It is currently Sun Nov 19, 2017 1:01 pm


AVG keeps getting trojans and hidden files

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Tue Sep 04, 2012 2:32 pm

Please download Rkill to you desktop

Run it and after the scan finishes and without rebooting, run a new ESET Online Scanner

Post the contents of RKILL log and the ESET log in your next reply
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Wed Sep 05, 2012 2:17 am

Rkill 2.3.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/04/2012 04:23:03 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!

* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@"was reset to comfile!


Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Alerter [Missing Service]
* lanmanworkstation [Missing Service]
* NtLmSsp [Missing Service]
* RpcLocator [Missing Service]
* NetBIOS [Missing Service]

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

* helpsvc => %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\netbt.sys [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\netbt.sys : 162,816 : 08/10/2004 03:00 PM : 0c80e410cd2f47134407ee7dd19cc86b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\netbt.sys : 162,816 : 04/13/2008 03:21 PM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\netbt.sys : 162,816 : 04/13/2008 03:21 PM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]

Program finished at: 09/04/2012 04:24:45 PM
Execution time: 0 hours(s), 1 minute(s), and 41 seconds(s)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-19 03:24:48
# local_time=2012-04-18 11:24:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=177363
# found=10
# cleaned=9
# scan_time=5270
C:\Documents and Settings\Administrator\My Documents\My Music\Country\Trace Adkins - Swing.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Administrator\My Documents\My Music\Pop (Dance)\Flowbots - No Handle Bars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Administrator\My Documents\Pop (Dance)\Flowbots - No Handle Bars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BGM0T0TS\fera-soft[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\41AGIBPU\post[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7O7K0R2J\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZTYM3V21\fera-soft[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-22 05:07:13
# local_time=2012-04-22 01:07:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 96 0 78163374 0 0
# compatibility_mode=5889 16768382 80 100 73679032 174924376 0 73778830
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=180329
# found=6
# cleaned=4
# scan_time=10828
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2P2H535X\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\THRRAAC8\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1287\A0255688.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1292\A0259426.exe probably a variant of Win32/Agent.CWORLZS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.LP trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-31 01:22:07
# local_time=2012-08-30 09:22:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=198557
# found=13
# cleaned=12
# scan_time=14716
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7QA2M9X4\cat-riding-on-a-turtle[1].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\fpi[3].htm HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\if[4].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\if[5].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\ttj[8] HTML/Iframe.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IHV6LWHO\ttj[6] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QZNS8SID\ttj[6] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VP5DDP44\kittens-fighting-over-plastic-bag[1].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B73QO160\3market[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BitLord\BitLord\Downloads\100 android apps\100.Android.Apps.rar a variant of Android/PJApps.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BitLord\BitLord\Downloads\100 android apps\100.Android.Apps\100 Android Apps\Android.-.Cool.Texter.v1.9.apk a variant of Android/PJApps.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\eMule\Incoming\Alcohol_120%_v1.9.6.5429_Retail_incl_Keygen.rar probably a variant of Win32/Agent.CWORLZS trojan (deleted - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-31 11:53:58
# local_time=2012-08-31 07:53:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=179421
# found=1
# cleaned=0
# scan_time=13722
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 12:31:32
# local_time=2012-09-04 08:31:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 11069068 11069068 0 0
# scanned=192312
# found=6
# cleaned=6
# scan_time=14610
C:\TDSSKiller_Quarantine\03.09.2012_14.21.12\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\03.09.2012_14.21.12\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\03.09.2012_14.34.33\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\03.09.2012_14.34.33\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\03.09.2012_14.45.31\tdlfs0000\tsk0003.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\03.09.2012_14.45.31\tdlfs0000\tsk0005.dta Win64/Olmarik.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Wed Sep 05, 2012 2:59 pm

Well the root kit is gone but there are new infections so this is not looking to good.
You are near the point where I don't feel it is a viable or a safe option to try and repair. A format and reinstall of windows might be your your best option, lets see what the next results are.

I want to try one more scan tool and a new combofix run.

Download FSS

Check all the boxes Click on "Scan".

Please copy and paste the log to your reply.

