Jump to content

Recommended Posts

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix.

AVG > AVG Removal Tool (x86) - AVG Removal Tool (x64)

AVG Identity Protection > AVGIDPUninstaller

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Ok, I got combofix running and finished.

Noticed computer problems as of at this moment:

-Svchost.exe SYSTEM is taking CPU Still, and slowing internet speed down. (when i end this process, the windows seem to go to the classic mode, where everything is grey/white, and square. (not curved)

Combofix Log:

ComboFix 11-06-11.01 - Jackson 06/12/2011 13:15:53.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2715 [GMT -7:00]

Running from: c:\documents and settings\Jackson\My Documents\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\Jackson\Application Data\62C11AAD5B4C449A467CFCA574FCEBFC

c:\documents and settings\Jackson\Application Data\62C11AAD5B4C449A467CFCA574FCEBFC\enemies-names.txt

c:\documents and settings\Jackson\Templates\734ic5kl480kc2nvg31

c:\documents and settings\Jackson\Templates\k53phh05m63xl61w50p78u3805prg

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ITLPERF

-------\Service_itlperf

.

.

((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))

.

.

2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2011-06-10 14:55 . 2011-06-10 14:55 -------- d-----w- c:\program files\Siber Systems

2011-06-10 14:52 . 2011-06-10 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff

2011-06-10 14:40 . 2011-06-10 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SwagHack_Galaxy_Edition_3

2011-06-10 04:52 . 2011-06-10 04:52 -------- d--h--w- c:\windows\PIF

2011-06-08 07:30 . 2011-06-08 07:30 -------- d-----w- c:\program files\Microsoft.NET

2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- C:\Hotspot Shield

2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- c:\program files\Hotspot Shield

2011-06-08 03:44 . 2011-06-08 03:44 388096 ----a-r- c:\documents and settings\Jackson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-08 03:44 . 2011-06-08 03:44 -------- d-----w- c:\program files\Trend Micro

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\Jackson\Application Data\Malwarebytes

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-07 14:22 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-07 14:22 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-07 05:45 . 2011-06-07 05:45 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-07 05:43 . 2011-06-07 05:43 -------- d-----w- c:\program files\OpenAL

2011-06-07 05:02 . 2011-06-07 05:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-06-04 22:22 . 2011-06-07 05:44 -------- d-----w- c:\program files\AutoHotkey

2011-06-04 22:22 . 2011-06-04 22:22 -------- d-----w- c:\windows\ShellNew

2011-06-04 01:09 . 2011-06-04 01:09 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-04 01:08 . 2011-06-04 01:09 -------- d-----w- c:\program files\Real

2011-06-04 00:58 . 2011-06-04 00:59 -------- d-----w- c:\documents and settings\Jackson\dwhelper

2011-06-03 22:20 . 2011-06-03 22:20 -------- d-----w- C:\AeriaGames

2011-06-03 06:22 . 2011-06-07 22:58 -------- d-----w- c:\program files\Common Files\Akamai

2011-06-01 22:23 . 2011-06-01 22:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-01 22:23 . 2011-06-01 22:23 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-01 14:29 . 2011-06-07 05:44 -------- d-----w- C:\Gamigo

2011-05-29 22:03 . 2011-05-30 19:57 -------- d-----w- c:\program files\Bounty Bay Online

2011-05-29 02:13 . 2011-05-29 02:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Wicked_Interactive_LTD

2011-05-29 02:02 . 2011-06-04 06:27 -------- d-----w- c:\program files\SubaGames

2011-05-28 22:06 . 2011-05-28 22:07 -------- d-----w- c:\documents and settings\Jackson\Application Data\VMK Pal

2011-05-24 03:21 . 2011-05-24 03:21 -------- d-----w- c:\windows\Sun

2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\program files\Flip Video

2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video

2011-05-24 02:34 . 2011-05-24 02:34 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\WMTools Downloaded Files

2011-05-21 16:25 . 2011-05-26 23:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-21 00:33 . 2011-05-21 00:33 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Mozilla

2011-05-20 06:18 . 2011-05-20 06:42 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Panda3D

2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\Common Files\SourceTec

2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\SourceTec

2011-05-15 21:29 . 2011-05-15 21:29 -------- d-----w- c:\documents and settings\Jackson\Application Data\Need for Speed World

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-04 01:08 . 2011-04-30 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-06-04 01:08 . 2011-04-30 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-04 06:17 . 2011-05-04 06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-04 06:17 . 2011-05-04 06:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-30 22:38 . 2011-04-30 22:38 315392 ----a-w- c:\windows\HideWin.exe

2011-04-14 16:26 . 2011-05-21 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]

"NVHotkey"="nvHotkey.dll" [2011-01-08 178792]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]

"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-04 273544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Outspark\\Project Powder\\Run.exe"=

"c:\\Program Files\\REACTOR\\REACTOR.exe"=

"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=

"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"c:\\Gamigo\\Elements of War Online\\EoW.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56371:TCP"= 56371:TCP:Pando Media Booster

"56371:UDP"= 56371:UDP:Pando Media Booster

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1033:TCP"= 1033:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"11991:TCP"= 11991:TCP:spport

.

R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [6/2/2011 4:18 PM 298824]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/7/2011 7:22 AM 22712]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 7:22 AM 366640]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-630328440-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-630328440-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110604&user_guid=863D2E0C45764343A16FCD5A5AB41DF5&machine_id=251e485a5ee5eb2be0f18c709b75a6dd&browser=FF&os=win&os_version=5.1-x86-SP3&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57717

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)

Notify-itlntfy - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-12 13:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1672)

c:\windows\system32\WININET.dll

c:\windows\System32\BCMLogon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

.

- - - - - - - > 'lsass.exe'(1732)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(3696)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Flip Video\FlipShare\FlipShareService.exe

c:\program files\Hotspot Shield\HssWPR\hsssrv.exe

c:\program files\Hotspot Shield\bin\hsswd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\DellTPad\Apntex.exe

.

**************************************************************************

.

Completion time: 2011-06-12 13:34:29 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-12 20:34

.

Pre-Run: 191,389,274,112 bytes free

Post-Run: 191,484,121,088 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 52D952A43CA80B8CA8DB074C5C22EC55

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FireFox::
FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57717
FF - prefs.js: network.proxy.type - 0

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-06-11.01 - Jackson 06/12/2011 14:53:12.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2711 [GMT -7:00]

Running from: c:\documents and settings\Jackson\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Jackson\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))

.

.

