13 04:35 . 2011-06-13 04:35 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll - 2011-06-08 07:31 . 2011-06-08 07:31 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll + 2011-06-13 04:35 . 2011-06-13 04:35 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll - 2011-06-08 07:32 . 2011-06-08 07:32 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2011-06-13 04:35 . 2011-06-13 04:35 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2011-06-13 04:39 . 2011-06-13 04:39 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll - 2011-06-08 07:37 . 2011-06-08 07:37 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll - 2011-06-08 07:37 . 2011-06-08 07:37 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll + 2011-06-13 04:39 . 2011-06-13 04:39 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll + 2011-06-13 04:39 . 2011-06-13 04:39 5176144 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2011-06-08 07:31 . 2011-06-08 07:31 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2011-06-13 04:34 . 2011-06-13 04:34 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2011-06-13 04:35 . 2011-06-13 04:35 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2011-06-08 07:32 . 2011-06-08 07:32 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2011-06-13 04:34 . 2011-06-13 04:34 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2011-06-08 07:31 . 2011-06-08 07:31 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2011-06-08 07:31 . 2011-06-08 07:31 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2011-06-13 04:35 . 2011-06-13 04:35 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2010-09-22 22:02 . 2010-09-22 22:02 4076032 c:\windows\Installer\5ccb5.msp + 2011-06-13 04:36 . 2011-06-13 04:36 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\bbd0d0d6986a0409d0344ffecc79dc22\WindowsBase.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\893f3289dc3e7ab4549da1039a5a2309\UIAutomationClientsideProviders.ni.dll + 2011-06-13 04:36 . 2011-06-13 04:36 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\543000b97e61a5d0857ac6af534e676c\System.ni.dll + 2011-06-13 04:36 . 2011-06-13 04:36 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\8baad7c480f1dde84931a844f8c0a465\System.Xml.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9d29e808bc35766f1c1a6dbeb67c015a\System.Xaml.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 1203712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\2a22864526735f955c34a2fa52ad60fe\System.WorkflowServices.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 1956352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\744be886d42faca38d9c8c8177208056\System.Workflow.Runtime.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 4428800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\e5f5f624b6133ef22120b5dadb4b5b8d\System.Workflow.ComponentModel.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 2839552 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\39ec8bb510315d686e5e76c3c9ce653d\System.Workflow.Activities.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\3181199e69c30e53abe95493600605b2\System.Windows.Forms.DataVisualization.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1864704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9bdebcd8d38e9d4bdff5d894677ae7e4\System.Web.Services.ni.dll + 2011-06-13 05:34 . 2011-06-13 05:34 2324992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\4f3854dba03e50e6738a9b976b8565a8\System.Web.Mobile.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 3079168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\00dfdebe6c0249e871e8ba9f8406e1a7\System.Web.Extensions.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 4429312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\135195c100b5270645bbb17aca88e946\System.Web.DataVisualization.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\ec3ecec0502f1821f59f116d65505e1a\System.Speech.ni.dll + 2011-06-13 05:32 . 2011-06-13 05:32 1046528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6c632ad8cd98fd9040be929dcd492c15\System.ServiceModel.Web.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6a3b75723d70cfd7a0ce55deeca72994\System.ServiceModel.Discovery.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1ea1e55f1d99243446eb5e1422472da7\System.ServiceModel.Activities.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\59bb50b7cded20c8ac981442bd0aaa79\System.Runtime.Serialization.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e702d05dee88315b4371d4af77beef14\System.Runtime.DurableInstancing.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1296ce57bf719ccbca5678780f2a1651\System.Printing.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\6407a29e082d0aa4f118ca86b5266d37\System.Management.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a457cfdbb3d7d9b4d77787c7081ad9a1\System.IdentityModel.ni.dll + 2011-06-13 04:36 . 2011-06-13 04:36 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b06f6be1a84e07f2cf7958da9c1af409\System.Drawing.