TechSpot

Virus - can't install Malwarebytes - access is denied

Solved
By Denio
Jan 23, 2012
  1. I have issue similar to this one :http://www.techspot.com/vb/topic163660.html
    The PC has conracted a virus, and also I cant install any program that is related to virus cleaning. Please help me.
    Coming in a short while please wait :) my computer is very slow becouse of the virus :(
     
  2. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    What about GMER?

    You're running two AV programs, AVG and MSE.
    One of them has to go.
    If AVG use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities
     
  3. Denio

    Denio TS Rookie Topic Starter Posts: 48

    AVG remover runed and i think it didnt do any thing :(

    one question should I scan all partitions or just c with gmer ?

    the new DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Kolacek at 0:49:16 on 2012-01-24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.388 [GMT 1:00]
    .
    AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [DWPersistentQueuedReporting] c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE -a
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [kX Mixer] c:\program files\kx audio driver\3550\kxmixer.exe --startup
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{AC541501-9314-4A2E-930E-E250381D8E13} : DhcpNameServer = 192.168.1.1
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\kolacek\application data\mozilla\firefox\profiles\ccqremnb.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(2).dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl3691d71a;MpKsl3691d71a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d149a01-0aec-45de-b7d0-e505abeb58e0}\MpKsl3691d71a.sys [2012-1-24 29904]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2011-5-16 130384]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-23 652872]
    R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ovislink\common\RalinkRegistryWriter.exe [2011-7-16 69632]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-23 20464]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-24 40776]
    S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2011-5-15 9472]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-21 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-21 136176]
    S3 rt2870;Airlive WN-300USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-7-16 619136]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2011-5-15 14848]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2011-5-16 753504]
    .
    =============== Created Last 30 ================
    .
    2012-01-23 23:46:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-01-23 23:46:38 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d149a01-0aec-45de-b7d0-e505abeb58e0}\MpKsl3691d71a.sys
    2012-01-23 22:35:56 -------- d-----w- c:\documents and settings\kolacek\application data\Malwarebytes
    2012-01-23 22:35:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-01-23 22:34:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-23 22:34:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-23 22:29:41 -------- d-----w- C:\ComboFix
    2012-01-23 21:56:20 -------- d-----w- C:\_OTL
    2012-01-23 20:01:09 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d149a01-0aec-45de-b7d0-e505abeb58e0}\mpengine.dll
    2012-01-23 19:56:13 -------- d-----w- c:\program files\Microsoft Security Client
    2012-01-23 19:17:48 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
    2012-01-23 19:17:48 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-01-23 19:15:48 -------- d-sha-r- C:\cmdcons
    2012-01-23 19:12:44 98816 ----a-w- c:\windows\sed.exe
    2012-01-23 19:12:44 518144 ----a-w- c:\windows\SWREG.exe
    2012-01-23 19:12:44 256000 ----a-w- c:\windows\PEV.exe
    2012-01-23 19:12:44 208896 ----a-w- c:\windows\MBR.exe
    2012-01-23 18:34:41 222080 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-23 18:14:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-01-23 18:14:30 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-23 17:57:05 -------- d-----w- c:\program files\Pontifex II
    2012-01-23 17:31:01 -------- d-----w- c:\windows\system32\URTTemp
    2012-01-23 17:30:26 -------- d-----w- c:\windows\ie8updates
    2012-01-23 09:00:03 -------- d-----w- c:\program files\Memory Washer
    2012-01-23 08:59:58 -------- d-----w- c:\program files\SpeedFan
    2012-01-23 07:20:05 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2012-01-23 07:20:02 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2012-01-23 07:20:02 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2012-01-23 18:18:20 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-10-28 05:31:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    .
    ============= FINISH: 0:51:38.74 ===============