2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2011-06-10 14:55 . 2011-06-10 14:55 -------- d-----w- c:\program files\Siber Systems

2011-06-10 14:52 . 2011-06-10 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff

2011-06-10 14:40 . 2011-06-10 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SwagHack_Galaxy_Edition_3

2011-06-10 04:52 . 2011-06-10 04:52 -------- d--h--w- c:\windows\PIF

2011-06-08 07:30 . 2011-06-08 07:30 -------- d-----w- c:\program files\Microsoft.NET

2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- C:\Hotspot Shield

2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- c:\program files\Hotspot Shield

2011-06-08 03:44 . 2011-06-08 03:44 388096 ----a-r- c:\documents and settings\Jackson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-08 03:44 . 2011-06-08 03:44 -------- d-----w- c:\program files\Trend Micro

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\Jackson\Application Data\Malwarebytes

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-07 14:22 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-07 14:22 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-07 05:45 . 2011-06-07 05:45 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-07 05:43 . 2011-06-07 05:43 -------- d-----w- c:\program files\OpenAL

2011-06-07 05:02 . 2011-06-07 05:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-06-04 22:22 . 2011-06-07 05:44 -------- d-----w- c:\program files\AutoHotkey

2011-06-04 22:22 . 2011-06-04 22:22 -------- d-----w- c:\windows\ShellNew

2011-06-04 01:09 . 2011-06-04 01:09 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-04 01:08 . 2011-06-04 01:09 -------- d-----w- c:\program files\Real

2011-06-04 00:58 . 2011-06-04 00:59 -------- d-----w- c:\documents and settings\Jackson\dwhelper

2011-06-03 22:20 . 2011-06-03 22:20 -------- d-----w- C:\AeriaGames

2011-06-03 06:22 . 2011-06-07 22:58 -------- d-----w- c:\program files\Common Files\Akamai

2011-06-01 22:23 . 2011-06-01 22:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-01 22:23 . 2011-06-01 22:23 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-01 14:29 . 2011-06-07 05:44 -------- d-----w- C:\Gamigo

2011-05-29 22:03 . 2011-05-30 19:57 -------- d-----w- c:\program files\Bounty Bay Online

2011-05-29 02:13 . 2011-05-29 02:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Wicked_Interactive_LTD

2011-05-29 02:02 . 2011-06-04 06:27 -------- d-----w- c:\program files\SubaGames

2011-05-28 22:06 . 2011-05-28 22:07 -------- d-----w- c:\documents and settings\Jackson\Application Data\VMK Pal

2011-05-24 03:21 . 2011-05-24 03:21 -------- d-----w- c:\windows\Sun

2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\program files\Flip Video

2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video

2011-05-24 02:34 . 2011-05-24 02:34 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\WMTools Downloaded Files

2011-05-21 16:25 . 2011-05-26 23:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-21 00:33 . 2011-05-21 00:33 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Mozilla

2011-05-20 06:18 . 2011-05-20 06:42 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Panda3D

2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\Common Files\SourceTec

2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\SourceTec

2011-05-15 21:29 . 2011-05-15 21:29 -------- d-----w- c:\documents and settings\Jackson\Application Data\Need for Speed World

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-04 01:08 . 2011-04-30 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-06-04 01:08 . 2011-04-30 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-04 06:17 . 2011-05-04 06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-04 06:17 . 2011-05-04 06:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-30 22:38 . 2011-04-30 22:38 315392 ----a-w- c:\windows\HideWin.exe

2011-04-14 16:26 . 2011-05-21 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-12_20.29.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-12 22:05 . 2011-06-12 22:05 16384 c:\windows\temp\Perflib_Perfdata_710.dat

+ 2008-04-14 12:00 . 2011-06-12 21:54 84056 c:\windows\system32\perfc009.dat

- 2008-04-14 12:00 . 2011-06-12 20:18 84056 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2011-06-12 21:54 493678 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2011-06-12 20:18 493678 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]

"NVHotkey"="nvHotkey.dll" [2011-01-08 178792]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]

"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-04 273544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Outspark\\Project Powder\\Run.exe"=

"c:\\Program Files\\REACTOR\\REACTOR.exe"=

"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=

"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"c:\\Gamigo\\Elements of War Online\\EoW.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56371:TCP"= 56371:TCP:Pando Media Booster

"56371:UDP"= 56371:UDP:Pando Media Booster

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1033:TCP"= 1033:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"11991:TCP"= 11991:TCP:spport

.

R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [6/2/2011 4:18 PM 298824]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/7/2011 7:22 AM 22712]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 7:22 AM 366640]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-630328440-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-630328440-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110604&user_guid=863D2E0C45764343A16FCD5A5AB41DF5&machine_id=251e485a5ee5eb2be0f18c709b75a6dd&browser=FF&os=win&os_version=5.1-x86-SP3&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-12 15:05

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1672)

c:\windows\system32\WININET.dll

c:\windows\System32\BCMLogon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

.

- - - - - - - > 'lsass.exe'(1732)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(2804)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Flip Video\FlipShare\FlipShareService.exe

c:\program files\Hotspot Shield\HssWPR\hsssrv.exe

c:\program files\Hotspot Shield\bin\hsswd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\windows\RTHDCPL.EXE

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\DellTPad\Apntex.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-06-12 15:11:23 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-12 22:11

ComboFix2.txt 2011-06-12 20:34

.

Pre-Run: 191,229,960,192 bytes free

Post-Run: 191,445,557,248 bytes free

.

- - End Of File - - F80DBDC23B17BD590D486AA86C0F2EB5

----------------------------------------------------

Problems as of now:

---------------------------------------------------

Svchost.exe (system)-taking up cpu a internet speed.

Redirection still occurs.

Link to post
Share on other sites

Just been attacked by a fake antivirus, but stopped it and deleted it using Mbytes. Just thought to include this.

happened around 10 min ago.

Did you have other websites open?

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Only website i had open is this forum page, and a youtube video. I searched up the virus, and multiple sources said its a fake antispyware that is downloaded from other viruses. Im guessing i have other viruses then, but i cant find them. (i used another computer to search this up).

Thank you for your help, really helpful :)

LOG---

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6526

# api_version=3.0.2

# EOSSerial=25cc1a97235f0c4a8269aaec09f9307e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-14 12:37:47

# local_time=2011-06-13 05:37:47 (-0800, Pacific Daylight Time)

# country="Zimbabwe"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=164005

# found=10

# cleaned=10

# scan_time=5945

C:\Documents and Settings\Jackson\Application Data\Sun\Java\Deployment\cache\6.0\1\532f4a01-3ab4584b Java/Agent.CK trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Jackson\My Documents\Downloads\HSS-1.57-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Local Settings\Application Data\hepgeqrh.exe Win32/Adware.SecurityShield.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Jackson\Application Data\62C11AAD5B4C449A467CFCA574FCEBFC\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP31\A0019469.exe a variant of Win32/Kryptik.OLQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP31\A0019474.exe a variant of Win32/Kryptik.OLQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP40\A0032318.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP42\A0040751.DLL a variant of Win32/TrojanProxy.Agent.NHB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP42\A0040795.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{892A73B3-99E4-4F0E-B621-420C780E82D5}\RP46\A0047908.exe Win32/Adware.SecurityShield.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FireFox::
FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-06-13.02 - Jackson 06/13/2011 21:34:44.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2686 [GMT -7:00]

Running from: c:\documents and settings\Jackson\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Jackson\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Jackson\Application Data\PriceGong

c:\documents and settings\Jackson\Application Data\PriceGong\Data\mru.xml

.