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\d592154127b090529a5200ea3955e246\System.DirectoryServices.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\560461d5799ebabcde2d9dfc745b0c6a\System.Deployment.ni.dll + 2011-06-13 04:37 . 2011-06-13 04:37 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\3c2804ec1e22d048b9fe053a90672189\System.Data.ni.dll + 2011-06-13 04:36 . 2011-06-13 04:36 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\b9a983c667c3ff1e1fcf8120266f62fa\System.Data.SqlXml.ni.dll + 2011-06-13 05:32 . 2011-06-13 05:32 2008576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\b36502e010b4c693d51bd9f7d66843ce\System.Data.Services.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\73c24f4149a48ab1d77792b376d83f07\System.Data.Services.Client.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1183744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\aec14ef159ff856b50ab8e47d7fed0a2\System.Data.OracleClient.ni.dll + 2011-06-13 04:37 . 2011-06-13 04:37 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\967b4093383d27934a962fbc8b50a9a7\System.Data.Linq.ni.dll + 2011-06-13 05:32 . 2011-06-13 05:32 1398272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\efd45ac6aa42e8026d0b27840e4b4bb7\System.Data.Entity.Design.ni.dll + 2011-06-13 04:36 . 2011-06-13 04:36 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\62ffa024e20a305ef5c8119d57577a24\System.Core.ni.dll + 2011-06-13 05:31 . 2011-06-13 05:31 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\1534957f29d87890a8f83db0bb22bacd\System.Activities.ni.dll + 2011-06-13 05:31 . 2011-06-13 05:31 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\6738626185c9ca23f4822a5844c70f9c\System.Activities.Presentation.ni.dll + 2011-06-13 05:31 . 2011-06-13 05:31 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\7dbeb708492a556cdab0c9ed094ec12f\System.Activities.Core.Presentation.ni.dll + 2011-06-13 05:31 . 2011-06-13 05:31 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\693e38d8e731f6e05f03c5e9060b6770\ReachFramework.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\fcc8d07ee8e6d9a040f949e2f6179d06\PresentationUI.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1467904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\64e4a5cc51ade2fd6f323de0b7d100b5\PresentationBuildTasks.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1133056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\eaf20bfcba1ee9c38deef1fdc84037e3\Microsoft.VisualBasic.Compatibility.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\67ee94329b727ec7399d0ad802501c1a\Microsoft.VisualBasic.Activities.Compiler.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\3c5cdbca91aeac35c8e9d66bf95997fc\Microsoft.VisualBasic.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\c107e40649746b1e2decadc8a01a6cf0\Microsoft.Transactions.Bridge.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\ff9cbdbc1b59db080abb264ba29d8ae9\Microsoft.JScript.ni.dll + 2011-06-13 04:37 . 2011-06-13 04:37 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\6115d4bc5f88ad22b84820392c1174b9\Microsoft.CSharp.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 4226560 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\c27a18cd07386c66502524520877522f\Microsoft.Build.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 2850816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\dcd2b420f5e5c7995610dabf5118398e\Microsoft.Build.Tasks.v4.0.ni.dll + 2011-06-13 05:29 . 2011-06-13 05:29 1914368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\290a5d6bcbb36e2d462e0bf92e619063\Microsoft.Build.Engine.ni.dll + 2011-02-11 15:43 . 2011-02-11 15:43 10951168 c:\windows\Installer\5cca9.msp + 2011-06-13 04:36 . 2011-06-13 04:36 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\631b850609a41144d4ccfb43e813fa88\System.Windows.Forms.ni.dll + 2011-06-13 05:30 . 2011-06-13 05:30 11917312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\3cd3e66b6e56dbfb2c49603fe0eb82a4\System.Web.ni.dll + 2011-06-13 05:33 . 2011-06-13 05:33 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3e3b71313fa512912c51799a47273a9c\System.ServiceModel.ni.dll + 2011-06-13 04:40 . 2011-06-13 04:40 10847744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\c1c421040c003e14f17666788291d701\System.Design.ni.dll + 2011-06-13 05:32 . 2011-06-13 05:32 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\72bad6f7cb443179bbc04de77093bda0\System.Data.Entity.ni.dll + 2011-06-13 04:37 . 2011-06-13 04:37 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\127e76052e5777c12399916d06d4820d\PresentationFramework.ni.dll + 2011-06-13 04:37 . 2011-06-13 04:37 11058176 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\82125395225360a2a0512f856aa84936\PresentationCore.ni.dll + 2011-06-13 04:35 . 2011-06-13 04:35 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\efc49e47517e3d16bab15796b3af4ac6\mscorlib.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 20:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] .