    And attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/16/2011 11:26:09 PM
    System Uptime: 1/24/2012 12:41:35 AM (0 hours ago)
    .
    Motherboard: | | SiS-650
    Processor: Intel(R) Celeron(R) CPU 2.00GHz | Socket 478 | 2004/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 28 GiB total, 17.16 GiB free.
    D: is FIXED (NTFS) - 233 GiB total, 46.725 GiB free.
    E: is FIXED (NTFS) - 86 GiB total, 47.743 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP109: 11/7/2011 4:44:02 PM - System Checkpoint
    RP110: 11/8/2011 9:01:30 PM - System Checkpoint
    RP111: 11/10/2011 7:15:49 PM - System Checkpoint
    RP112: 11/17/2011 5:05:58 PM - System Checkpoint
    RP113: 11/18/2011 5:45:59 PM - System Checkpoint
    RP114: 11/20/2011 3:35:09 PM - System Checkpoint
    RP115: 11/22/2011 3:57:26 PM - System Checkpoint
    RP116: 11/23/2011 5:03:06 PM - System Checkpoint
    RP117: 11/25/2011 2:38:47 PM - System Checkpoint
    RP118: 11/26/2011 5:40:29 PM - System Checkpoint
    RP119: 11/28/2011 3:52:03 PM - System Checkpoint
    RP120: 11/29/2011 3:57:02 PM - System Checkpoint
    RP121: 11/30/2011 4:24:04 PM - System Checkpoint
    RP122: 12/1/2011 6:43:40 PM - System Checkpoint
    RP123: 12/2/2011 8:12:47 PM - System Checkpoint
    RP124: 12/4/2011 10:22:00 AM - System Checkpoint
    RP125: 12/5/2011 3:43:34 PM - System Checkpoint
    RP126: 12/6/2011 3:58:24 PM - System Checkpoint
    RP127: 12/7/2011 5:35:26 PM - System Checkpoint
    RP128: 12/8/2011 7:56:42 PM - System Checkpoint
    RP129: 12/10/2011 7:28:08 PM - System Checkpoint
    RP130: 12/15/2011 5:30:15 PM - System Checkpoint
    RP131: 12/17/2011 6:14:25 PM - System Checkpoint
    RP132: 12/19/2011 4:47:22 PM - System Checkpoint
    RP133: 12/20/2011 6:10:39 PM - System Checkpoint
    RP134: 12/21/2011 6:46:02 PM - System Checkpoint
    RP135: 12/23/2011 3:44:45 PM - System Checkpoint
    RP136: 12/25/2011 12:24:34 PM - System Checkpoint
    RP137: 12/26/2011 3:57:16 PM - System Checkpoint
    RP138: 12/28/2011 3:46:04 PM - System Checkpoint
    RP139: 12/29/2011 3:49:42 PM - System Checkpoint
    RP140: 12/30/2011 6:11:29 PM - System Checkpoint
    RP141: 1/1/2012 2:29:05 PM - System Checkpoint
    RP142: 1/9/2012 4:13:49 PM - System Checkpoint
    RP143: 1/10/2012 4:28:51 PM - System Checkpoint
    RP144: 1/13/2012 7:09:37 PM - System Checkpoint
    RP145: 1/14/2012 8:38:34 PM - System Checkpoint
    RP146: 1/16/2012 3:59:51 PM - System Checkpoint
    RP147: 1/17/2012 4:33:35 PM - System Checkpoint
    RP148: 1/19/2012 4:24:02 PM - System Checkpoint
    RP149: 1/21/2012 7:51:01 PM - System Checkpoint
    RP150: 1/22/2012 10:57:02 PM - System Checkpoint
    RP151: 1/23/2012 5:58:06 PM - Software Distribution Service 3.0
    RP152: 1/23/2012 6:04:23 PM - Software Distribution Service 3.0
    RP153: 1/23/2012 6:52:14 PM - Removed AirLive WN-300USB Wireless LAN Card
    RP154: 1/23/2012 6:56:36 PM - Restore Operation
    RP155: 1/23/2012 7:34:38 PM - Software Distribution Service 3.0
    RP156: 1/23/2012 8:42:07 PM - Software Distribution Service 3.0
    RP157: 1/23/2012 9:00:38 PM - Software Distribution Service 3.0
    RP158: 1/23/2012 9:33:57 PM - OTL Restore Point - 1/23/2012 9:33:45 PM
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.5
    BS.Player PRO
    Cheat Engine 5.3
    Driver Genius Professional Edition 2007
    DriverMax 5
    Google Chrome
    Google Update Helper
    Hard Disk Sentinel
    HDD Regenerator
    Java(TM) 6 Update 24
    K-Lite Codec Pack 4.7.5 (Full)
    Malwarebytes Anti-Malware version 1.60.0.1800
    Marsu-Fix
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSXML 4.0 SP3 Parser (KB973685)
    Norton PartitionMagic
    Norton PartitionMagic 8.0
    NVIDIA Control Panel 266.58
    NVIDIA Graphics Driver 266.58
    NVIDIA Install Application
    NVIDIA nView 135.50
    NVIDIA nView Desktop Manager
    Ovislink AirLive 300USB
    Pontifex II
    Realtek AC'97 Audio
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2633171)
    SiSoftware Sandra Professional Home XI.SP1a (Win64/32/CE)
    Sound Blaster Live!
    Update for Windows XP (KB2541763)
    Weather Watcher Live
    WebFldrs XP
    Winamp
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/24/2012 12:34:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgfws service.
    1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2597098).
    1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2646524).
    1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2639417).
    1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2631813).
    1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2598479).
    1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2564958).
    1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2544893).
    1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Silverlight (KB2617986).
    1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office 2003 (KB2584052).
    1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073).
    1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Windows Malicious Software Removal Tool - December 2011 (KB890830).
    1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows XP (KB2641690).
    1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Office File Validation 2010 (KB2553065), 32-bit Edition.
    1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2624667).
    1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2592799).
    1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2570947).
    1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2657424).
    1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2656352).
    1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
    1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2618444).
    1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).
    1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows XP (KB2633952).
    1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2596520).
    1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2619339).
    1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2603381).
    1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office Publisher 2003 (KB2553084).
    1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office Excel 2003 (KB2596954).
    1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2572078).
    1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for ActiveX Killbits for Windows XP (KB2618451).
    1/23/2012 8:11:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm
    1/23/2012 8:10:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/23/2012 8:08:11 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
    1/23/2012 8:07:50 PM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
    1/23/2012 8:05:53 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/23/2012 8:05:48 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/23/2012 8:04:21 PM, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 1 time(s).
    1/23/2012 7:16:27 PM, error: SR [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'netbt.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    1/23/2012 6:00:30 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.
    1/23/2012 6:00:21 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    1/23/2012 2:11:23 PM, error: System Error [1003] - Error code 1000008e, parameter1 80000002, parameter2 80648b1f, parameter3 b73f2428, parameter4 00000000.
    1/23/2012 2:11:09 PM, error: System Error [1003] - Error code 1000008e, parameter1 80000002, parameter2 80648b1f, parameter3 b7496428, parameter4 00000000.
    1/23/2012 12:19:53 PM, error: Dhcp [1002] - The IP address lease 188.2.74.233 for the Network Card with network address 00016C27F6B0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    1/23/2012 10:02:43 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: giveio speedfan
    1/22/2012 8:56:09 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    1/21/2012 7:04:09 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The system cannot find the path specified. .
    1/21/2012 7:04:09 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Normal Tanks\Normal Tanks.exe. Reference error message: The operation completed successfully. .
    1/20/2012 6:02:33 PM, error: Service Control Manager [7000] - The Creative Service for CDROM Access service failed to start due to the following error: The system cannot find the file specified.
    1/20/2012 6:02:33 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    C only.
     
  5. Denio

    Denio TS Rookie Topic Starter Posts: 48

    Gmer :)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-24 10:52:47
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6Y120P0 rev.YAR41BW0
    Running: xxyi4ph9.exe; Driver: C:\DOCUME~1\Kolacek\LOCALS~1\Temp\uxtdapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT spqj.sys ZwCreateKey [0xF76CE0E0]
    SSDT spqj.sys ZwEnumerateKey [0xF76ECCA2]
    SSDT spqj.sys ZwEnumerateValueKey [0xF76ED030]
    SSDT spqj.sys ZwOpenKey [0xF76CE0C0]
    SSDT spqj.sys ZwQueryKey [0xF76ED108]
    SSDT spqj.sys ZwQueryValueKey [0xF76ECF88]
    SSDT spqj.sys ZwSetValueKey [0xF76ED19A]

    INT 0x3B ? 870BDBF8
    INT 0x3E ? 8736BBF8
    INT 0x3F ? 8736BBF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spqj.sys The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6B323A0, 0x5FE082, 0xE8000020]
    .text USBPORT.SYS!DllUnload F6B018EC 5 Bytes JMP 870BD1D8
    .text aooasj44.SYS F6974386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text aooasj44.SYS F69743AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text aooasj44.SYS F69743C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text aooasj44.SYS F69743C9 1 Byte [2E]
    .text aooasj44.SYS F69743C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
    .text ...

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 873DC2D8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76FFC4C] spqj.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76FFCA0] spqj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76CF040] spqj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76CF13C] spqj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76CF0BE] spqj.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76CF7FC] spqj.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76CF6D2] spqj.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 870BD2D8
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!swprintf] C1815753
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeSetEvent] 00002590
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeCancelTimer] 43881855
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!sprintf] 7E8D503F
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B9E85728
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ZwClose] E0835200
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoStartTimer] 06468A00
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInitializeTimer] 8306E8C0
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ZwCreateKey] 52500000
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeSetTimer] E85350F8
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!_allmul] FFFFF848
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!_except_handler3] BE7875C0
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!PoSetPowerState] 00000008
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!_aulldiv] 838D0000
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!strstr] 00001A8C
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!_strupr] E850006A
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeTickCount] 808B8D00
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!memmove] 83FFFF68
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KfRaiseIrql] 8B000000
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KfLowerIrql] 56C35DE5
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
    IAT \SystemRoot\System32\Drivers\aooasj44.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76DF048] spqj.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8736A1F8
    Device \Driver\usbohci \Device\USBPDO-0 870BC1F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 873DA1F8
    Device \Driver\dmio \Device\DmControl\DmConfig 873DA1F8
    Device \Driver\dmio \Device\DmControl\DmPnP 873DA1F8
    Device \Driver\dmio \Device\DmControl\DmInfo 873DA1F8
    Device \Driver\usbohci \Device\USBPDO-1 870BC1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8736C1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{AC541501-9314-4A2E-930E-E250381D8E13} 8681D1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8736C1F8
    Device \Driver\Cdrom \Device\CdRom0 86354500
    Device \Driver\atapi \Device\Ide\IdePort0 [F7622B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7622B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7622B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7622B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Ftdisk \Device\HarddiskVolume3 8736C1F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8681D1F8
    Device \Driver\NetBT \Device\NetbiosSmb 8681D1F8
    Device \Driver\PCI_PNP5616 \Device\0000004e spqj.sys
    Device \Driver\PCI_PNP5616 \Device\0000004e spqj.sys
    Device \Driver\usbohci \Device\USBFDO-0 870BC1F8
    Device \Driver\usbohci \Device\USBFDO-1 870BC1F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85EE51F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 85EE51F8
    Device \Driver\sptd \Device\898747632 spqj.sys
    Device \Driver\Ftdisk \Device\FtControl 8736C1F8
    Device \Driver\aooasj44 \Device\Scsi\aooasj441 870931F8
    Device \Driver\aooasj44 \Device\Scsi\aooasj441Port2Path0Target0Lun0 870931F8
    Device \FileSystem\Cdfs \Cdfs 85ECC500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x80 0x80 0x24 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x02 0x40 0x7C ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0x06 0xC3 0x63 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x80 0x80 0x24 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x02 0x40 0x7C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x84 0x97 0x95 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x80 0x80 0x24 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x02 0x40 0x7C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x84 0x97 0x95 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