.

((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))

.

.

2011-06-13 22:52 . 2011-06-13 22:52 -------- d-----w- c:\program files\ESET

2011-06-13 22:33 . 2011-06-13 22:33 -------- d-----w- c:\program files\EXordium Team

2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Conduit

2011-06-12 23:18 . 2011-06-12 23:18 -------- d-----w- c:\program files\Conduit

2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\uTorrentBar

2011-06-12 23:13 . 2011-06-12 23:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\temp

2011-06-12 23:12 . 2011-06-12 23:12 -------- d-----w- c:\program files\uTorrent

2011-06-12 23:12 . 2011-06-13 22:28 -------- d-----w- c:\documents and settings\Jackson\Application Data\uTorrent

2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2011-06-10 14:55 . 2011-06-10 14:55 -------- d-----w- c:\program files\Siber Systems

2011-06-10 14:52 . 2011-06-10 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff

2011-06-10 14:40 . 2011-06-10 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SwagHack_Galaxy_Edition_3

2011-06-10 04:52 . 2011-06-10 04:52 -------- d--h--w- c:\windows\PIF

2011-06-08 07:30 . 2011-06-08 07:30 -------- d-----w- c:\program files\Microsoft.NET

2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- C:\Hotspot Shield

2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- c:\program files\Hotspot Shield

2011-06-08 03:44 . 2011-06-08 03:44 388096 ----a-r- c:\documents and settings\Jackson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-08 03:44 . 2011-06-08 03:44 -------- d-----w- c:\program files\Trend Micro

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\Jackson\Application Data\Malwarebytes

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-07 14:22 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-07 14:22 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-07 05:45 . 2011-06-07 05:45 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-07 05:43 . 2011-06-07 05:43 -------- d-----w- c:\program files\OpenAL

2011-06-07 05:02 . 2011-06-07 05:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-06-04 22:22 . 2011-06-07 05:44 -------- d-----w- c:\program files\AutoHotkey

2011-06-04 22:22 . 2011-06-04 22:22 -------- d-----w- c:\windows\ShellNew

2011-06-04 01:09 . 2011-06-04 01:09 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-04 01:08 . 2011-06-04 01:09 -------- d-----w- c:\program files\Real

2011-06-04 00:58 . 2011-06-04 00:59 -------- d-----w- c:\documents and settings\Jackson\dwhelper

2011-06-03 22:20 . 2011-06-03 22:20 -------- d-----w- C:\AeriaGames

2011-06-03 06:22 . 2011-06-07 22:58 -------- d-----w- c:\program files\Common Files\Akamai

2011-06-01 22:23 . 2011-06-01 22:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-01 22:23 . 2011-06-01 22:23 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-01 14:29 . 2011-06-07 05:44 -------- d-----w- C:\Gamigo

2011-05-29 22:03 . 2011-05-30 19:57 -------- d-----w- c:\program files\Bounty Bay Online

2011-05-29 02:13 . 2011-05-29 02:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Wicked_Interactive_LTD

2011-05-29 02:02 . 2011-06-04 06:27 -------- d-----w- c:\program files\SubaGames

2011-05-28 22:06 . 2011-05-28 22:07 -------- d-----w- c:\documents and settings\Jackson\Application Data\VMK Pal

2011-05-24 03:21 . 2011-05-24 03:21 -------- d-----w- c:\windows\Sun

2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\program files\Flip Video

2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video

2011-05-24 02:34 . 2011-05-24 02:34 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\WMTools Downloaded Files

2011-05-21 16:25 . 2011-05-26 23:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-21 00:33 . 2011-05-21 00:33 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Mozilla

2011-05-20 06:18 . 2011-05-20 06:42 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Panda3D

2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\Common Files\SourceTec

2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\SourceTec

2011-05-15 21:29 . 2011-05-15 21:29 -------- d-----w- c:\documents and settings\Jackson\Application Data\Need for Speed World

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-04 01:08 . 2011-04-30 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-06-04 01:08 . 2011-04-30 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-04 06:17 . 2011-05-04 06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-04 06:17 . 2011-05-04 06:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-30 22:38 . 2011-04-30 22:38 315392 ----a-w- c:\windows\HideWin.exe

2011-04-14 16:26 . 2011-05-21 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-12_20.29.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-13 04:39 . 2011-06-13 04:39 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe

- 2011-06-08 07:37 . 2011-06-08 07:37 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe

+ 2011-06-14 04:49 . 2011-06-14 04:49 16384 c:\windows\temp\Perflib_Perfdata_550.dat

+ 2008-04-14 12:00 . 2011-06-14 04:36 77366 c:\windows\system32\perfc009.dat

+ 2011-04-30 18:07 . 2011-06-13 14:47 53029 c:\windows\system32\nvModes.dat

- 2011-04-30 18:07 . 2011-06-10 15:30 53029 c:\windows\system32\nvModes.dat

- 2010-03-18 20:16 . 2010-03-18 20:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll

+ 2011-02-10 11:10 . 2011-02-10 11:10 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe

+ 2011-06-13 04:39 . 2011-06-13 04:39 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe

+ 2011-06-13 04:34 . 2011-06-13 04:34 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-06-08 07:31 . 2011-06-08 07:31 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-06-08 07:36 . 2011-06-08 07:36 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\d5041fb072aaf67ac45360a47e23f034\UIAutomationProvider.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\d1a8b9a40ba87da3ea0c2c91ff51e47d\System.Xaml.Hosting.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\cc3e76326ee0e01ca86f8bb4456591c2\System.Windows.Presentation.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\8a8f45f8da85ed5b12b5f9278f77698b\System.Web.Routing.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\8cd8a9c440d0bc26f067ff2e52847987\System.Web.DynamicData.Design.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\81e1e3056d0c52027becb2f41ad9485d\System.Web.ApplicationServices.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\28dc31cd52a08c6791d423880ce5fdeb\System.Web.Abstractions.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ca5ab53ed64b64fbe0ea452dfb01fbb5\System.ServiceModel.Channels.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9aab569e93ab042f448660f9f1622dda\System.ServiceModel.ServiceMoniker40.ni.dll

+ 2011-06-13 05:31 . 2011-06-13 05:31 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\20c8c3c45d3422008f183f450401169a\System.AddIn.Contract.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 37376 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\d6a22b4b33d5888483a41b40be4c63e4\Microsoft.Workflow.Compiler.ni.exe

