Badly Infected

Status
Not open for further replies.
Hi e28ct17,

Ok there is a couple of things I'd like you to do.

Please make this screenshot:

Click Start > Control Panel > System and Security > Adminstrator Tools > Computer Mangement
  • When Computer Management opens double click on disk management
  • make sure the pane is expanded wide enough to show all partitions
  • Take a screenshot by pressing the alt and print screen keys at the same time
  • open an editor such as Paint
  • right click in the white panel and click paste
  • save the image as a .jpg or .png
  • attach it to your next reply

Next

We'll use a CD that we will make bootable. We also need a USB flashdrive that has some space on it. We will not be changing any of the data on the usb device just using it for a file.

You will also need to use FireFox to download a file as Internet Explorer seems to mangle the download.

If you have an problems with these steps please let me know. These may look complicated but it's fairly straight forward and for the most part automated.

On your working computer

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe by double clicking it. (right click and run as adminstrator if you are using Vista or Win7)
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished, it will open BurnCDCC which will be ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD

Using FireFox, please download and save dumpit to your usb device.

You may want to print out this part as you will not be able to view these instructions.
  • Attach the usb device to the sick computer
  • Boot the infected computer with the CD you just burned
    • with the CD in the computer, restart the computer
  • The computer must be set to boot from the CD,depending on your computer you can either do this by pressing F12 and selecting the CD as the first boot option or it can be set in the BIOS
  • Once you have the computer set to boot from the CD allow it to boot
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
    (you will be able to tell if it the right one as the screen will populate with your files)
  • Locate the file you downloaded and saved earlier, dumpit
  • double click it to run it
  • a black window will open, follow the instructions to close the window when it's finished
  • a file called MBR.zip should now be placed in the right hand panel
  • Click the Home icon at top
  • Remove the CD and click Power off
  • Click restart

Once the computer has rebooted transfer the screenshot you made earlier to the usb device. Please attach the MBR.zip file and the screenshot to your next reply.

Thanks
 
Last edited:
After I rebooted my infected computer, it said the start up files may have been damaged and I should use start repair (recommended) I chose this option and is says windows is loading files but nothing else has happened. I have attached the files you requested.
 
Hi e28ct17,

Not sure why that happened as we didn't fix anything. Can you recall if the computer was rebooted after you ran combofix the first time other than the reboot combofix did?

You do have a rogue partition which we will work on removing. First though let's make sure nothing as changed.

Delete MBR.zip from the jump drive. Reboot the sick computer with the xPUD CD and run dumpit like you did before. After you have the new mbr.zip shut the computer down, don't bother to trying to boot to windows.

Attach the mbr.zip to your next reply.
 
Last edited:
When I booted my computer with the boot disk this is what came up on the screen:

[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
giving up.
xinit: No such file or directory (errno 2): unable to connect to X server
xinit: No such process (errno 3): Server error.
xauth: (argu):1: bad display name "(none):0" in "remove" command
sh: no job control in this shell
sh-4.0#
 
Hi Hi e28ct17,

I've asked for some assistance with why you are recieving that message from xPUD. Be back ASAP.

Thanks for you patience.
 
Hi e28ct17,

Let's see if we can get this computer to boot to windows.

Remove the CD if it's in the machine.
  • Restart the computer
  • If given the option to do a Repair either cancel it or select "Start Windows Normally"
Did it boot to windows?

If it did boot to Windows, shut the computer down normally and reboot. Did it start normally?

If the computer did not boot properly after selecting "Start Windows normally"
  • reboot the computer
  • while the computer is rebooting press the F10 to bring up 'Edit Boot Options' screen. (if it's pressed too early you might get the bios screen instead. )

    The correct screen looks similar to this (yours will say Vista)
    tdl4_minint.png

  • If it says /minint or int/min after /NOEXECUTE=OPTIN,

    hit the Backspace key until that entry reads:

    /NOEXECUTE=OPTIN
  • hit enter
Did the computer boot?

Let me know how you made out.
 
Hi e28ct17,

Please tell me what if any steps you needed to take in order to get the computer to boot to windows. this information will be helpful later.

After this fix if you recieve an error message about IE or FF when opening them please reboot you computer and try again.