  13. jotaro123
    Only website i had open is this forum page, and a youtube video. I searched up the virus, and multiple sources said its a fake antispyware that is downloaded from other viruses. Im guessing i have other viruses then, but i cant find them. (i used another computer to search this up). Thank you for your help, really helpful LOG--- ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6526 # api_version=3.0.2 # EOSSerial=25cc1a97235f0c4a8269aaec09f9307e # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-14 12:37:47 # local_time=2011-06-13 05:37:47 (-0800, Pacific Daylight Time) # country="Zimbabwe" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=164005 # found=10 # cleaned=10 # scan_time=5945 C:\Documents and Settings\Jackson\Application Data\Sun\Java\Deployment\cache\6.0\1\532f4a01-3ab4584b Java/Agent.CK trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Jackson\My Documents\Downloads\HSS-1.57-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\NetworkService\Local Settings\Application Data\hepgeqrh.exe Win32/Adware.SecurityShield.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Jackson\Application Data\62C11AAD5B4C449A467CFCA574FCEBFC\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP31\A0019469.exe a variant of Win32/Kryptik.OLQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP31\A0019474.exe a variant of Win32/Kryptik.OLQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP40\A0032318.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP42\A0040751.DLL a variant of Win32/TrojanProxy.Agent.NHB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP42\A0040795.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP46\A0047908.exe Win32/Adware.SecurityShield.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  14. jotaro123
    Just been attacked by a fake antivirus, but stopped it and deleted it using Mbytes. Just thought to include this. happened around 10 min ago.
  15. jotaro123
    ComboFix 11-06-11.01 - Jackson 06/12/2011 14:53:12.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2711 [GMT -7:00] Running from: c:\documents and settings\Jackson\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Jackson\Desktop\CFScript.txt . . ((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 ))))))))))))))))))))))))))))))) . . 2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm 2011-06-10 14:55 . 2011-06-10 14:55 -------- d-----w- c:\program files\Siber Systems 2011-06-10 14:52 . 2011-06-10 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff 2011-06-10 14:40 . 2011-06-10 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SwagHack_Galaxy_Edition_3 2011-06-10 04:52 . 2011-06-10 04:52 -------- d--h--w- c:\windows\PIF 2011-06-08 07:30 . 2011-06-08 07:30 -------- d-----w- c:\program files\Microsoft.NET 2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- C:\Hotspot Shield 2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- c:\program files\Hotspot Shield 2011-06-08 03:44 . 2011-06-08 03:44 388096 ----a-r- c:\documents and settings\Jackson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-08 03:44 . 2011-06-08 03:44 -------- d-----w- c:\program files\Trend Micro 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\Jackson\Application Data\Malwarebytes 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-06-07 14:22 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-07 14:22 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-07 05:45 . 2011-06-07 05:45 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-07 05:43 . 2011-06-07 05:43 -------- d-----w- c:\program files\OpenAL 2011-06-07 05:02 . 2011-06-07 05:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-06-04 22:22 . 2011-06-07 05:44 -------- d-----w- c:\program files\AutoHotkey 2011-06-04 22:22 . 2011-06-04 22:22 -------- d-----w- c:\windows\ShellNew 2011-06-04 01:09 . 2011-06-04 01:09 -------- d-----w- c:\program files\Common Files\xing shared 2011-06-04 01:08 . 2011-06-04 01:09 -------- d-----w- c:\program files\Real 2011-06-04 00:58 . 2011-06-04 00:59 -------- d-----w- c:\documents and settings\Jackson\dwhelper 2011-06-03 22:20 . 2011-06-03 22:20 -------- d-----w- C:\AeriaGames 2011-06-03 06:22 . 2011-06-07 22:58 -------- d-----w- c:\program files\Common Files\Akamai 2011-06-01 22:23 . 2011-06-01 22:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-06-01 22:23 . 2011-06-01 22:23 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-06-01 14:29 . 2011-06-07 05:44 -------- d-----w- C:\Gamigo 2011-05-29 22:03 . 2011-05-30 19:57 -------- d-----w- c:\program files\Bounty Bay Online 2011-05-29 02:13 . 2011-05-29 02:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Wicked_Interactive_LTD 2011-05-29 02:02 . 