+ 2011-06-13 05:30 . 2011-06-13 05:30 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\104c4014266e2fc285779f63f14baee8\Microsoft.VisualC.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\ac4619f20486b1bae2d8666b57568bb5\Accessibility.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b1c4b8eb5d8e39b56b6808b1c171d48b\dfsvc.ni.exe

- 2011-06-08 07:31 . 2011-06-08 07:31 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll

+ 2008-04-14 12:00 . 2011-06-14 04:36 458926 c:\windows\system32\perfh009.dat

+ 2011-02-10 11:10 . 2011-02-10 11:10 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll

- 2010-03-18 20:16 . 2010-03-18 20:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll

- 2010-03-18 20:16 . 2010-03-18 20:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll

+ 2011-02-10 11:10 . 2011-02-10 11:10 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll

- 2010-03-18 20:16 . 2010-03-18 20:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll

+ 2011-02-10 11:10 . 2011-02-10 11:10 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2010-11-25 16:01 . 2010-11-25 16:01 510464 c:\windows\Installer\5ccae.msp

+ 2011-06-13 05:34 . 2011-06-13 05:34 399360 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\5be9c660364780494bf977b60c4873fc\XamlBuildTask.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 353792 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\87afe24263416769cb144af9cd582c2c\WsatConfig.ni.exe

+ 2011-06-13 05:34 . 2011-06-13 05:34 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\8fc284e8227966cd2b53dde575a560ca\WindowsFormsIntegration.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5dbaa5605b1c70fc64f0413709f0fd3e\UIAutomationTypes.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\0ceb105fca50f472ec753d820e4aeeda\UIAutomationClient.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e8063e4a016ce5f612047826ce85192d\System.Xml.Linq.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\9cea70e2d0008b1c669381e647fe38b8\System.Windows.Input.Manipulations.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 192512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\fbc7001b7c3cc439df295b189d40de6c\System.Windows.Forms.DataVisualization.Design.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 218624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\a28da3f29a331a1ed80f5665ab2e15de\System.Web.RegularExpressions.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 858112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\1927d954907ecbfc2df4459b0a962707\System.Web.Extensions.Design.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 332288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\5c45d3bf0c403e67603ddae213722ba9\System.Web.Entity.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 296448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\a7af69183096798a7f19b14292c1d3e9\System.Web.Entity.Design.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c4bf15738f0e114041b0b3f3bb7adba2\System.Web.DynamicData.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\3ce1524e8800e3b978bc31a82b1830ba\System.Web.DataVisualization.Design.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\f3f4677f38cae89e4f3da7aef67a8286\System.Transactions.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d20b42d2a1e8b587218255d94cf9d51d\System.ServiceProcess.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 421888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8a17a217531a547573ada931b04ecb2a\System.ServiceModel.Activation.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\63d43147c361a5ea56a438f9c9f405ab\System.ServiceModel.Routing.ni.dll

+ 2011-06-13 04:36 . 2011-06-13 04:36 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\433e0563cc3bdaed1d5d580a976c5e9e\System.Security.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3e118dc6bd8e3139f8e67e4c3b8743b2\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 767488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\02fefb241c18e9c0fb2d293d279a2cfc\System.Runtime.Remoting.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 239616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\9ff84c48443974b0a002cc6afe14ab7b\System.Runtime.Caching.ni.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\be40dc77e976b72345841d9b3090addf\System.Numerics.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\632fa87e063c2cd93ca6c974f4083370\System.Net.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\1219fbafa287ea332a64be7b858fce5c\System.Messaging.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\a40d6c00e44903ecd90ed228c684be78\System.Management.Instrumentation.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\03b7ea60ade16ef4e1be509050942005\System.IO.Log.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\c0d6bf93aa2d4ae88198cc74303444f7\System.IdentityModel.Selectors.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\9d0dacabf0328c67bdc5bcde92c8a6a0\System.EnterpriseServices.Wrapper.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\9d0dacabf0328c67bdc5bcde92c8a6a0\System.EnterpriseServices.ni.dll

+ 2011-06-13 04:36 . 2011-06-13 04:36 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\ab6b818c24bf13aec8a322e19f2e097e\System.Dynamic.ni.dll

+ 2011-06-13 04:37 . 2011-06-13 04:37 223744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\129a693945fce76af8b8b215d657b236\System.Drawing.Design.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\ff9eff4b13bf2907808f44072528a058\System.DirectoryServices.Protocols.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\71e1815286162efb41ca0b818562d816\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\9db033b3b35d3244138a3d8ecd9463aa\System.Device.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 499712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\eda5558e0298bb8ed40238a09e23b8b9\System.Data.Services.Design.ni.dll

+ 2011-06-13 05:31 . 2011-06-13 05:31 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\17da63b9c8064159c9171c04f3ee7dbb\System.Data.DataSetExtensions.ni.dll

+ 2011-06-13 04:36 . 2011-06-13 04:36 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7402f1ee7efe4d136b686df4594355a9\System.Configuration.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\57590739c0280784ea5cc75a0b954f41\System.Configuration.Install.ni.dll

+ 2011-06-13 04:37 . 2011-06-13 04:37 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\2d2e931b15a2673aae0dd09c3dc4fc00\System.ComponentModel.Composition.ni.dll

+ 2011-06-13 05:31 . 2011-06-13 05:31 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\05f5ebde5d831cdeff3373cfce7222b2\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-06-13 05:31 . 2011-06-13 05:31 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\3a1d261bf1c23b8e7a448dcab04862ec\System.AddIn.ni.dll

+ 2011-06-13 05:31 . 2011-06-13 05:31 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\06112c8e86e63fa5af32514204d9319d\System.Activities.DurableInstancing.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\fe2a7d68ae44b756dff80870742899e5\SMSvcHost.ni.exe

+ 2011-06-13 05:30 . 2011-06-13 05:30 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4e17631c0f733accb86b9b30547ad408\SMDiagnostics.ni.dll

+ 2011-06-13 04:37 . 2011-06-13 04:37 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d896455ac820e0a28f0cfe8ae611ab2f\PresentationFramework.Luna.ni.dll

+ 2011-06-13 04:36 . 2011-06-13 04:37 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\84347cf0d80a63e04e386abf9b34d0e0\PresentationFramework.Royale.ni.dll

+ 2011-06-13 04:37 . 2011-06-13 04:37 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\43efb9cfeaa447752d2ccb53f2ff0e42\PresentationFramework.Aero.ni.dll

+ 2011-06-13 04:36 . 2011-06-13 04:36 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2feb56a801c952c6708baa69111b3e1e\PresentationFramework.Classic.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 273920 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\f5e6eae3ab444f9c836282a0ce0d2bc0\MSBuild.ni.exe