We'll continue with combofix. If you have a file on your desktop named CFScript please delete it we'll make a new one.

We will be using Combofix again but will run it differently.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the all of the text in the code box below into the Notepad, (including the URL). Do Not copy the word CODE

Code: 
http://forums.spybot.info/showpost.php?p=420140&postcount=17

Collect::
c:\users\Janice\AppData\Local\dplaysvr.exe
c:\users\Janice\AppData\Roaming\Ofgaub\teuzviu.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-
"{24903B15-CFA6-2F4F-D499-A747DA35520F}"=-

Folder::
c:\users\Janice\AppData\Roaming\Sie
c:\users\Janice\AppData\Roaming\Ofgaub

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


Please post back with the combofix log.

Thanks
 
I had to use F10 to boot computer. Here is my log from combofix

ComboFix 12-01-23.02 - Janice 01/25/2012 8:47.9.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4508 [GMT -6:00]
Running from: c:\users\Janice\Desktop\ComboFix.exe
Command switches used :: c:\users\Janice\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Janice\AppData\Roaming\Goaci\pyko.exe
c:\users\Janice\AppData\Roaming\Ofgaub\teuzviu.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 15:15 . 2012-01-25 15:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-25 15:15 . 2012-01-25 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-25 03:52 . 2012-01-25 03:52 -------- d-----w- c:\users\Janice\AppData\Roaming\Yfhym
2012-01-25 03:52 . 2012-01-25 03:52 -------- d-----w- c:\users\Janice\AppData\Roaming\Elday
2012-01-20 19:52 . 2012-01-20 19:52 -------- d-----w- c:\users\Janice\AppData\Roaming\Urubn
2012-01-20 19:52 . 2012-01-20 19:52 -------- d-----w- c:\users\Janice\AppData\Roaming\Inuro
2012-01-20 19:51 . 2012-01-25 15:14 -------- d-----w- c:\users\Janice\AppData\Roaming\Goaci
2012-01-20 19:51 . 2012-01-25 04:22 -------- d-----w- c:\users\Janice\AppData\Roaming\Adodn
2012-01-20 04:00 . 2012-01-20 05:26 -------- d-----w- C:\jgh
2012-01-19 13:31 . 2012-01-25 15:14 -------- d-----w- c:\users\Janice\AppData\Roaming\Ofgaub
2012-01-19 13:31 . 2012-01-25 03:52 -------- d-----w- c:\users\Janice\AppData\Roaming\Sie
2012-01-19 04:07 . 2012-01-19 04:07 -------- d-----w- C:\_OTL
2012-01-17 06:13 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-17 06:13 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-17 06:13 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-17 06:13 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-17 06:12 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-17 06:12 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-17 06:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-17 06:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-17 02:55 . 2012-01-17 02:55 -------- d-----w- C:\found.000
2012-01-06 22:33 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6575671-F39F-46D8-AB4F-C27D6149F639}\mpengine.dll
2012-01-05 07:57 . 2012-01-05 07:57 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-05 07:56 . 2012-01-06 01:49 -------- d-----w- c:\programdata\Symantec
2012-01-04 04:27 . 2002-11-12 18:22 569397 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll
2012-01-04 04:27 . 2012-01-04 04:27 -------- d-----w- c:\program files (x86)\Rhapsody
2012-01-01 18:08 . 2012-01-01 18:08 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-01 18:08 . 2012-01-01 18:08 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-01 18:08 . 2012-01-01 18:08 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-01 18:08 . 2012-01-01 18:08 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-31 04:30 . 2011-12-31 04:30 -------- d-----w- c:\users\Janice\AppData\Roaming\SumatraPDF
2011-12-31 04:30 . 2011-12-31 04:30 -------- d-----w- c:\programdata\WeCareReminder
2011-12-31 04:30 . 2011-12-31 04:30 -------- d-----w- c:\program files (x86)\Yontoo Layers Runtime
2011-12-31 04:29 . 2011-12-31 04:29 -------- d-----w- c:\program files (x86)\PDFReader