    ---- EOF - GMER 1.0.15 ----






    MBAM

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.23.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Kolacek :: DENIO [administrator]

    Protection: Enabled

    1/24/2012 10:53:05
    mbam-log-2012-01-24 (10-53-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 174397
    Time elapsed: 25 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  6. Denio

    Denio TS Rookie Topic Starter Posts: 48

    The CPU is allways on 100%

    [HJT log removed by Broni]

    It says I have AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} but i dont... i removed MSE si is that ok ?? please answer...
     
  7. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    No.
    Please observe my rules.
    Do not do anything else but follow my instructions.
    I didn't ask for HJT log, I didn't ask for uninstalling MSE.
    AVG listings are just leftovers.
    We'll take care of it later.

    Reinstall MSE.

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  8. Denio

    Denio TS Rookie Topic Starter Posts: 48

    Here

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    114 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  9. Denio

    Denio TS Rookie Topic Starter Posts: 48

    2

    aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-24 19:03:06
    -----------------------------
    19:03:06.189 OS Version: Windows 5.1.2600 Service Pack 3
    19:03:06.189 Number of processors: 1 586 0x207
    19:03:06.189 ComputerName: DENIO UserName:
    19:03:07.571 Initialze error C000010E - driver not loaded
    19:03:30.023 AVAST engine defs: 12012400
    19:03:32.677 Service scanning
    19:03:34.069 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    19:03:34.760 Modules scanning
    19:03:34.780 Disk 0 trace - called modules:
    19:03:34.780
    19:03:35.211 AVAST engine scan C:\WINDOWS
    19:03:52.315 AVAST engine scan C:\WINDOWS\system32
    19:12:03.462 AVAST engine scan C:\WINDOWS\system32\drivers
    19:12:43.659 AVAST engine scan C:\Documents and Settings\Kolacek
    19:19:00.792 AVAST engine scan C:\Documents and Settings\All Users
    19:19:40.018 Scan finished successfully
    19:25:57.881 The log file has been saved successfully to "D:\My Documents\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. Denio