Run combofix one more time and post that log as well.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Wed Sep 05, 2012 7:17 pm

Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 05-09-2012 at 13:37:17
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2012-04-29 20:50] - [2004-08-10 15:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(11) PSched(7) Tcpip(3)
0x0A0000000400000001000000020000000300000008000000050000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Wed Sep 05, 2012 7:18 pm

ComboFix 12-09-05.02 - Administrator 09/05/2012 13:42:35.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1903.1278 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 18:01 . 2012-09-05 18:01 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD72C10C-CD47-4BBB-976A-FAD0E1F569DC}\offreg.dll
2012-09-05 04:49 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD72C10C-CD47-4BBB-976A-FAD0E1F569DC}\mpengine.dll
2012-09-04 04:43 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-03 23:30 . 2012-07-02 17:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-03 18:23 . 2012-09-03 18:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-03 18:13 . 2012-09-03 18:13 177496 ----a-w- c:\windows\system32\drivers\53189157.sys
2012-09-02 15:31 . 2012-09-02 15:31 89088 ----a-w- C:\mbr.exe
2012-09-01 12:15 . 2012-09-01 12:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-09-01 12:12 . 2012-09-01 12:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\adaware
2012-09-01 12:12 . 2012-09-02 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-09-01 12:12 . 2011-11-29 10:59 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-09-01 12:12 . 2011-11-29 10:59 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-09-01 12:12 . 2012-09-01 12:38 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-09-01 12:12 . 2012-09-01 12:12 -------- d-----w- c:\windows\system32\drivers\VDD
2012-09-01 12:11 . 2012-09-01 12:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2012-09-01 12:08 . 2012-09-02 02:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ad-Aware Antivirus
2012-09-01 12:03 . 2012-09-01 12:03 -------- d-----w- c:\program files\Lavasoft
2012-08-13 15:18 . 2012-08-13 15:18 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-08-13 15:17 . 2012-08-13 15:17 3038 ----a-w- C:\fix_svchost.bat
2012-08-13 15:17 . 2012-08-13 15:17 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-08-13 12:58 . 2012-08-13 12:58 -------- d-----w- C:\865c0d15dc8d3c8ac33b721d4108a4
2012-08-13 12:11 . 2012-09-01 12:10 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 01:58 . 2009-09-10 23:18 115785 ----a-w- C:\In_Case_of_Emergency.zip
2012-08-21 02:29 . 2012-04-03 12:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 02:29 . 2011-05-24 11:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-11-30 16:08 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-11-30 16:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2009-12-11 14:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2008-11-30 16:16 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-11-30 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-11-30 16:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-11-30 16:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-11-30 16:10 385024 ----a-w- c:\windows\system32\html.iec
2010-05-18 13:56 . 2010-05-18 13:56 180289 ----a-w- c:\program files\Common Files\Patcher.exe
2008-11-26 15:36 . 2009-01-21 22:21 1985024 ----a-w- c:\program files\Common Files\TomTom 7.xx Patcher.exe
2008-11-20 17:10 . 2009-01-21 22:21 1024 --s---r- c:\program files\Common Files\---.bat
2007-11-17 18:28 . 2009-01-21 22:21 47616 ----a-w- c:\program files\Common Files\Extract.exe
2007-07-23 20:14 . 2009-01-21 22:21 56832 --s---r- c:\program files\Common Files\gzip.exe
2007-01-31 09:33 . 2009-01-21 22:21 1873811 -c--a-w- c:\program files\Common Files\cygwin1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-12_12.42.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-05 18:02 . 2012-09-05 18:02 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_8ec.dat
+ 2012-09-05 17:59 . 2012-09-05 17:59 16384 c:\windows\Temp\Perflib_Perfdata_e38.dat
+ 2012-09-05 18:01 . 2012-09-05 18:01 16384 c:\windows\Temp\Perflib_Perfdata_448.dat
+ 2012-09-03 23:19 . 2012-06-02 19:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-09-03 23:19 . 2012-06-02 19:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
- 2012-04-12 05:43 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\spcustom.dll
- 2012-04-12 05:43 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spmsg.dll
- 2012-06-05 12:08 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\spcustom.dll
- 2012-06-05 12:08 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\spmsg.dll
- 2012-05-16 18:20 . 2012-04-11 13:53 30208 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\w32ksign.dll
- 2012-05-16 18:20 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\spcustom.dll
- 2012-05-16 18:20 . 2012-04-11 13:53 16896 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\mpsyschk.dll
- 2012-05-16 18:20 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spmsg.dll
+ 2012-09-04 01:13 . 2012-09-04 01:13 19968 c:\windows\Installer\1519623.msi
+ 2012-09-04 01:06 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