2011-12-29 02:56 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-29 02:55 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-29 02:55 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-29 02:55 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-29 02:55 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 20:29 . 2011-06-07 02:19 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-13 10:31 . 2011-06-13 04:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-20_05.07.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-27 20:15 . 2012-01-25 15:19 54714 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-25 15:19 35360 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-07 02:26 . 2012-01-25 15:19 15296 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2297261745-2509026556-3228908354-1001_UserData.bin
- 2011-06-07 03:54 . 2012-01-20 05:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 03:54 . 2012-01-25 03:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 03:54 . 2012-01-25 03:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-07 03:54 . 2012-01-20 05:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-25 03:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-20 05:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-07 02:25 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-01-25 03:57 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-12-31 14:15 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-01-12 17:30 . 2012-01-20 05:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-12 17:30 . 2012-01-25 15:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-12 17:30 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-01-12 17:30 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-01-12 17:30 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-01-12 17:30 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-06-07 02:25 . 2012-01-25 15:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-07 02:25 . 2012-01-20 05:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-07 02:25 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-07 02:25 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 02:25 . 2012-01-25 15:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-07 02:25 . 2012-01-20 05:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-17 06:13 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-17 06:13 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-01-20 05:33 . 2012-01-20 05:33 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-14 00:39 . 2012-01-20 05:32 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-01-20 06:19 . 2012-01-20 06:19 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
- 2012-01-20 05:06 . 2012-01-20 05:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-25 15:18 . 2012-01-25 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-25 15:18 . 2012-01-25 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-20 05:06 . 2012-01-20 05:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-17 06:12 . 2011-10-14 04:24 716800 c:\windows\SysWOW64\jscript.dll
- 2011-06-07 08:26 . 2011-02-18 05:41 716800 c:\windows\SysWOW64\jscript.dll
+ 2009-07-14 02:36 . 2012-01-23 03:21 632806 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-23 03:21 110440 c:\windows\system32\perfc009.dat
+ 2012-01-17 06:12 . 2011-10-14 05:31 918528 c:\windows\system32\jscript.dll
+ 2009-07-14 05:01 . 2012-01-25 15:17 968304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-20 05:05 968304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 11:47 . 2011-12-26 11:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2012-01-17 06:13 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-12-26 10:39 . 2011-12-26 10:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2012-01-17 06:13 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-09-14 00:39 . 2011-12-31 05:48 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2011-06-09 05:01 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
 