+ 2011-06-13 05:30 . 2011-06-13 05:30 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09d9db7b3925040d94b1a832a7837fec\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\e8ca1bcc246baee865abf9ff069793c0\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 629248 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\e27c398e528894a8fbb43691f74f6cb8\Microsoft.Build.Utilities.v4.0.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 257536 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\e6536fcb645277de4b1c0502370e34ba\Microsoft.Build.Framework.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\a571f51c0f95a3a7e1d6360fb7c3cddc\Microsoft.Build.Conversion.v4.0.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e8379e6b1e0dca52e26b1159ed6b7348\CustomMarshalers.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 471040 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\096211f2aba8e228d56da113dd3fd914\ComSvcConfig.ni.exe

+ 2011-06-13 05:29 . 2011-06-13 05:29 842752 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\2bdbec4b8b9a93dd6cf0231a2ff4b1fb\AspNetMMCExt.ni.dll

+ 2010-09-22 12:55 . 2010-09-22 12:55 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll

- 2010-03-18 23:47 . 2010-03-18 23:47 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll

+ 2010-09-22 12:55 . 2010-09-22 12:55 5176144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll

+ 2011-02-10 11:10 . 2011-02-10 11:10 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll

- 2010-03-18 20:16 . 2010-03-18 20:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll

+ 2011-02-10 11:10 . 2011-02-10 11:10 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll

+ 2011-02-10 11:10 . 2011-02-10 11:10 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-06-08 07:36 . 2011-06-08 07:36 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll

- 2011-06-08 07:37 . 2011-06-08 07:37 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll

+ 2011-06-13 04:39 . 2011-06-13 04:39 5176144 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2011-06-08 07:32 . 2011-06-08 07:32 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2011-06-13 04:34 . 2011-06-13 04:34 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-06-08 07:31 . 2011-06-08 07:31 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2010-09-22 22:02 . 2010-09-22 22:02 4076032 c:\windows\Installer\5ccb5.msp

+ 2011-06-13 04:36 . 2011-06-13 04:36 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\bbd0d0d6986a0409d0344ffecc79dc22\WindowsBase.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\893f3289dc3e7ab4549da1039a5a2309\UIAutomationClientsideProviders.ni.dll

+ 2011-06-13 04:36 . 2011-06-13 04:36 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\543000b97e61a5d0857ac6af534e676c\System.ni.dll

+ 2011-06-13 04:36 . 2011-06-13 04:36 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\8baad7c480f1dde84931a844f8c0a465\System.Xml.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9d29e808bc35766f1c1a6dbeb67c015a\System.Xaml.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 1203712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\2a22864526735f955c34a2fa52ad60fe\System.WorkflowServices.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 1956352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\744be886d42faca38d9c8c8177208056\System.Workflow.Runtime.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 4428800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\e5f5f624b6133ef22120b5dadb4b5b8d\System.Workflow.ComponentModel.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 2839552 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\39ec8bb510315d686e5e76c3c9ce653d\System.Workflow.Activities.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\3181199e69c30e53abe95493600605b2\System.Windows.Forms.DataVisualization.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1864704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9bdebcd8d38e9d4bdff5d894677ae7e4\System.Web.Services.ni.dll

+ 2011-06-13 05:34 . 2011-06-13 05:34 2324992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\4f3854dba03e50e6738a9b976b8565a8\System.Web.Mobile.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 3079168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\00dfdebe6c0249e871e8ba9f8406e1a7\System.Web.Extensions.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 4429312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\135195c100b5270645bbb17aca88e946\System.Web.DataVisualization.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\ec3ecec0502f1821f59f116d65505e1a\System.Speech.ni.dll

+ 2011-06-13 05:32 . 2011-06-13 05:32 1046528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6c632ad8cd98fd9040be929dcd492c15\System.ServiceModel.Web.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6a3b75723d70cfd7a0ce55deeca72994\System.ServiceModel.Discovery.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1ea1e55f1d99243446eb5e1422472da7\System.ServiceModel.Activities.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\59bb50b7cded20c8ac981442bd0aaa79\System.Runtime.Serialization.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e702d05dee88315b4371d4af77beef14\System.Runtime.DurableInstancing.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1296ce57bf719ccbca5678780f2a1651\System.Printing.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\6407a29e082d0aa4f118ca86b5266d37\System.Management.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a457cfdbb3d7d9b4d77787c7081ad9a1\System.IdentityModel.ni.dll

+ 2011-06-13 04:36 . 2011-06-13 04:36 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b06f6be1a84e07f2cf7958da9c1af409\System.Drawing.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\d592154127b090529a5200ea3955e246\System.DirectoryServices.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\560461d5799ebabcde2d9dfc745b0c6a\System.Deployment.ni.dll

+ 2011-06-13 04:37 . 2011-06-13 04:37 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\3c2804ec1e22d048b9fe053a90672189\System.Data.ni.dll

+ 2011-06-13 04:36 . 2011-06-13 04:36 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\b9a983c667c3ff1e1fcf8120266f62fa\System.Data.SqlXml.ni.dll

+ 2011-06-13 05:32 . 2011-06-13 05:32 2008576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\b36502e010b4c693d51bd9f7d66843ce\System.Data.Services.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\73c24f4149a48ab1d77792b376d83f07\System.Data.Services.Client.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1183744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\aec14ef159ff856b50ab8e47d7fed0a2\System.Data.OracleClient.ni.dll

+ 2011-06-13 04:37 . 2011-06-13 04:37 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\967b4093383d27934a962fbc8b50a9a7\System.Data.Linq.ni.dll

+ 2011-06-13 05:32 . 2011-06-13 05:32 1398272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\efd45ac6aa42e8026d0b27840e4b4bb7\System.Data.Entity.Design.ni.dll

+ 2011-06-13 04:36 . 2011-06-13 04:36 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\62ffa024e20a305ef5c8119d57577a24\System.Core.ni.dll

+ 2011-06-13 05:31 . 2011-06-13 05:31 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\1534957f29d87890a8f83db0bb22bacd\System.Activities.ni.dll

+ 2011-06-13 05:31 . 2011-06-13 05:31 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\6738626185c9ca23f4822a5844c70f9c\System.Activities.Presentation.ni.dll

+ 2011-06-13 05:31 . 2011-06-13 05:31 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\7dbeb708492a556cdab0c9ed094ec12f\System.Activities.Core.Presentation.ni.dll

+ 2011-06-13 05:31 . 2011-06-13 05:31 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\693e38d8e731f6e05f03c5e9060b6770\ReachFramework.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\fcc8d07ee8e6d9a040f949e2f6179d06\PresentationUI.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1467904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\64e4a5cc51ade2fd6f323de0b7d100b5\PresentationBuildTasks.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1133056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\eaf20bfcba1ee9c38deef1fdc84037e3\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\67ee94329b727ec7399d0ad802501c1a\Microsoft.VisualBasic.Activities.Compiler.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\3c5cdbca91aeac35c8e9d66bf95997fc\Microsoft.VisualBasic.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\c107e40649746b1e2decadc8a01a6cf0\Microsoft.Transactions.Bridge.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\ff9cbdbc1b59db080abb264ba29d8ae9\Microsoft.JScript.ni.dll