+ 2012-09-04 01:29 . 2012-09-04 01:29 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_e25c13f2\System.Drawing.Design.dll
+ 2012-09-04 01:29 . 2012-09-04 01:29 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_3546b4f2\CustomMarshalers.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\e9d5df193ff029981251017f4cc02895\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-09-04 01:15 . 2012-09-04 01:15 12288 c:\windows\assembly\GAC\System.Drawing.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2012-09-04 01:15 . 2012-09-04 01:15 12288 c:\windows\assembly\GAC\System.Drawing.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2012-09-04 01:15 . 2012-09-04 01:15 13824 c:\windows\assembly\GAC\System.Drawing.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\System.Drawing.Resources.dll
- 2005-01-10 01:08 . 2005-01-10 01:08 24576 c:\windows\assembly\GAC\System.Drawing.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2012-09-04 01:15 . 2012-09-04 01:15 24576 c:\windows\assembly\GAC\System.Drawing.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2012-09-04 01:15 . 2012-09-04 01:15 13312 c:\windows\assembly\GAC\System.Drawing.resources\1.0.3300.0_it_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2012-09-04 01:15 . 2012-09-04 01:15 13824 c:\windows\assembly\GAC\System.Drawing.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2012-09-04 01:15 . 2012-09-04 01:15 13312 c:\windows\assembly\GAC\System.Drawing.resources\1.0.3300.0_es_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2012-09-04 01:15 . 2012-09-04 01:15 13312 c:\windows\assembly\GAC\System.Drawing.resources\1.0.3300.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2012-09-04 01:13 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2718704\update\spcustom.dll
+ 2012-09-04 01:13 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2718704\spmsg.dll
+ 2012-09-04 01:08 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2676562\update\spcustom.dll
+ 2012-09-03 23:27 . 2012-04-11 13:53 16896 c:\windows\$hf_mig$\KB2676562\update\mpsyschk.dll
+ 2012-09-04 01:08 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2676562\spmsg.dll
+ 2012-09-04 01:10 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2653956\update\spcustom.dll
+ 2012-09-04 01:10 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2653956\spmsg.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-06-05 12:11 . 2012-06-05 12:11 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-06-05 12:10 . 2012-06-05 12:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-08-21 02:29 . 2012-08-21 02:29 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-21 02:29 . 2012-08-21 02:29 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
- 2012-04-12 05:43 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\updspapi.dll
- 2012-04-12 05:43 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\update.exe
- 2012-04-12 05:43 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spuninst.exe
- 2012-06-05 12:08 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\updspapi.dll
- 2012-06-05 12:08 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\update.exe
- 2012-06-05 12:08 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\spuninst.exe
- 2012-05-16 18:20 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\updspapi.dll
- 2012-05-16 18:20 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\update.exe
- 2012-05-16 18:20 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spuninst.exe
+ 2012-09-01 12:08 . 2012-09-01 12:08 301056 c:\windows\Installer\2b727.msi
+ 2012-07-18 19:46 . 2012-07-18 19:46 593408 c:\windows\Installer\1519605.msp
+ 2012-09-01 12:12 . 2012-09-01 12:12 128896 c:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\UNINST_Uninstall_A_DE08FD120270402B91CB0B6B59AB5AF9.exe
+ 2012-09-01 12:12 . 2012-09-01 12:12 399232 c:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut4_2C44B39324B94969A0B2A3EFCFBC4594.exe
+ 2012-09-01 12:12 . 2012-09-01 12:12 399232 c:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut1_FE807111CB594AE5B9A38430EB516D75.exe
+ 2012-09-01 12:12 . 2012-09-01 12:12 399232 c:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\ARPPRODUCTICON.exe
+ 2012-09-01 12:10 . 2012-09-01 12:10 123352 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
+ 2012-09-04 01:06 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-09-04 01:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-09-04 01:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-09-04 01:06 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-09-04 01:06 . 2009-03-08 08:35 521216 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-09-04 01:06 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
+ 2012-09-04 01:29 . 2012-09-04 01:29 851968 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_9f6fdbd1\System.Drawing.dll
+ 2012-09-04 01:29 . 2012-09-04 01:29 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-09-04 01:27 . 2012-09-04 01:27 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll
+ 2012-09-04 01:14 . 2012-09-04 01:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6ae804fdcf9ea4c42f5cabe3b183dd5d\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 955392 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\664125026f44db3573ba57cee62a6634\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 656384 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\36c341b1268e8db9c0b461db6ba967ac\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 802304 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\82b21fc907a5e6292e4f3a8178081a8c\Infragistics2.Shared.v8.2.ni.dll
+ 2012-09-04 01:30 . 2012-09-04 01:30 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-06-05 12:11 . 2012-06-05 12:11 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-09-04 01:15 . 2012-09-04 01:15 462848 c:\windows\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-12-01 01:23 . 2008-12-01 01:23 462848 c:\windows\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-09-04 01:13 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2718704\update\updspapi.dll
+ 2012-09-04 01:13 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2718704\update\update.exe
+ 2012-09-04 01:13 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2718704\spuninst.exe
+ 2012-09-04 01:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2676562\update\updspapi.dll
+ 2012-09-04 01:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2676562\update\update.exe
+ 2012-09-04 01:08 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2676562\spuninst.exe
+ 2012-09-04 01:10 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2653956\update\updspapi.dll
+ 2012-09-04 01:10 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2653956\update\update.exe
+ 2012-09-04 01:10 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2653956\spuninst.exe
+ 2012-09-03 23:28 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2012-09-01 12:12 . 2012-09-01 12:12 5836288 c:\windows\Installer\2b762.msi
+ 2012-09-01 12:09 . 2012-09-01 12:09 1826304 c:\windows\Installer\2b756.msi
+ 2012-06-26 22:03 . 2012-06-26 22:03 3875840 c:\windows\Installer\1519692.msp
+ 2012-06-19 16:54 . 2012-06-19 16:54 2239488 c:\windows\Installer\1519639.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 5009920 c:\windows\Installer\15195ba.msp
+ 2012-09-04 01:06 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-09-04 01:06 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2012-09-04 01:29 . 2012-09-04 01:29 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_56e3184b\System.dll
+ 2012-09-04 01:30 . 2012-09-04 01:30 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_6ee4c62c\System.Xml.dll
+ 2012-09-04 01:29 . 2012-09-04 01:29 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_2d9035bd\System.Windows.Forms.dll
+ 2012-09-04 01:29 . 2012-09-04 01:29 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_21be1f2c\System.Design.dll
+ 2012-09-04 01:29 . 2012-09-04 01:29 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_c3861841\mscorlib.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 3445248 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\0936e58bbcc9ab1c9b5697458f4c4ff3\ttax.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 4153344 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\08f8961cd3a46ec51241163f6a995aca\ttax.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-09-04 01:14 . 2012-09-04 01:14 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-09-04 01:28 . 2012-09-04 01:28 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll
+ 2012-09-04 01:27 . 2012-09-04 01:27 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-09-04 01:25 . 2012-09-04 01:25 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll
+ 2012-09-04 01:25 . 2012-09-04 01:25 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-09-04 01:32 . 2012-09-04 01:32 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 1323520 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\e12fda9ff2240ae7138b93eb381d3ec9\Intuit.Ctg.Map.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 1554944 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\a807dda48f95c766596a56530cd0dce9\Intuit.Ctg.Map.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 2597376 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\f33268e989b6601d934334159af3e692\Infragistics2.Win.Misc.v8.2.ni.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-20 07:06 . 2012-06-05 12:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-06-05 12:10 . 2012-06-05 12:10 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-09-04 01:20 . 2012-09-04 01:20 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-20 07:06 . 2012-06-05 12:11 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-12-01 01:23 . 2008-12-01 01:23 1179648 c:\windows\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2012-09-04 01:29 . 2012-09-04 01:29 1179648 c:\windows\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2012-09-04 01:29 . 2012-09-04 01:29 2002944 c:\windows\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-12-01 01:23 . 2008-12-01 01:23 2002944 c:\windows\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-13 07:03 . 2011-10-13 07:03 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-09-04 01:29 . 2012-09-04 01:29 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-07-25 20:59 . 2012-07-25 20:59 11032064 c:\windows\Installer\151961c.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 10937344 c:\windows\Installer\15195d7.msp