2011-06-04 06:27 -------- d-----w- c:\program files\SubaGames 2011-05-28 22:06 . 2011-05-28 22:07 -------- d-----w- c:\documents and settings\Jackson\Application Data\VMK Pal 2011-05-24 03:21 . 2011-05-24 03:21 -------- d-----w- c:\windows\Sun 2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\program files\Flip Video 2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video 2011-05-24 02:34 . 2011-05-24 02:34 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\WMTools Downloaded Files 2011-05-21 16:25 . 2011-05-26 23:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-21 00:33 . 2011-05-21 00:33 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Mozilla 2011-05-20 06:18 . 2011-05-20 06:42 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Panda3D 2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\Common Files\SourceTec 2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\SourceTec 2011-05-15 21:29 . 2011-05-15 21:29 -------- d-----w- c:\documents and settings\Jackson\Application Data\Need for Speed World . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-04 01:08 . 2011-04-30 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-04 01:08 . 2011-04-30 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-04 06:17 . 2011-05-04 06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-04 06:17 . 2011-05-04 06:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-30 22:38 . 2011-04-30 22:38 315392 ----a-w- c:\windows\HideWin.exe 2011-04-14 16:26 . 2011-05-21 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-06-12_20.29.02 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-12 22:05 . 2011-06-12 22:05 16384 c:\windows\temp\Perflib_Perfdata_710.dat + 2008-04-14 12:00 . 2011-06-12 21:54 84056 c:\windows\system32\perfc009.dat - 2008-04-14 12:00 . 2011-06-12 20:18 84056 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2011-06-12 21:54 493678 c:\windows\system32\perfh009.dat - 2008-04-14 12:00 . 2011-06-12 20:18 493678 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424] "NVHotkey"="nvHotkey.dll" [2011-01-08 178792] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664] "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-04 273544] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Outspark\\Project Powder\\Run.exe"= "c:\\Program Files\\REACTOR\\REACTOR.exe"= "c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"= "c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"= "c:\\Gamigo\\Elements of War Online\\EoW.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56371:TCP"= 56371:TCP:Pando Media Booster "56371:UDP"= 56371:UDP:Pando Media Booster "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1033:TCP"= 1033:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "11991:TCP"= 11991:TCP:spport . R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [6/2/2011 4:18 PM 298824] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?] S0 cerc6;cerc6; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/7/2011 7:22 AM 22712] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 7:22 AM 366640] . Contents of the 'Scheduled Tasks' folder . 2011-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-630328440-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-630328440-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110604&user_guid=863D2E0C45764343A16FCD5A5AB41DF5&machine_id=251e485a5ee5eb2be0f18c709b75a6dd&browser=FF&os=win&os_version=5.1-x86-SP3&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-12 15:05 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1672) c:\windows\system32\WININET.dll c:\windows\System32\BCMLogon.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll . - - - - - - - > 'lsass.exe'(1732) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2804) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Flip Video\FlipShare\FlipShareService.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Hotspot Shield\bin\hsswd.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\windows\RTHDCPL.EXE c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\HidFind.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\DellTPad\Apntex.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-06-12 15:11:23 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-12 22:11 ComboFix2.txt 2011-06-12 20:34 . Pre-Run: 191,229,960,192 bytes free Post-Run: 191,445,557,248 bytes free . - - End Of File - - F80DBDC23B17BD590D486AA86C0F2EB5 ---------------------------------------------------- Problems as of now: --------------------------------------------------- Svchost.exe (system)-taking up cpu a internet speed. Redirection still occurs.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.