    Denio TS Rookie Topic Starter Posts: 48

    log.txt

    ComboFix 12-01-23.02 - Kolacek 01/24/2012 20:05:26.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.568 [GMT 1:00]
    Running from: c:\documents and settings\Kolacek\Desktop\ComboFix.exe
    AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\usbehci.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-24 17:39 . 2012-01-05 19:19 6557240 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D432E16D-B0CD-4C33-816D-690E719B8F61}\mpengine.dll
    2012-01-24 17:34 . 2012-01-24 17:35 -------- d-----w- c:\program files\Microsoft Security Client
    2012-01-24 14:00 . 2012-01-24 14:00 -------- d-----w- c:\program files\MSECache
    2012-01-24 12:11 . 2012-01-24 12:11 388096 ----a-r- c:\documents and settings\Kolacek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-24 12:11 . 2012-01-24 12:11 -------- d-----w- c:\program files\Trend Micro
    2012-01-24 10:29 . 2012-01-24 10:29 -------- d-----w- c:\program files\Uniblue
    2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\Kolacek\Application Data\Malwarebytes
    2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-23 22:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-23 22:34 . 2012-01-23 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-23 21:56 . 2012-01-23 21:56 -------- d-----w- C:\_OTL
    2012-01-23 20:51 . 2012-01-23 20:51 -------- d-----w- c:\windows\Sun
    2012-01-23 19:17 . 2008-04-14 14:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
    2012-01-23 19:17 . 2008-04-14 14:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-01-23 19:10 . 2012-01-23 19:10 -------- d-----w- c:\documents and settings\Administrator
    2012-01-23 18:34 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-23 18:14 . 2012-01-23 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-23 17:57 . 2012-01-23 17:57 -------- d-----w- c:\program files\Pontifex II
    2012-01-23 17:31 . 2012-01-24 04:21 -------- d-----w- c:\windows\system32\URTTemp
    2012-01-23 17:30 . 2012-01-23 17:30 -------- d-----w- c:\windows\ie8updates
    2012-01-23 09:00 . 2012-01-23 18:00 -------- d-----w- c:\program files\Memory Washer
    2012-01-23 08:59 . 2012-01-23 18:00 -------- d-----w- c:\program files\SpeedFan
    2012-01-23 07:22 . 2011-11-04 19:19 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2012-01-23 07:22 . 2011-11-04 19:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2012-01-23 07:21 . 2011-11-04 19:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2012-01-23 07:21 . 2011-11-04 19:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2012-01-23 07:21 . 2011-11-04 19:19 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2012-01-23 07:21 . 2011-11-04 19:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2012-01-23 07:20 . 2011-10-25 13:38 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2012-01-23 07:20 . 2011-10-25 13:34 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2012-01-23 07:20 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-23 18:18 . 2011-08-17 19:51 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-25 21:56 . 2011-05-15 22:13 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:29 . 2011-05-15 22:13 1868544 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2011-05-15 22:36 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-04 19:19 . 2011-05-15 22:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:19 . 2011-05-15 22:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 19:19 . 2011-05-15 22:20 919552 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 15:27 . 2011-05-15 22:11 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-03 15:27 . 2011-05-15 22:06 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-01 16:05 . 2011-05-15 22:08 1289216 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2011-05-15 22:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-21 07:24 . 2012-01-23 20:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-23_19.36.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-24 02:41 . 2012-01-24 02:41 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
    - 2011-05-16 20:53 . 2011-05-16 20:53 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
    + 2012-01-24 04:17 . 2003-02-20 18:09 77824 c:\windows\system32\URTTemp\mscorsn.dll
    - 2011-05-15 22:26 . 2011-03-22 14:47 46080 c:\windows\system32\tzchange.exe
    + 2011-05-15 22:26 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
    + 2011-06-29 09:02 . 2011-08-12 12:51 17272 c:\windows\system32\spmsg.dll
    - 2011-06-29 09:02 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
    + 2011-05-15 22:35 . 2012-01-24 04:52 93802 c:\windows\system32\perfc009.dat
    + 2011-05-15 22:36 . 2011-09-26 10:41 20480 c:\windows\system32\oleaccrc.dll
    - 2011-05-15 22:36 . 2009-10-08 15:56 20480 c:\windows\system32\oleaccrc.dll
    - 2011-05-15 22:39 . 2011-02-23 01:27 66560 c:\windows\system32\mshtmled.dll
    + 2011-05-15 22:39 . 2011-11-04 19:19 66560 c:\windows\system32\mshtmled.dll
    - 2011-05-15 22:38 . 2011-02-23 01:27 55296 c:\windows\system32\msfeedsbs.dll
    + 2011-05-15 22:38 . 2011-11-04 19:19 55296 c:\windows\system32\msfeedsbs.dll
    + 2011-05-15 22:10 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
    - 2011-05-15 22:10 . 2008-04-14 14:00 23040 c:\windows\system32\mciseq.dll
    - 2011-05-15 22:20 . 2011-02-23 01:27 25600 c:\windows\system32\jsproxy.dll
    + 2011-05-15 22:20 . 2011-11-04 19:19 25600 c:\windows\system32\jsproxy.dll
    + 2011-05-15 22:36 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
    + 2011-05-15 22:36 . 2011-09-26 10:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
    - 2011-05-15 22:36 . 2009-10-08 15:56 20480 c:\windows\system32\dllcache\oleaccrc.dll
    + 2011-05-15 22:39 . 2011-11-04 19:19 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2011-05-15 22:39 . 2011-02-23 01:27 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2011-05-15 22:10 . 2008-04-14 14:00 23040 c:\windows\system32\dllcache\mciseq.dll
    + 2011-05-15 22:10 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
    - 2011-05-15 22:32 . 2011-02-23 01:27 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2011-05-15 22:32 . 2011-11-04 19:19 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2011-05-15 22:20 . 2011-02-23 01:27 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2011-05-15 22:20 . 2011-11-04 19:19 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2011-05-15 22:15 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2011-05-15 22:15 . 2010-12-09 16:29 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2011-12-26 02:54 . 2011-12-26 02:54 15120 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
    - 2011-07-09 08:30 . 2011-02-10 02:10 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
    + 2011-07-09 08:30 . 2011-07-09 08:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
    + 2011-12-26 02:54 . 2011-12-26 02:54 33552 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
    + 2011-12-25 02:49 . 2011-12-25 02:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2009-06-24 18:56 . 2009-06-24 18:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
    + 2011-12-25 10:07 . 2011-12-25 10:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    - 2011-12-25 10:07 . 2010-09-23 13:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    - 2011-12-24 21:55 . 2010-09-23 00:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2011-12-24 21:55 . 2011-12-24 21:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2011-12-24 21:55 . 2010-09-23 00:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2011-12-24 21:55 . 2011-12-24 21:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2011-12-24 21:55 . 2011-12-24 21:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2011-12-24 21:55 . 2010-09-23 00:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2011-12-24 22:49 . 2011-12-24 22:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2011-12-24 22:49 . 2010-09-24 11:59 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2011-12-24 22:49 . 2011-12-24 22:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    - 2011-12-24 22:49 . 2010-09-24 11:59 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
    + 2012-01-24 02:42 . 2012-01-24 02:42 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
    + 2012-01-24 02:42 . 2012-01-24 02:42 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
    - 2011-05-16 20:53 . 2011-05-16 20:53 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-01-24 03:03 . 2012-01-24 03:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-01-24 14:02 . 2012-01-24 14:02 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2011-05-18 11:34 . 2011-05-18 11:34 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2011-05-18 11:34 . 2012-01-24 05:15 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
    + 2012-01-24 04:14 . 2011-02-22 23:27 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
    + 2012-01-24 04:14 . 2011-02-23 01:27 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
    + 2012-01-24 04:14 . 2011-02-23 01:27 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
    + 2012-01-24 04:14 . 2011-02-23 01:27 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
    + 2012-01-24 04:14 . 2011-02-23 01:27 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
    + 2012-01-24 04:22 . 2012-01-24 04:22 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_bdcffc60\System.Drawing.Design.dll
    + 2012-01-24 04:22 . 2012-01-24 04:22 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e349a27d\CustomMarshalers.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\22e2167cc0343ffcf33c139d643f7319\UIAutomationProvider.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\cea6ce1b15885902c1a5d9ff3c135d7d\System.Xaml.Hosting.ni.dll
    + 2012-01-24 06:01 . 2012-01-24 06:01 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\1db25513a3c540836f7c9444e5ad858c\System.Windows.Presentation.ni.dll
    + 2012-01-24 06:00 . 2012-01-24 06:00 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\28a1e3505d3fe73d6e3a2e14341f651d\System.Web.Routing.ni.dll
    + 2012-01-24 05:59 . 2012-01-24 05:59 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\814e0eda94597dbaf64a2bad553b72fe\System.Web.DynamicData.Design.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\cdf66ea0ea10bda097e1c3cf98f5488b\System.Web.ApplicationServices.ni.dll
    + 2012-01-24 05:59 . 2012-01-24 05:59 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\fd3d9b91300ec5dabc339d8d27b0734b\System.Web.Abstractions.ni.dll
    + 2012-01-24 05:58 . 2012-01-24 05:58 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f2a1e73f7b5f7a20164a6ebe7c55b233\System.ServiceModel.Channels.ni.dll
    + 2012-01-24 05:58 . 2012-01-24 05:58 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\124b7ed8a85adf997a93f1862d977baa\System.ServiceModel.ServiceMoniker40.ni.dll
    + 2012-01-24 05:50 . 2012-01-24 05:50 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\816cff697f09551211adea657a5e0658\System.AddIn.Contract.ni.dll
    + 2012-01-24 03:55 . 2012-01-24 03:55 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\610d21ab06f8a5448cbce3d442535b23\Microsoft.Workflow.Compiler.ni.exe
    + 2012-01-24 03:55 . 2012-01-24 03:55 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\b19086a8b2caf5f19936ad3e15d70d24\Microsoft.VisualC.ni.dll
    + 2012-01-24 03:29 . 2012-01-24 03:29 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\786efeb1c616e8f20fc6aa3a4c66e6b3\Accessibility.ni.dll
    + 2012-01-24 05:43 . 2012-01-24 05:43 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\ee58edbd347cad746f99f53afe180d6b\Microsoft.Build.Framework.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\821d323c572a83ef932f68c5bbba4e2e\Microsoft.Build.Framework.ni.dll
    + 2012-01-24 05:43 . 2012-01-24 05:43 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ef8e2a692d734b1d16571ddcf41150cc\dfsvc.ni.exe
    + 2012-01-24 05:43 . 2012-01-24 05:43 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9ddb246e5a79bbe85837c1a499880f00\Accessibility.ni.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2012-01-24 04:48 . 2012-01-24 04:48 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-05-16 20:33 . 2011-05-16 20:33 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-01-24 04:21 . 2012-01-24 04:21 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2011-05-18 09:03 . 2011-05-18 11:37 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2012-01-24 03:30 . 2012-01-24 03:30 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\92f747c6bba467d98e05a60411bae21f\dfsvc.ni.exe
    + 2012-01-24 04:50 . 2012-01-24 04:50 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2012-01-24 04:51 . 2012-01-24 04:51 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-02-25 13:13 . 2009-02-25 13:13 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
    + 2009-02-25 13:13 . 2009-02-25 13:13 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
    + 2009-02-25 13:13 . 2009-02-25 13:13 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
    - 2011-05-15 22:06 . 2008-04-14 14:00 176128 c:\windows\system32\winmm.dll
    + 2011-05-15 22:06 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
    + 2012-01-24 04:17 . 2003-02-21 03:42 348160 c:\windows\system32\URTTemp\msvcr71.dll
    + 2012-01-24 04:17 . 2003-02-20 18:06 155648 c:\windows\system32\URTTemp\mscoree.dll
    + 2012-01-24 04:17 . 2003-02-20 18:06 282624 c:\windows\system32\URTTemp\fusion.dll
    - 2011-05-15 22:04 . 2009-03-08 05:34 105984 c:\windows\system32\url.dll
    + 2011-05-15 22:04 . 2011-11-04 19:19 105984 c:\windows\system32\url.dll
    + 2011-05-15 22:39 . 2011-09-26 10:41 611328 c:\windows\system32\uiautomationcore.dll
    - 2011-05-15 22:39 . 2009-10-08 15:57 611328 c:\windows\system32\uiautomationcore.dll
    + 2011-05-15 22:35 . 2012-01-24 04:52 519104 c:\windows\system32\perfh009.dat
    + 2011-05-15 22:11 . 2011-09-26 10:41 220160 c:\windows\system32\oleacc.dll
    - 2011-05-15 22:11 . 2009-10-08 15:57 220160 c:\windows\system32\oleacc.dll
    - 2011-05-15 22:19 . 2011-02-23 01:27 206848 c:\windows\system32\occache.dll
    + 2011-05-15 22:19 . 2011-11-04 19:19 206848 c:\windows\system32\occache.dll
     