+ 2011-06-13 04:37 . 2011-06-13 04:37 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\6115d4bc5f88ad22b84820392c1174b9\Microsoft.CSharp.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 4226560 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\c27a18cd07386c66502524520877522f\Microsoft.Build.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 2850816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\dcd2b420f5e5c7995610dabf5118398e\Microsoft.Build.Tasks.v4.0.ni.dll

+ 2011-06-13 05:29 . 2011-06-13 05:29 1914368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\290a5d6bcbb36e2d462e0bf92e619063\Microsoft.Build.Engine.ni.dll

+ 2011-02-11 15:43 . 2011-02-11 15:43 10951168 c:\windows\Installer\5cca9.msp

+ 2011-06-13 04:36 . 2011-06-13 04:36 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\631b850609a41144d4ccfb43e813fa88\System.Windows.Forms.ni.dll

+ 2011-06-13 05:30 . 2011-06-13 05:30 11917312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\3cd3e66b6e56dbfb2c49603fe0eb82a4\System.Web.ni.dll

+ 2011-06-13 05:33 . 2011-06-13 05:33 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3e3b71313fa512912c51799a47273a9c\System.ServiceModel.ni.dll

+ 2011-06-13 04:40 . 2011-06-13 04:40 10847744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\c1c421040c003e14f17666788291d701\System.Design.ni.dll

+ 2011-06-13 05:32 . 2011-06-13 05:32 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\72bad6f7cb443179bbc04de77093bda0\System.Data.Entity.ni.dll

+ 2011-06-13 04:37 . 2011-06-13 04:37 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\127e76052e5777c12399916d06d4820d\PresentationFramework.ni.dll

+ 2011-06-13 04:37 . 2011-06-13 04:37 11058176 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\82125395225360a2a0512f856aa84936\PresentationCore.ni.dll

+ 2011-06-13 04:35 . 2011-06-13 04:35 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\efc49e47517e3d16bab15796b3af4ac6\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 20:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

Link to post
Share on other sites

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]

"NVHotkey"="nvHotkey.dll" [2011-01-08 178792]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]

"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-04 273544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Outspark\\Project Powder\\Run.exe"=

"c:\\Program Files\\REACTOR\\REACTOR.exe"=

"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=

"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"c:\\Gamigo\\Elements of War Online\\EoW.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Jackson\\My Documents\\Downloads\\utorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56371:TCP"= 56371:TCP:Pando Media Booster

"56371:UDP"= 56371:UDP:Pando Media Booster

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1033:TCP"= 1033:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"11991:TCP"= 11991:TCP:spport

.

R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [6/2/2011 4:18 PM 298824]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/7/2011 7:22 AM 22712]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 7:22 AM 366640]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-630328440-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-630328440-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - about:home

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-13 21:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1672)

c:\windows\system32\WININET.dll

c:\windows\System32\BCMLogon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

.

- - - - - - - > 'lsass.exe'(1732)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(2380)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Flip Video\FlipShare\FlipShareService.exe

c:\windows\system32\rundll32.exe

c:\windows\RTHDCPL.EXE

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\Hotspot Shield\HssWPR\hsssrv.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\Hotspot Shield\bin\hsswd.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Completion time: 2011-06-13 21:55:35 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-14 04:55

ComboFix2.txt 2011-06-12 22:11

ComboFix3.txt 2011-06-12 20:34

.

Pre-Run: 183,115,476,992 bytes free

Post-Run: 183,917,113,344 bytes free

.

- - End Of File - - 925DDD023317803FC123F6AC450812DF

==Problems as of now==

-Svchost.exe excessive cpu usage (slows internet down)

-Browser redirection. (i tested to see if it would happen, took me to STOPzilla)

-Not of importance, but msn messenger, friend pics stopped showing in "friends list". After this comboFix session.

Quick question, what program should i use as antivirus? since i do not have avg currently.

Link to post
Share on other sites

Looks like Windows updates worked.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Folder::
c:\program files\uTorrentBar
c:\program files\ConduitEngine

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Security Shield FAKE antivirus keeps popping back up. This was the virus i was talking about earlier. Why is that?

Log for RKILL

==================================================================

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 06/14/2011 at 15:47:39.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\ecbvksryx.exe

C:\WINDOWS\system32\grpconv.exe

Rkill completed on 06/14/2011 at 15:47:50.

===============================================================

I don't know if this helps so i just thought to post it.

Link to post
Share on other sites

I think I found it.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11991:TCP"=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Heres the first one, and imma do the next one u told me just now.

ComboFix 11-06-14.01 - Jackson 06/14/2011 17:05:54.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2710 [GMT -7:00]

Running from: c:\documents and settings\Jackson\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Jackson\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\LocalService\Local Settings\Application Data\ecbvksryx.exe

c:\program files\ConduitEngine

c:\program files\ConduitEngine\appContextMenu.xml

c:\program files\ConduitEngine\ConduitEngine.dll

c:\program files\ConduitEngine\ConduitEngineHelper.exe

c:\program files\ConduitEngine\ConduitEngineUninstall.exe

c:\program files\ConduitEngine\engineContextMenu.xml

c:\program files\ConduitEngine\EngineSettings.json

c:\program files\ConduitEngine\INSTALL.LOG

c:\program files\ConduitEngine\toolbar.cfg

c:\program files\uTorrentBar

c:\program files\uTorrentBar\GottenAppsContextMenu.xml

c:\program files\uTorrentBar\INSTALL.LOG

c:\program files\uTorrentBar\OtherAppsContextMenu.xml

c:\program files\uTorrentBar\SharedAppsContextMenu.xml

c:\program files\uTorrentBar\tbuTor.dll

c:\program files\uTorrentBar\toolbar.cfg

c:\program files\uTorrentBar\ToolbarContextMenu.xml

c:\program files\uTorrentBar\UNWISE.EXE

c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))))

.

.