Cont,

- 2011-06-09 05:01 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-17 06:13 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\b434cf95212b804846ae51b54078b667\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e50eeb08e5a2faa91ba39a1c9e19a49e\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-01-20 05:50 . 2012-01-20 05:50 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d3d61b7222fdbc98ef59bff1333d1bf3\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-01-20 05:50 . 2012-01-20 05:50 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\36213ec4fe54a8ea1341292fdadd5e0c\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
+ 2009-07-14 04:45 . 2012-01-20 05:46 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-12-31 05:57 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-17 06:13 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-17 06:13 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-20 05:33 . 2012-01-20 05:33 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-17 01:45 . 2011-10-17 01:45 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-26 12:24 . 2011-12-26 12:24 8835072 c:\windows\Installer\182cd4.msp
+ 2011-12-09 01:24 . 2011-12-09 01:24 4989952 c:\windows\Installer\182ccb.msp
+ 2011-09-14 00:39 . 2012-01-20 05:32 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-09-14 00:39 . 2011-12-31 05:48 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-09-14 00:39 . 2012-01-20 05:32 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-01-20 06:19 . 2012-01-20 06:19 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
+ 2012-01-20 05:44 . 2012-01-20 05:44 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
+ 2012-01-20 06:11 . 2012-01-20 06:11 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-01-20 06:19 . 2012-01-20 06:19 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-20 06:11 . 2012-01-20 06:11 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-20 06:11 . 2012-01-20 06:11 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-20 05:50 . 2012-01-20 05:50 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b18cc8f74e2cc93fd0942ddadd118a65\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-01-20 05:50 . 2012-01-20 05:50 2001920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\605212ca6fbbc96fd6c528f945552d1b\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\00b0a14ef5cb0154db7989da39a7f1e5\System.Workflow.ComponentModel.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54873f241a4ad6d2a13e48d2da444538\System.Workflow.Activities.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-20 06:17 . 2012-01-20 06:17 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-20 05:52 . 2012-01-20 05:52 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-20 05:52 . 2012-01-20 05:52 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-17 06:13 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-06-09 05:02 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-17 06:13 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-17 06:13 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-07-14 02:34 . 2011-12-31 05:54 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-20 05:43 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2011-06-21 23:17 . 2012-01-20 05:05 14482722 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2297261745-2509026556-3228908354-1001-8192.dat
+ 2011-06-21 23:17 . 2012-01-25 15:17 14482722 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2297261745-2509026556-3228908354-1001-8192.dat
+ 2012-01-20 05:45 . 2012-01-20 05:45 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-01-20 06:11 . 2012-01-20 06:11 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-01-20 05:45 . 2012-01-20 05:45 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
+ 2012-01-20 06:18 . 2012-01-20 06:18 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
+ 2012-01-20 05:51 . 2012-01-20 05:51 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
+ 2012-01-20 05:46 . 2012-01-20 05:46 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\70f9f6de6dc9611157ed563bdb4e79a4\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-22 23:53 787744 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchEngineProtection"="c:\program files (x86)\Gamesbar\SearchEngineProtection.exe" [2011-03-03 591248]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files (x86)\The Print Shop 23\Remind.exe [2008-7-16 344064]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACGW&l=0409&m=aspire_m5802/m3802&r=1736061196dg1275w9283i9hj67767
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
FF - ProfilePath - c:\users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\48hsr9sg.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&si=CMqg8duiuK0CFYMEQAodrjEGpQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt020YYus&ptb=zicrx_1Avu_ZGi24DJBLew&ind=2012010511&ptnrS=ZUxpt020YYus&si=CMqg8duiuK0CFYMEQAodrjEGpQ&n=77ecd80f&psa=&st=kwd&searchfor=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-{74D07B99-0FA3-B911-92DF-7573ED80F35B} - c:\users\Janice\AppData\Roaming\Goaci\pyko.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-01-25 09:37:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-25 15:37
ComboFix2.txt 2012-01-20 05:26
ComboFix3.txt 2012-01-09 05:16
ComboFix4.txt 2012-01-07 09:24
ComboFix5.txt 2012-01-25 14:22
.
Pre-Run: 921,890,197,504 bytes free
Post-Run: 921,761,533,952 bytes free
.
- - End Of File - - 0490109B7DBB5DCBF8F89B8F976D3EDC
Upload was successful
 
Hi e28ct17,

Did you need to edit the line after you used F10?

Next, Right click on OTL.exe and chose Run as Administrator to run it
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

dir /s c:\users\Janice\AppData\Roaming\Yfhym /c
dir /s c:\users\Janice\AppData\Roaming\Inuro /c
dir /s c:\users\Janice\AppData\Roaming\Adodn /c 
dir /s c:\users\Janice\AppData\Roaming\Elday /c
dir /s c:\users\Janice\AppData\Roaming\Urubn /c
dir /s c:\users\Janice\AppData\Roaming\Goaci /c
dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c
dir /s c:\users\Janice\AppData\Roaming\Sie /c

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
 
Yes, I edited the line.

Here is the log from OTL

========== SERVICES/DRIVERS ==========
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Yfhym /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Yfhym /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Inuro /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Inuro /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Adodn /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Adodn /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Elday /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Elday /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Urubn /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Urubn /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Goaci /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Goaci /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Sie /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Sie /c not found.

OTL by OldTimer - Version 3.2.31.0 log created on 01252012_232834
 
Hi e28ct17,

Thanks for the info.

Sorry I made a mistake in that las script. Please run OTL the same way with this script.

Next, Right click on OTL.exe and chose Run as Administrator to run it
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

:files
dir /s c:\users\Janice\AppData\Roaming\Yfhym /c
dir /s c:\users\Janice\AppData\Roaming\Inuro /c
dir /s c:\users\Janice\AppData\Roaming\Adodn /c 
dir /s c:\users\Janice\AppData\Roaming\Elday /c
dir /s c:\users\Janice\AppData\Roaming\Urubn /c
dir /s c:\users\Janice\AppData\Roaming\Goaci /c
dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c
dir /s c:\users\Janice\AppData\Roaming\Sie /c

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
 
Things seem to be running a bit better, however is get re-directed on google.