     
  12. Denio

    Denio TS Rookie Topic Starter Posts: 48

    log2.txt

    + 2011-05-15 22:11 . 2011-11-04 19:19 611840 c:\windows\system32\mstime.dll
    - 2011-05-15 22:11 . 2011-02-23 01:27 611840 c:\windows\system32\mstime.dll
    + 2011-05-15 22:17 . 2011-11-04 19:19 602112 c:\windows\system32\msfeeds.dll
    - 2011-05-15 22:17 . 2011-02-23 01:27 602112 c:\windows\system32\msfeeds.dll
    - 2011-05-16 21:10 . 2011-03-07 05:31 692736 c:\windows\system32\inetcomm.dll
    + 2011-05-16 21:10 . 2011-10-10 14:21 692736 c:\windows\system32\inetcomm.dll
    - 2011-05-15 22:21 . 2011-02-23 01:27 184320 c:\windows\system32\iepeers.dll
    + 2011-05-15 22:21 . 2011-11-04 19:19 184320 c:\windows\system32\iepeers.dll
    + 2011-05-15 22:32 . 2011-11-04 19:19 387584 c:\windows\system32\iedkcs32.dll
    - 2011-05-15 22:32 . 2011-02-23 01:27 387584 c:\windows\system32\iedkcs32.dll
    + 2011-05-15 22:31 . 2011-10-25 12:01 174080 c:\windows\system32\ie4uinit.exe
    - 2011-05-16 22:11 . 2012-01-23 18:15 191384 c:\windows\system32\FNTCACHE.DAT
    + 2011-05-16 22:11 . 2012-01-24 05:37 191384 c:\windows\system32\FNTCACHE.DAT
    + 2011-05-15 22:14 . 2011-10-18 11:12 186880 c:\windows\system32\encdec.dll
    - 2011-05-15 22:14 . 2011-02-09 15:52 186880 c:\windows\system32\encdec.dll
    + 2011-04-18 12:18 . 2011-04-18 12:18 165648 c:\windows\system32\drivers\MpFilter.sys
    + 2011-05-15 22:04 . 2011-08-17 13:41 138496 c:\windows\system32\drivers\afd.sys
    - 2011-05-15 22:04 . 2009-09-16 13:41 138496 c:\windows\system32\drivers\afd.sys
    + 2011-05-15 22:13 . 2011-11-25 21:56 293376 c:\windows\system32\dllcache\winsrv.dll
    - 2011-05-15 22:13 . 2010-06-18 19:43 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2011-05-15 22:06 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
    - 2011-05-15 22:06 . 2008-04-14 14:00 176128 c:\windows\system32\dllcache\winmm.dll
    - 2011-05-15 22:20 . 2011-02-23 01:27 919552 c:\windows\system32\dllcache\wininet.dll
    + 2011-05-15 22:20 . 2011-11-04 19:19 919552 c:\windows\system32\dllcache\wininet.dll
    - 2011-05-15 22:04 . 2009-03-08 05:34 105984 c:\windows\system32\dllcache\url.dll
    + 2011-05-15 22:04 . 2011-11-04 19:19 105984 c:\windows\system32\dllcache\url.dll
    - 2011-05-15 22:06 . 2008-04-14 14:00 386048 c:\windows\system32\dllcache\qdvd.dll
    + 2011-05-15 22:06 . 2011-11-03 15:27 386048 c:\windows\system32\dllcache\qdvd.dll
    - 2011-05-15 22:11 . 2009-10-08 15:57 220160 c:\windows\system32\dllcache\oleacc.dll
    + 2011-05-15 22:11 . 2011-09-26 10:41 220160 c:\windows\system32\dllcache\oleacc.dll
    + 2011-05-15 22:19 . 2011-11-04 19:19 206848 c:\windows\system32\dllcache\occache.dll
    - 2011-05-15 22:19 . 2011-02-23 01:27 206848 c:\windows\system32\dllcache\occache.dll
    - 2011-05-15 22:11 . 2011-02-23 01:27 611840 c:\windows\system32\dllcache\mstime.dll
    + 2011-05-15 22:11 . 2011-11-04 19:19 611840 c:\windows\system32\dllcache\mstime.dll
    + 2011-05-16 21:10 . 2011-10-10 14:21 692736 c:\windows\system32\dllcache\inetcomm.dll
    - 2011-05-16 21:10 . 2011-03-07 05:31 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2011-05-15 22:21 . 2011-11-04 19:19 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2011-05-15 22:21 . 2011-02-23 01:27 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2011-05-15 22:32 . 2011-02-23 01:27 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2011-05-15 22:32 . 2011-11-04 19:19 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2011-05-15 22:31 . 2011-10-25 12:01 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2011-05-15 22:14 . 2011-10-18 11:12 186880 c:\windows\system32\dllcache\encdec.dll
    - 2011-05-15 22:14 . 2011-02-09 15:52 186880 c:\windows\system32\dllcache\encdec.dll
    - 2011-05-15 22:16 . 2009-03-19 16:22 599552 c:\windows\system32\dllcache\crypt32.dll
    + 2011-05-15 22:16 . 2011-09-28 07:05 599552 c:\windows\system32\dllcache\crypt32.dll
    - 2011-05-15 22:04 . 2009-09-16 13:41 138496 c:\windows\system32\dllcache\afd.sys
    + 2011-05-15 22:04 . 2011-08-17 13:41 138496 c:\windows\system32\dllcache\afd.sys
    - 2011-05-15 22:16 . 2009-03-19 16:22 599552 c:\windows\system32\crypt32.dll
    + 2011-05-15 22:16 . 2011-09-28 07:05 599552 c:\windows\system32\crypt32.dll
    + 2011-12-26 02:54 . 2011-12-26 02:54 496400 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
    + 2011-07-09 08:30 . 2011-07-09 08:30 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
    - 2011-07-09 08:30 . 2011-02-10 02:10 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
    + 2011-12-26 03:39 . 2011-12-26 03:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
    + 2011-07-09 08:30 . 2011-07-09 08:30 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
    + 2011-12-25 02:49 . 2011-12-25 02:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2011-07-07 04:18 . 2011-01-18 02:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2011-07-07 04:18 . 2011-07-07 04:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2011-07-07 04:18 . 2011-07-07 04:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2011-07-07 04:18 . 2011-01-18 02:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2011-12-24 21:55 . 2010-09-23 00:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2011-12-24 21:55 . 2011-12-24 21:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2011-12-24 21:53 . 2010-09-23 00:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2011-12-24 21:53 . 2011-12-24 21:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2011-12-24 22:49 . 2010-09-24 11:59 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2011-12-24 22:49 . 2011-12-24 22:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    + 2012-01-24 02:42 . 2012-01-24 02:42 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
    + 2012-01-24 02:42 . 2012-01-24 02:42 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
    + 2012-01-24 02:42 . 2012-01-24 02:42 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2011-12-25 04:40 . 2011-12-25 04:40 819200 c:\windows\Installer\ea8d75.msp
    + 2012-01-24 14:02 . 2012-01-24 14:02 381440 c:\windows\Installer\b6d95d.msi
    + 2012-01-24 17:35 . 2012-01-24 17:35 785920 c:\windows\Installer\17b3934.msi
    + 2012-01-24 17:35 . 2012-01-24 17:35 483840 c:\windows\Installer\17b392c.msi
    + 2012-01-24 17:35 . 2012-01-24 17:35 301056 c:\windows\Installer\17b3925.msi
    + 2011-05-18 09:03 . 2012-01-24 05:20 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2011-05-18 09:03 . 2011-05-18 11:37 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2011-05-18 09:03 . 2012-01-24 05:20 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
    + 2011-06-06 11:55 . 2011-06-06 11:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
    + 2011-01-14 05:10 . 2011-01-14 05:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
    + 2011-01-14 05:10 . 2011-01-14 05:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
    + 2012-01-24 04:14 . 2011-02-23 01:27 919552 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