2011-06-13 22:52 . 2011-06-13 22:52 -------- d-----w- c:\program files\ESET

2011-06-13 22:33 . 2011-06-13 22:33 -------- d-----w- c:\program files\EXordium Team

2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Conduit

2011-06-12 23:18 . 2011-06-12 23:18 -------- d-----w- c:\program files\Conduit

2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\uTorrentBar

2011-06-12 23:13 . 2011-06-12 23:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\temp

2011-06-12 23:12 . 2011-06-12 23:12 -------- d-----w- c:\program files\uTorrent

2011-06-12 23:12 . 2011-06-13 22:28 -------- d-----w- c:\documents and settings\Jackson\Application Data\uTorrent

2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2011-06-10 14:55 . 2011-06-10 14:55 -------- d-----w- c:\program files\Siber Systems

2011-06-10 14:52 . 2011-06-10 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff

2011-06-10 14:40 . 2011-06-10 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SwagHack_Galaxy_Edition_3

2011-06-10 04:52 . 2011-06-10 04:52 -------- d--h--w- c:\windows\PIF

2011-06-08 07:30 . 2011-06-08 07:30 -------- d-----w- c:\program files\Microsoft.NET

2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- C:\Hotspot Shield

2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- c:\program files\Hotspot Shield

2011-06-08 03:44 . 2011-06-08 03:44 388096 ----a-r- c:\documents and settings\Jackson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-08 03:44 . 2011-06-08 03:44 -------- d-----w- c:\program files\Trend Micro

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\Jackson\Application Data\Malwarebytes

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-07 14:22 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-07 14:22 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-07 05:45 . 2011-06-07 05:45 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-07 05:43 . 2011-06-07 05:43 -------- d-----w- c:\program files\OpenAL

2011-06-07 05:02 . 2011-06-07 05:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-06-04 22:22 . 2011-06-07 05:44 -------- d-----w- c:\program files\AutoHotkey

2011-06-04 22:22 . 2011-06-04 22:22 -------- d-----w- c:\windows\ShellNew

2011-06-04 01:09 . 2011-06-04 01:09 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-04 01:08 . 2011-06-04 01:09 -------- d-----w- c:\program files\Real

2011-06-04 00:58 . 2011-06-04 00:59 -------- d-----w- c:\documents and settings\Jackson\dwhelper

2011-06-03 22:20 . 2011-06-03 22:20 -------- d-----w- C:\AeriaGames

2011-06-03 06:22 . 2011-06-07 22:58 -------- d-----w- c:\program files\Common Files\Akamai

2011-06-01 22:23 . 2011-06-01 22:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-01 22:23 . 2011-06-01 22:23 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-01 14:29 . 2011-06-07 05:44 -------- d-----w- C:\Gamigo

2011-05-29 22:03 . 2011-05-30 19:57 -------- d-----w- c:\program files\Bounty Bay Online

2011-05-29 02:13 . 2011-05-29 02:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Wicked_Interactive_LTD

2011-05-29 02:02 . 2011-06-04 06:27 -------- d-----w- c:\program files\SubaGames

2011-05-28 22:06 . 2011-05-28 22:07 -------- d-----w- c:\documents and settings\Jackson\Application Data\VMK Pal

2011-05-24 03:21 . 2011-05-24 03:21 -------- d-----w- c:\windows\Sun

2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\program files\Flip Video

2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video

2011-05-24 02:34 . 2011-05-24 02:34 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\WMTools Downloaded Files

2011-05-21 16:25 . 2011-06-14 22:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-21 00:33 . 2011-05-21 00:33 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Mozilla

2011-05-20 06:18 . 2011-05-20 06:42 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Panda3D

2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\Common Files\SourceTec

2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\SourceTec

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-04 01:08 . 2011-04-30 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-06-04 01:08 . 2011-04-30 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-04 06:17 . 2011-05-04 06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-04 06:17 . 2011-05-04 06:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-30 22:38 . 2011-04-30 22:38 315392 ----a-w- c:\windows\HideWin.exe

2011-04-14 16:26 . 2011-05-21 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-06-14_04.49.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-15 00:20 . 2011-06-15 00:20 16384 c:\windows\temp\Perflib_Perfdata_108.dat

- 2008-04-14 12:00 . 2011-06-14 04:36 77366 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2011-06-15 00:07 77366 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2011-06-15 00:07 458926 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2011-06-14 04:36 458926 c:\windows\system32\perfh009.dat

+ 2011-06-14 22:21 . 2011-06-14 22:21 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe

+ 2011-05-26 23:39 . 2011-06-14 22:21 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll

- 2011-05-26 23:39 . 2011-05-26 23:39 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]

"NVHotkey"="nvHotkey.dll" [2011-01-08 178792]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]

"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-04 273544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Outspark\\Project Powder\\Run.exe"=

"c:\\Program Files\\REACTOR\\REACTOR.exe"=

"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=

"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"c:\\Gamigo\\Elements of War Online\\EoW.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Jackson\\My Documents\\Downloads\\utorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56371:TCP"= 56371:TCP:Pando Media Booster

"56371:UDP"= 56371:UDP:Pando Media Booster

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1033:TCP"= 1033:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"11991:TCP"= 11991:TCP:spport

.

R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [6/2/2011 4:18 PM 298824]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/7/2011 7:22 AM 22712]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 7:22 AM 366640]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-630328440-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-630328440-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - about:home

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe

AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-14 17:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1668)

c:\windows\system32\WININET.dll

c:\windows\System32\BCMLogon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

.

- - - - - - - > 'lsass.exe'(1728)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(320)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\windows\RTHDCPL.EXE

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\Flip Video\FlipShare\FlipShareService.exe

c:\program files\Hotspot Shield\HssWPR\hsssrv.exe

c:\program files\Hotspot Shield\bin\hsswd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Completion time: 2011-06-14 17:26:39 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-15 00:26

ComboFix2.txt 2011-06-14 04:55

ComboFix3.txt 2011-06-12 22:11

ComboFix4.txt 2011-06-12 20:34

.

Pre-Run: 183,617,363,968 bytes free

Post-Run: 183,903,727,616 bytes free

.

- - End Of File - - 7E1610BA38FC6B37DF5AAE3B55238952

Im gonna do the next one now.

===

Issues

===

Svchost.exe -extensive internet connection and CPU usage.

Redirection- internet

Random Internet tab opens up, page is unknown, i always close the page before looking at it.

Link to post
Share on other sites

ComboFix 11-06-14.03 - Jackson 06/14/2011 20:11:05.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2710 [GMT -7:00]

Running from: c:\documents and settings\Jackson\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Jackson\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))))

.

.

2011-06-13 22:52 . 2011-06-13 22:52 -------- d-----w- c:\program files\ESET

2011-06-13 22:33 . 2011-06-13 22:33 -------- d-----w- c:\program files\EXordium Team

2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Conduit

2011-06-12 23:18 . 2011-06-12 23:18 -------- d-----w- c:\program files\Conduit

2011-06-12 23:18 . 2011-06-13 00:08 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\uTorrentBar

2011-06-12 23:13 . 2011-06-12 23:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\temp

2011-06-12 23:12 . 2011-06-12 23:12 -------- d-----w- c:\program files\uTorrent

2011-06-12 23:12 . 2011-06-13 22:28 -------- d-----w- c:\documents and settings\Jackson\Application Data\uTorrent

2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2011-06-10 14:55 . 2011-06-10 14:55 -------- d-----w- c:\program files\Siber Systems

2011-06-10 14:52 . 2011-06-10 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff

2011-06-10 14:40 . 2011-06-10 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SwagHack_Galaxy_Edition_3

2011-06-10 04:52 . 2011-06-10 04:52 -------- d--h--w- c:\windows\PIF

2011-06-08 07:30 . 2011-06-08 07:30 -------- d-----w- c:\program files\Microsoft.NET