========== SERVICES/DRIVERS ==========
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Yfhym /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Yfhym /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Inuro /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Inuro /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Adodn /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Adodn /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Elday /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Elday /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Urubn /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Urubn /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Goaci /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Goaci /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c not found.
Error: No service named dir /s c:\users\Janice\AppData\Roaming\Sie /c was found to stop!
Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Sie /c not found.

OTL by OldTimer - Version 3.2.31.0 log created on 01262012_193118
 
Hi e28ct17,

Was this machine always Windows7 or was it upgraded from a different version of windows?

Seems to be a bit of discrepancy in a couple of the logs. I'd like to confirm something before we procede. Could I get you to repeat some instructions for me?

On the sick computer

Please make this screenshot:

Click Start > Control Panel > System and Security > Adminstrator Tools > Computer Mangement
  • When Computer Management opens double click on disk management
  • make sure the pane is expanded wide enough to show all partitions
  • Take a screenshot by pressing the alt and print screen keys at the same time
  • open an editor such as Paint
  • right click in the white panel and click paste
  • save the image as a .jpg or .png
  • name it new.jpg or new.png
  • attach it to your next reply
 
Hi e28ct17,

Let's see if we can get rid of the redirects. We will be using xPUD again. In all likelyhood you will need to use the F10 method again when restarting the computer after exiting xPUD. There will also be some addition instructions at the end to ensure we get all elements of this infection. Please read through this before starting. ask any questions you have for clarification.

  • Download tdl_fix.sh and save it to the flash drive you where using.
  • Make sure the flash drive is attached to the sick computer.
  • Boot into xPUD with the CD then click the File tab.
  • Press File
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1 ?)
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type bash tdl_fix.sh then press Enter

    (note there is a space after bash and that is an underscore after tdl)
  • Read the warning then type y and press Enter to continue.
  • Type sda then press Enter when prompted.
  • You will be shown a list of partitions to choose marking active.
  • Type 1 then press Enter.
  • If you are presented with a warning about no bootloader files, type n then press Enter to choose another. If this happens, please post back for further instructions. Just leave the computer running if you wish and use your other one to post.
  • If you receive no warning about bootloader files but are presented with another view of the partition structure and asked if it looks correct, type y then press Enter.
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows.

When restarting the computer:
  • while the computer is rebooting press the F10 to bring up 'Edit Boot Options' screen. (if it's pressed too early you might get the bios screen instead. )
  • Refer to the screenshot you used earlier as a reference to what you should see (post 26)
  • If it says /minint or int/min after /NOEXECUTE=OPTIN,

    hit the Backspace key until that entry reads:

    /NOEXECUTE=OPTIN
  • hit enter

Once the computer has booted into Windows:

:
  • click start
  • type cmd into the search box
  • right click on cmd that appears at the top and click Run as adminstrator
  • type bcdedit /enum all >%userprofile%\desktop\log.log

    (note: there is a space after bcdedit, a space after enum and one after all)
  • hit enter
When it's finished a notepad named log.log will be on the desktop.

Post the contents of the tdl_fix.txt file that was created on your flash drive and the contents of log.log in your next reply.

Please let me know how the computer is behaving.

Extra Note - in the event the computer will not boot to windows or asks if you want to do a Factory Restore. Stop

Boot the computer with the xPUD CD and run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.
This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.
This is a backup of the original mbr and will restore it to it's current state.
 
Hi e28ct17m

Ok select 2 this time. There is a bit of a anomaly on this computer so hopefully this will be the one.
 
Last edited:
When I went back to my computer the terminal window was gone. I tried to reboot and got the same message I got before

[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
[6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
giving up.
xinit: No such file or directory (errno 2): unable to connect to X server
xinit: No such process (errno 3): Server error.
xauth: (argu):1: bad display name "(none):0" in "remove" command
sh: no job control in this shell
sh-4.0#

I then followed your previous instructions and took the disk out and rebooted and hit F10. I removed "int/min" and booted fine into windows. I put disk back into computer and rebooted. When xPUD booted I chose English and then got the above message again. Hope I didn't do too much on my own and mess up. :hair:
 
Status
Not open for further replies.
Back
Top