    + 2012-01-24 04:14 . 2009-03-08 05:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
    + 2012-01-24 04:14 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
    + 2012-01-24 04:14 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
    + 2012-01-24 04:14 . 2011-02-23 01:27 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
    + 2012-01-24 04:14 . 2011-02-23 01:27 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
    + 2012-01-24 04:14 . 2011-02-23 01:27 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
    + 2012-01-24 04:14 . 2011-02-22 23:27 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
    + 2012-01-24 04:14 . 2011-02-23 01:27 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
    + 2012-01-24 04:14 . 2011-02-22 23:27 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
    + 2012-01-24 04:14 . 2011-02-23 01:27 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
    + 2012-01-24 04:14 . 2011-02-22 14:08 173568 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
    + 2012-01-24 04:24 . 2012-01-24 04:24 839680 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0eeb8e49\System.Drawing.dll
    + 2012-01-24 04:25 . 2012-01-24 04:25 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_48457660\System.Drawing.Design.dll
    + 2012-01-24 04:25 . 2012-01-24 04:25 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_076930b4\CustomMarshalers.dll
    + 2012-01-24 06:02 . 2012-01-24 06:02 399360 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\9664642291c9e6947e80e282f8ad936f\XamlBuildTask.ni.dll
    + 2012-01-24 03:42 . 2012-01-24 03:42 355840 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\91f36a1266605d3ae195da050ba346b7\WsatConfig.ni.exe
    + 2012-01-24 06:02 . 2012-01-24 06:02 246272 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\3837b5762a65500f4625d7d7eeaafec7\WindowsFormsIntegration.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7256f900ecbcc13fcc2016bee355a0a9\UIAutomationTypes.ni.dll
    + 2012-01-24 06:02 . 2012-01-24 06:02 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ac6d7b772cf6adb6cc801a34cf542a94\UIAutomationClient.ni.dll
    + 2012-01-24 04:41 . 2012-01-24 04:41 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\3166f5b3d399907f79b1c1fc5e12466e\System.Xml.Linq.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 188416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0354774f1ef6c5a5abcddd7efd8bc87d\System.Windows.Input.Manipulations.ni.dll
    + 2012-01-24 06:01 . 2012-01-24 06:01 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\fb116e90974a0fc4c64bd720a647de5a\System.Windows.Forms.DataVisualization.Design.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 218624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\7cc3cb571c7c768245bd7cab440cdf91\System.Web.RegularExpressions.ni.dll
    + 2012-01-24 06:00 . 2012-01-24 06:00 860672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\8714143400e6ebf691254e8d2c291a23\System.Web.Extensions.Design.ni.dll
    + 2012-01-24 05:59 . 2012-01-24 05:59 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\85291eb24ab40a23a6bd942c58ea4035\System.Web.Entity.ni.dll
    + 2012-01-24 06:00 . 2012-01-24 06:00 296960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\02132f6d9109c545016db6e48bc53750\System.Web.Entity.Design.ni.dll
    + 2012-01-24 05:59 . 2012-01-24 05:59 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\11a83f56847d2d88fc3800757cd0852e\System.Web.DynamicData.ni.dll
    + 2012-01-24 05:59 . 2012-01-24 05:59 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\b1822e4c5245131c1f2262329591ee85\System.Web.DataVisualization.Design.ni.dll
    + 2012-01-24 05:47 . 2012-01-24 05:47 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\235026f0a845502850cfb33ae7527308\System.Transactions.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\3a6b4997eab9790d3900652765ed1077\System.ServiceProcess.ni.dll
    + 2012-01-24 05:58 . 2012-01-24 05:58 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7cad8e5bf13ea5f715818878b5e96404\System.ServiceModel.Routing.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 425472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\170fe1b3f56962340fe863a3ff078472\System.ServiceModel.Activation.ni.dll
    + 2012-01-24 03:17 . 2012-01-24 03:17 726016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ff4cf675d5ac2c499051972634086a9\System.Security.ni.dll
    + 2012-01-24 03:47 . 2012-01-24 03:47 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\57fc8072288ebd23b420caf6decf35d2\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-01-24 05:47 . 2012-01-24 05:47 770560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\03c0dcb8ebf1b3e288a55e2f661b5a10\System.Runtime.Remoting.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 241664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\1fc5600348d7e1eed880a13757c37587\System.Runtime.Caching.ni.dll
    + 2012-01-24 03:17 . 2012-01-24 03:17 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\24a3c5d98224f2520beba30e52999bef\System.Numerics.ni.dll
    + 2012-01-24 05:58 . 2012-01-24 05:58 652288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\7e059f7c19fdf252565d40e7be4f4d4b\System.Net.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\0e7af058442641e30535c6ffdf94bc20\System.Messaging.ni.dll
    + 2012-01-24 05:58 . 2012-01-24 05:58 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\3a628f36997c6c3f599f6b4030606365\System.Management.Instrumentation.ni.dll
    + 2012-01-24 05:58 . 2012-01-24 05:58 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\fa2a34469e3040db61e12309de553bc7\System.IO.Log.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3c7c1f327f3cd933d0e490a8d7138389\System.IdentityModel.Selectors.ni.dll
    + 2012-01-24 05:47 . 2012-01-24 05:47 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\cf62767314b744e8ae8ed554e2810d0b\System.EnterpriseServices.Wrapper.dll
    + 2012-01-24 05:47 . 2012-01-24 05:47 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\cf62767314b744e8ae8ed554e2810d0b\System.EnterpriseServices.ni.dll
    + 2012-01-24 03:17 . 2012-01-24 03:17 376832 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\080eded167e72615a60acd2118bf460d\System.Dynamic.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 223232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\d5c8056f3ea9fdacaa405e1aea0736b7\System.Drawing.Design.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 468480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9ad6acca957f6c4990dbd2cf7838bc35\System.DirectoryServices.Protocols.ni.dll
    + 2012-01-24 05:58 . 2012-01-24 05:58 913408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\4c2f15666166376535c9dcf5ee9ff06e\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-01-24 05:58 . 2012-01-24 05:58 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\3cfcf1294c9314de02b99761b530a10a\System.Device.ni.dll
    + 2012-01-24 05:58 . 2012-01-24 05:58 501248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\a449b594acf495f839b67a49419ced37\System.Data.Services.Design.ni.dll
     