+ 2012-09-04 01:06 . 2011-12-18 19:46 11082240 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
+ 2012-09-04 01:28 . 2012-09-04 01:28 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
+ 2012-09-04 01:27 . 2012-09-04 01:27 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll
+ 2012-09-04 01:24 . 2012-09-04 01:24 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
+ 2012-09-04 01:23 . 2012-09-04 01:23 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
+ 2012-09-04 01:31 . 2012-09-04 01:31 10334208 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\3ea4e0967e86e593bf1336361a992b4e\Infragistics2.Win.v8.2.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-11-13 5328504]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spb Backup Sync.lnk]
backup=c:\windows\pss\Spb Backup Sync.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2011-10-21 09:09 198032 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-01-14 20:44 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 21:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2010-11-22 22:30 3432098 ----a-w- c:\program files\DAP\DAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-31 13:55 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 01:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-06 19:07 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 16:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HughesNetTools_McciTrayApp]
2007-11-20 21:36 1454592 ----a-w- c:\program files\HughesNetTools\1\McciTrayApp_SSR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2009-07-16 22:29 510416 ----a-w- c:\program files\Orb Networks\Orb\bin\OrbTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-12-10 02:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-05 01:44 16120832 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-03-13 13:23 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2007-03-14 21:52 3770024 ----a-w- c:\program files\TomTom HOME\TomTomHOME.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/14/2009 4:39 PM 716272]
R1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\DCxxMJPG.sys [4/22/2009 8:13 AM 132940]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/16/2009 5:26 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 5:26 PM 66632]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [9/1/2012 8:12 AM 21240]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/26/2011 2:23 PM 101112]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [7/12/2012 6:32 PM 1239952]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [12/19/2011 1:20 PM 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [9/1/2012 8:12 AM 77816]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [12/26/2010 11:41 PM 9472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 8:07 AM 250056]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [7/24/2006 10:01 PM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [7/24/2006 10:01 PM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [7/24/2006 10:01 PM 60816]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 5:27 PM 12872]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [11/30/2008 12:16 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETMDUSB
LC7981
mi-raysat_3dsMax2008_32
oracle_load_balancer_60_client-forms6ip9
s125obex
NVXBAR
NETw5x32
backuplauncher
stllssvr
arrayssl_vpn_service3,0,1,9
CnxtHdAudService
CTMFLT
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 22:32]
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:29]
.
2012-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2761066226-257966438-1775155868-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-31 13:55]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2761066226-257966438-1775155868-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-31 13:55]
.
2012-09-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-08-13 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-11-30 20:31]
.
2012-09-05 c:\windows\Tasks\User_Feed_Synchronization-{5C8D195C-94E9-471B-876A-2AC1E22802ED}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wthr.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=192.168.0.1:87
uInternet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontr ... *;*.local;<local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-45796459.sys
SafeBoot-48213148.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-05 14:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2761066226-257966438-1775155868-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,7d,60,f8,87,cd,57,49,80,ac,c8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,fa,b0,a1,aa,85,29,43,8f,af,26,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(488)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1764)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp1.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2012-09-05 14:12:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-05 18:12
ComboFix2.txt 2012-08-31 12:42
ComboFix3.txt 2012-08-27 18:51
ComboFix4.txt 2012-08-23 02:25
ComboFix5.txt 2012-09-05 17:40
.
Pre-Run: 63,486,988,288 bytes free
Post-Run: 64,322,138,112 bytes free
.
- - End Of File - - 5F6AC6F5F202052A2E64035F19A52E43
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Thu Sep 06, 2012 3:35 pm