2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- C:\Hotspot Shield

2011-06-08 06:56 . 2011-06-10 04:03 -------- d-----w- c:\program files\Hotspot Shield

2011-06-08 03:44 . 2011-06-08 03:44 388096 ----a-r- c:\documents and settings\Jackson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-08 03:44 . 2011-06-08 03:44 -------- d-----w- c:\program files\Trend Micro

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\Jackson\Application Data\Malwarebytes

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-07 14:22 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-07 14:22 . 2011-06-07 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-07 14:22 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-07 05:45 . 2011-06-07 05:45 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-07 05:43 . 2011-06-07 05:43 -------- d-----w- c:\program files\OpenAL

2011-06-07 05:02 . 2011-06-07 05:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-06-04 22:22 . 2011-06-07 05:44 -------- d-----w- c:\program files\AutoHotkey

2011-06-04 22:22 . 2011-06-04 22:22 -------- d-----w- c:\windows\ShellNew

2011-06-04 01:09 . 2011-06-04 01:09 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-04 01:08 . 2011-06-04 01:09 -------- d-----w- c:\program files\Real

2011-06-04 00:58 . 2011-06-04 00:59 -------- d-----w- c:\documents and settings\Jackson\dwhelper

2011-06-03 22:20 . 2011-06-03 22:20 -------- d-----w- C:\AeriaGames

2011-06-03 06:22 . 2011-06-07 22:58 -------- d-----w- c:\program files\Common Files\Akamai

2011-06-01 22:23 . 2011-06-01 22:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-01 22:23 . 2011-06-01 22:23 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-01 14:29 . 2011-06-07 05:44 -------- d-----w- C:\Gamigo

2011-05-29 22:03 . 2011-05-30 19:57 -------- d-----w- c:\program files\Bounty Bay Online

2011-05-29 02:13 . 2011-05-29 02:13 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Wicked_Interactive_LTD

2011-05-29 02:02 . 2011-06-04 06:27 -------- d-----w- c:\program files\SubaGames

2011-05-28 22:06 . 2011-05-28 22:07 -------- d-----w- c:\documents and settings\Jackson\Application Data\VMK Pal

2011-05-24 03:21 . 2011-05-24 03:21 -------- d-----w- c:\windows\Sun

2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\program files\Flip Video

2011-05-24 02:36 . 2011-05-24 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video

2011-05-24 02:34 . 2011-05-24 02:34 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\WMTools Downloaded Files

2011-05-21 16:25 . 2011-06-14 22:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-21 00:33 . 2011-05-21 00:33 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Mozilla

2011-05-20 06:18 . 2011-05-20 06:42 -------- d-----w- c:\documents and settings\Jackson\Local Settings\Application Data\Panda3D

2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\Common Files\SourceTec

2011-05-18 23:42 . 2011-05-18 23:42 -------- d-----w- c:\program files\SourceTec

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-04 01:08 . 2011-04-30 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-06-04 01:08 . 2011-04-30 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-04 06:17 . 2011-05-04 06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-04 06:17 . 2011-05-04 06:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-30 22:38 . 2011-04-30 22:38 315392 ----a-w- c:\windows\HideWin.exe

2011-04-14 16:26 . 2011-05-21 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-06-14_04.49.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-15 03:24 . 2011-06-15 03:24 16384 c:\windows\temp\Perflib_Perfdata_790.dat

- 2008-04-14 12:00 . 2011-06-14 04:36 77366 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2011-06-15 03:12 77366 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2011-06-15 03:12 458926 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2011-06-14 04:36 458926 c:\windows\system32\perfh009.dat

+ 2011-06-14 22:21 . 2011-06-14 22:21 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe

+ 2011-05-26 23:39 . 2011-06-14 22:21 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll

- 2011-05-26 23:39 . 2011-05-26 23:39 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]

"NVHotkey"="nvHotkey.dll" [2011-01-08 178792]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]

"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-04 273544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Outspark\\Project Powder\\Run.exe"=

"c:\\Program Files\\REACTOR\\REACTOR.exe"=

"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=

"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"c:\\Gamigo\\Elements of War Online\\EoW.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Jackson\\My Documents\\Downloads\\utorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56371:TCP"= 56371:TCP:Pando Media Booster

"56371:UDP"= 56371:UDP:Pando Media Booster

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1033:TCP"= 1033:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [6/2/2011 4:18 PM 298824]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/7/2011 7:22 AM 22712]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 7:22 AM 366640]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-630328440-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

2011-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-630328440-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\wkbmupta.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - about:home

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-14 20:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1672)

c:\windows\system32\WININET.dll

c:\windows\System32\BCMLogon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

.

- - - - - - - > 'lsass.exe'(1732)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(3940)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\windows\RTHDCPL.EXE

c:\program files\Flip Video\FlipShare\FlipShareService.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\Hotspot Shield\HssWPR\hsssrv.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\Hotspot Shield\bin\hsswd.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Completion time: 2011-06-14 20:30:59 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-15 03:30

ComboFix2.txt 2011-06-15 00:26

ComboFix3.txt 2011-06-14 04:55

ComboFix4.txt 2011-06-12 22:11

ComboFix5.txt 2011-06-15 03:03

.

Pre-Run: 183,495,106,560 bytes free

Post-Run: 183,816,896,512 bytes free

.

- - End Of File - - AC1A31A650664B38067B3928D124B3E9

=======================

SAME PROBLEMS STILL

=======================

Link to post
Share on other sites

Just to say a heads up, heres a problem. I am currently NOT using a router, im connected directly through the modem.

There is only a power on and off switch.

Our internet service is Arris, which is part phone as well, and im using the "find dns automaticly" option.

I also have noticed that when i search google pictures, on firefox, it doesnt show all the pages. And under the search bar, it says "go to google.com" and by clicking that it takes me to the "full" pages of pictures.

Im also getting a Scour redirect. Also in my temp folder, random .exe viruses keep popping up time to time. and avg used to block them from running but now i dont have avg so its a problem. Any solutions??

Link to post
Share on other sites

Please download Dr.Web CureIt . Save it to your desktop:

  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
  • This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Please post the Dr.Web.txt report in your next reply
  • Close Dr.Web Cureit.
    Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

Link to post
Share on other sites

I ran the program, and it restarted without prompt. So im not sure where to find the txt file. All i know is it found 2 viruses.

Currently Svchost.exe does not seem to be bothering me, but i havent been long enough to be sure exactly.

Google.com, when i search web or pictures, under the search bar it says "google.com" thats a link to the normal one.

Before clicking to that link...

Web- the links dont take me anywhere, just freeszes at white screen. After clicking "google.com" link, it gets me to the sites.

Pictures- firefox, only shows 4-5 rows of pictures, when i press link, and if i get pass the redirect, it gives me all the pictures.

Seems like there is a FAKE google...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.