  13. Denio

    Denio TS Rookie Topic Starter Posts: 48

    3

    + 2012-01-24 05:50 . 2012-01-24 05:50 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\b166d527268774e832107870ea864f21\System.Data.DataSetExtensions.ni.dll
    + 2012-01-24 03:15 . 2012-01-24 03:15 974336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\59e675e55549ff602b0fe723672a6118\System.Configuration.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 147968 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\895f1fbb108fb721a3370a4c707215f1\System.Configuration.Install.ni.dll
    + 2012-01-24 05:50 . 2012-01-24 05:50 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\ee955be04c9a855715b47adfb5ec3eb1\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-01-24 03:19 . 2012-01-24 03:19 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\340852f5314ea19829a0c2f3fc110f78\System.ComponentModel.Composition.ni.dll
    + 2012-01-24 05:50 . 2012-01-24 05:50 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\5c688f3d580bc6284c13ba84dbb0fc96\System.AddIn.ni.dll
    + 2012-01-24 05:49 . 2012-01-24 05:49 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\42dce8c63266b73a24a0ffeabf57cd59\System.Activities.DurableInstancing.ni.dll
    + 2012-01-24 03:42 . 2012-01-24 03:42 317440 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\8621cea6a4dbe59db926a107913f6e2a\SMSvcHost.ni.exe
    + 2012-01-24 05:47 . 2012-01-24 05:47 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0d4c94983ade48449ab00c3faeb5b2d6\SMDiagnostics.ni.dll
    + 2012-01-24 03:25 . 2012-01-24 03:25 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f8323ba6e6dc9f17b3d464d881ecd755\PresentationFramework.Luna.ni.dll
    + 2012-01-24 03:25 . 2012-01-24 03:25 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aecf2b8b073161883e7317043924161b\PresentationFramework.Classic.ni.dll
    + 2012-01-24 03:22 . 2012-01-24 03:22 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5f55f8e72e68974a0d14b5e397a35878\PresentationFramework.Aero.ni.dll
    + 2012-01-24 03:22 . 2012-01-24 03:22 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\0617c21f18d1a637df8730a4fa6e5922\PresentationFramework.Royale.ni.dll
    + 2012-01-24 03:30 . 2012-01-24 03:30 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\693da8e825ef8c1e7df9e7e43872379b\MSBuild.ni.exe
    + 2012-01-24 03:55 . 2012-01-24 03:55 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\397202fed5fe6a0eb268b246cf6b5b1c\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-01-24 03:50 . 2012-01-24 03:50 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\0207a1bdffee2936b2164bff36f8fe2e\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-01-24 03:47 . 2012-01-24 03:47 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\4c9e18cadb51acd910e528fac7a12d7f\Microsoft.Build.Utilities.v4.0.ni.dll
    + 2012-01-24 03:31 . 2012-01-24 03:31 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\215159a55e53f3c477e64ce1eda9bfad\Microsoft.Build.Framework.ni.dll
    + 2012-01-24 03:43 . 2012-01-24 03:43 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\a46404e6aed0165cbb90423a28955938\Microsoft.Build.Conversion.v4.0.ni.dll
    + 2012-01-24 03:42 . 2012-01-24 03:42 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dace95e962d11c1991897933dbbe9ffd\CustomMarshalers.ni.dll
    + 2012-01-24 03:30 . 2012-01-24 03:30 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\a52dd9ab2dea894462a2547ae595d61f\ComSvcConfig.ni.exe
    + 2012-01-24 03:29 . 2012-01-24 03:29 849920 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\b73c586b88617bcbc6409e345909c1b6\AspNetMMCExt.ni.dll
    + 2012-01-24 05:46 . 2012-01-24 05:46 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\9f1da6cc2d020cede28f71910854f36c\System.Web.RegularExpressions.ni.dll
    + 2012-01-24 05:45 . 2012-01-24 05:45 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b859aa773905383eb55c998b1243aaeb\System.Web.Abstractions.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\908a7a37e005c4a7d05c5ca0d99a8f6b\System.Transactions.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\19b930a4bc667660d2ed4780b571bb61\System.ServiceProcess.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\8d33c6ec91acda780596c29b1b0e4ee8\System.Security.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\51315451cee4cef2cae6ceb7f46452a0\System.EnterpriseServices.Wrapper.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\51315451cee4cef2cae6ceb7f46452a0\System.EnterpriseServices.ni.dll
    - 2012-01-23 17:56 . 2012-01-23 17:56 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\351a3929f350c03900d1af77f25bccff\System.Drawing.Design.ni.dll
    + 2012-01-24 05:41 . 2012-01-24 05:41 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\351a3929f350c03900d1af77f25bccff\System.Drawing.Design.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\32c1b0f1ba97a332ff2ba6ecb69fb115\System.DirectoryServices.Protocols.ni.dll
    + 2012-01-24 05:43 . 2012-01-24 05:43 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3b851ac7ec20c53f6bb6b46dad52d9f7\System.Configuration.ni.dll
    + 2012-01-24 05:43 . 2012-01-24 05:43 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2a528d177ee389cfa96dc56a3b625d97\MSBuild.ni.exe
    + 2012-01-24 05:44 . 2012-01-24 05:44 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ba1a3dcecc7dc8980b81c470ff14f541\Microsoft.Build.Utilities.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a098f2a2bc884f1a5f8f08817ec89ead\Microsoft.Build.Engine.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\97c8c3e61afe8ff023aa5a052146d231\CustomMarshalers.ni.dll
    + 2012-01-24 05:43 . 2012-01-24 05:43 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8b173c2f4cc27d3af56a93e7daf98471\AspNetMMCExt.ni.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-01-24 04:48 . 2012-01-24 04:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2012-01-24 04:48 . 2012-01-24 04:48 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2012-01-24 04:51 . 2012-01-24 04:51 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-01-24 04:51 . 2012-01-24 04:51 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2012-01-24 04:51 . 2012-01-24 04:51 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2012-01-24 04:48 . 2012-01-24 04:48 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-05-16 20:35 . 2011-05-16 20:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2012-01-24 04:17 . 2003-02-20 18:08 2482176 c:\windows\system32\URTTemp\mscorwks.dll
    + 2011-05-15 22:10 . 2011-11-04 19:19 1214464 c:\windows\system32\urlmon.dll
    + 2011-05-15 22:36 . 2011-10-25 13:34 2192768 c:\windows\system32\ntoskrnl.exe
    - 2011-05-15 22:36 . 2010-12-09 15:43 2192768 c:\windows\system32\ntoskrnl.exe
    - 2010-12-09 19:39 . 2008-04-14 14:00 2069376 c:\windows\system32\ntkrnlpa.exe
    + 2010-12-09 19:39 . 2011-10-25 17:22 2069376 c:\windows\system32\ntkrnlpa.exe
    + 2011-05-15 22:12 . 2011-11-04 19:19 5978624 c:\windows\system32\mshtml.dll
    + 2011-05-15 22:32 . 2011-11-04 19:19 2001408 c:\windows\system32\iertutil.dll
    + 2011-05-15 22:13 . 2011-11-23 13:29 1868544 c:\windows\system32\dllcache\win32k.sys
    + 2011-05-15 22:10 . 2011-11-04 19:19 1214464 c:\windows\system32\dllcache\urlmon.dll
    + 2011-05-15 22:11 . 2011-11-03 15:27 1292288 c:\windows\system32\dllcache\quartz.dll
    - 2011-05-15 22:11 . 2010-07-14 07:48 1292288 c:\windows\system32\dllcache\quartz.dll
    - 2011-05-15 22:08 . 2010-07-16 14:04 1289216 c:\windows\system32\dllcache\ole32.dll
    + 2011-05-15 22:08 . 2011-11-01 16:05 1289216 c:\windows\system32\dllcache\ole32.dll
    + 2011-10-25 17:22 . 2011-10-25 17:22 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2011-05-15 22:12 . 2011-11-04 19:19 5978624 c:\windows\system32\dllcache\mshtml.dll
    + 2011-12-26 02:54 . 2011-12-26 02:54 1863464 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
    + 2011-12-26 02:54 . 2011-12-26 02:54 5230864 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