Do you have a Windows Xp install CD?
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Thu Sep 06, 2012 9:37 pm

Yes i do...it seems to be running much better and the svchost process is no longer hogging up memory.
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Fri Sep 07, 2012 12:24 pm

Glad to hear that it's running better! I thought for sure you would have to format and reinstall.

There is still the corrupted file netbt.sys that needs to be replaced.
So we need to run windows system file checker and use the Windows XP install cd for the replacement.
Put the Windows XP install CD in the CD/DVD drive.
Next click Start and select Run then type in the following into the field.
CMD
now press enter
In the command windows type the following;
sfc /scannow (note the space between the C and the /)
Now press enter System file checker will now check you system file and replace accordingly.

Once SFC is finished reboot the system and do another ESET online scan and then post that log in your reply
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Sat Sep 08, 2012 3:37 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-19 03:24:48
# local_time=2012-04-18 11:24:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=177363
# found=10
# cleaned=9
# scan_time=5270
C:\Documents and Settings\Administrator\My Documents\My Music\Country\Trace Adkins - Swing.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Administrator\My Documents\My Music\Pop (Dance)\Flowbots - No Handle Bars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Administrator\My Documents\Pop (Dance)\Flowbots - No Handle Bars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BGM0T0TS\fera-soft[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\41AGIBPU\post[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7O7K0R2J\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZTYM3V21\fera-soft[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-22 05:07:13
# local_time=2012-04-22 01:07:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 96 0 78163374 0 0
# compatibility_mode=5889 16768382 80 100 73679032 174924376 0 73778830
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=180329
# found=6
# cleaned=4
# scan_time=10828
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2P2H535X\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\THRRAAC8\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1287\A0255688.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1292\A0259426.exe probably a variant of Win32/Agent.CWORLZS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.LP trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-31 01:22:07
# local_time=2012-08-30 09:22:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=198557
# found=13
# cleaned=12
# scan_time=14716
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7QA2M9X4\cat-riding-on-a-turtle[1].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\fpi[3].htm HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\if[4].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\if[5].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\ttj[8] HTML/Iframe.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IHV6LWHO\ttj[6] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QZNS8SID\ttj[6] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VP5DDP44\kittens-fighting-over-plastic-bag[1].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B73QO160\3market[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BitLord\BitLord\Downloads\100 android apps\100.Android.Apps.rar a variant of Android/PJApps.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BitLord\BitLord\Downloads\100 android apps\100.Android.Apps\100 Android Apps\Android.-.Cool.Texter.v1.9.apk a variant of Android/PJApps.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\eMule\Incoming\Alcohol_120%_v1.9.6.5429_Retail_incl_Keygen.rar probably a variant of Win32/Agent.CWORLZS trojan (deleted - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-31 11:53:58
# local_time=2012-08-31 07:53:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=179421
# found=1
# cleaned=0
# scan_time=13722
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 12:31:32
# local_time=2012-09-04 08:31:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 11069068 11069068 0 0
# scanned=192312
# found=6
# cleaned=6
# scan_time=14610
C:\TDSSKiller_Quarantine\03.09.2012_14.21.12\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\03.09.2012_14.21.12\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\03.09.2012_14.34.33\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\03.09.2012_14.34.33\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\03.09.2012_14.45.31\tdlfs0000\tsk0003.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\03.09.2012_14.45.31\tdlfs0000\tsk0005.dta Win64/Olmarik.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-08 12:22:55
# local_time=2012-09-07 08:22:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 11327784 11327784 0 0
# scanned=168829
# found=0
# cleaned=0
# scan_time=14578
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Sun Sep 09, 2012 12:55 am

Why are you still downloading infected torrent files?
C:\Program Files\BitLord\BitLord\Downloads\100 android apps\100.Android.Apps\100 Android Apps\Android.-.Cool.Texter.v1.9.apk a variant of Android/PJApps.F trojan.

Why would you be running a p2p file sharing program, don't you know that 90% of all p2p files are infected?
C:\Program Files\eMule\Incoming\Alcohol_120%_v1.9.6.5429_Retail_incl_Keygen.rar probably a variant of Win32/Agent.CWORLZS trojan

I no longer feel it is a viable or a safe option to try and repair you current Windows OS install.
A harddrive format and reinstall of windows in my opinion is the only way to insure a virus and malware free system.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Sun Sep 09, 2012 2:06 pm

I havent downloaded any torrents in months..the last scan i did came back clean..should i delete all files in quarantine?
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Mon Sep 10, 2012 12:28 pm

The last ESET online scan log you posted still showed many infections.

Uninstall combofix:
Click on the Start button and then select Run from the menu. This will open up the Run dialog box
In the Open: field type combofix /uninstall. Please note that there is a space between combofix and /uninstall.
Once you have typed this in, click on the OK button. A Open File security warning will appear asking if you are sure you want to run ComboFix.
Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.
You can now delete the ComboFix.exe program from your computer. ComboFix has now been uninstalled from your Windows XP computer.

Uninstall OTL:
OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Tue Sep 11, 2012 1:09 am

I did everything you asked and ran another eset scan and it came back clean again...the only thing i did differently was delete the old scan log first...was i supposed to uninstall eset after each scan?

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-10 11:41:30
# local_time=2012-09-10 07:41:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 11584668 11584668 0 0
# scanned=161290
# found=0
# cleaned=0
# scan_time=14411
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Tue Sep 11, 2012 12:14 pm

jlec,

Well looks like an apology is in order, sorry it was my mistake, it would seam that ESET no longer will overwrite a previous scan log.
So I have edited my canned reply about a second ESET scan to include deleting the old log.

Your last posted ESET scan is clean and so was your last combofix log so your system should be clean!

Who said thanks: jlec (Tue Sep 11, 2012 12:45 pm)
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Tue Sep 11, 2012 12:45 pm

No apology was needed, but i do accept..i can understand you being a little frustrated after taking all this time to help someone. :mad: ..A big thank you to you for all your help, it was greatly appreciated! :bow: :banana:
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Previous

Return to Malware Support

Who is online

Users browsing this forum: No registered users and 2 guests

cron