    + 2011-07-09 08:30 . 2011-07-09 08:30 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
    + 2011-07-09 08:30 . 2011-07-09 08:30 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
    + 2011-07-09 08:30 . 2011-07-09 08:30 6724424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
    + 2011-12-25 02:50 . 2011-12-25 02:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2011-07-07 04:18 . 2011-07-07 04:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    - 2011-07-07 04:18 . 2011-01-18 02:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2011-07-07 04:18 . 2011-07-07 04:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2011-12-25 10:07 . 2011-12-25 10:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
    + 2011-12-25 10:06 . 2011-12-25 10:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2011-12-25 10:06 . 2010-09-23 13:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2011-12-25 10:06 . 2011-12-25 10:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2011-12-24 21:54 . 2011-12-24 21:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2011-12-24 21:54 . 2010-09-23 00:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2011-12-24 21:53 . 2011-12-24 21:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2011-12-25 10:06 . 2010-09-23 13:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2011-12-25 10:06 . 2011-12-25 10:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
    + 2012-01-24 02:42 . 2012-01-24 02:42 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 1863464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
    + 2012-01-24 02:41 . 2012-01-24 02:41 5230864 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-01-24 03:04 . 2012-01-24 03:04 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-01-24 03:06 . 2012-01-24 03:06 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-01-24 03:03 . 2012-01-24 03:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2011-05-16 20:53 . 2011-05-16 20:53 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2012-01-24 03:05 . 2012-01-24 03:05 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2011-12-06 14:22 . 2011-12-06 14:22 5519360 c:\windows\Installer\ea8dc6.msp
    + 2011-07-21 11:34 . 2011-07-21 11:34 3456000 c:\windows\Installer\ea8d82.msp
    + 2011-12-26 09:00 . 2011-12-26 09:00 2608640 c:\windows\Installer\ea8d54.msp
    + 2011-12-26 08:59 . 2011-12-26 08:59 4368896 c:\windows\Installer\ea8d53.msp
    + 2011-10-29 22:10 . 2011-10-29 22:10 6824960 c:\windows\Installer\80e8d6.msp
    + 2011-09-20 14:36 . 2011-09-20 14:36 5521408 c:\windows\Installer\80e8b2.msp
    + 2011-10-31 11:37 . 2011-10-31 11:37 4146688 c:\windows\Installer\80e89c.msp
    + 2011-12-26 04:06 . 2011-12-26 04:06 5115392 c:\windows\Installer\5a86f.msp
    + 2012-01-24 12:11 . 2012-01-24 12:11 1094656 c:\windows\Installer\537589.msi
    + 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
    + 2011-06-06 11:55 . 2011-06-06 11:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
    + 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
    + 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
    + 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
    + 2011-01-14 05:10 . 2011-01-14 05:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
    + 2011-01-14 05:10 . 2011-01-14 05:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
    + 2011-01-14 05:10 . 2011-01-14 05:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
    + 2012-01-24 04:14 . 2011-02-23 01:27 1212928 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
    + 2012-01-24 04:14 . 2011-02-23 01:27 5964800 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
    + 2012-01-24 04:14 . 2011-02-23 01:27 1992192 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
    + 2012-01-23 07:20 . 2011-10-25 13:34 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2012-01-23 07:20 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2011-10-25 17:22 . 2011-10-25 17:22 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2012-01-23 07:20 . 2011-10-25 13:38 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2012-01-24 04:25 . 2012-01-24 04:25 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_8526a91d\System.dll
    + 2012-01-24 04:22 . 2012-01-24 04:22 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_4d80d871\System.dll
    + 2012-01-24 04:26 . 2012-01-24 04:26 5644288 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f989ec7c\System.Xml.dll
    + 2012-01-24 04:23 . 2012-01-24 04:23 2117632 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_350d1c5c\System.Xml.dll
    + 2012-01-24 04:26 . 2012-01-24 04:26 7925760 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_850e090a\System.Windows.Forms.dll
    + 2012-01-24 04:23 . 2012-01-24 04:23 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_12878893\System.Windows.Forms.dll
    + 2012-01-24 04:26 . 2012-01-24 04:26 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_89781aaf\System.Drawing.dll
    + 2012-01-24 04:24 . 2012-01-24 04:24 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9e060296\System.Design.dll
    + 2012-01-24 04:26 . 2012-01-24 04:26 3403776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2a7240c9\System.Design.dll
    + 2012-01-24 04:27 . 2012-01-24 04:27 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_52b5706b\mscorlib.dll
    + 2012-01-24 04:25 . 2012-01-24 04:25 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_117148bb\mscorlib.dll
    + 2012-01-24 03:14 . 2012-01-24 03:14 3793408 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\35e559423e66ab394f254970d2bedba9\WindowsBase.ni.dll
    + 2012-01-24 06:02 . 2012-01-24 06:02 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\bae88c0df1ef666a7d6f3203cdaa0249\UIAutomationClientsideProviders.ni.dll
    + 2012-01-24 03:11 . 2012-01-24 03:11 9060352 c:\windows\assembly\NativeImages_v4.0.30319_32\System\2accd7336f3f1b087ba31adf573d1beb\System.ni.dll
    + 2012-01-24 03:16 . 2012-01-24 03:16 5611008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\8f49ea3bbe3b41cd34615e214c640255\System.Xml.ni.dll
    + 2012-01-24 03:32 . 2012-01-24 03:32 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e13335445ab741fb18e039cc53df9cd7\System.Xaml.ni.dll
    + 2012-01-24 06:02 . 2012-01-24 06:02 1206784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\245d249eb4959eaad6fca7105c0f4405\System.WorkflowServices.ni.dll
    + 2012-01-24 06:01 . 2012-01-24 06:01 1969152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\2453cd963ccde8d72968a0d8f54dd2d3\System.Workflow.Runtime.ni.dll
    + 2012-01-24 06:01 . 2012-01-24 06:01 4444672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\badaff27602e0ceb65449c8129be4760\System.Workflow.ComponentModel.ni.dll
    + 2012-01-24 06:01 . 2012-01-24 06:01 2860032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\469c0fd6288dccccddd1fe5ee15cbb87\System.Workflow.Activities.ni.dll
    + 2012-01-24 06:01 . 2012-01-24 06:01 4544000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\98bcefcbd76ed89c7ac5d4c6c03ca928\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 1887232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\7312e95505aa3bb844165d21f50cd973\System.Web.Services.ni.dll
    + 2012-01-24 06:00 . 2012-01-24 06:00 2333184 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\1fa17076a42f6ffab775c479812ff372\System.Web.Mobile.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 3120128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\2bf01ad4406bb1265732bc6501279f69\System.Web.Extensions.ni.dll
    + 2012-01-24 05:59 . 2012-01-24 05:59 4481024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\5dcefaa000a3af031eeb85b1cdff5294\System.Web.DataVisualization.ni.dll
    + 2012-01-24 05:59 . 2012-01-24 05:59 2004992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\f231a8b7b5850adedf3acfc86b932c5f\System.Speech.ni.dll
    + 2012-01-24 05:55 . 2012-01-24 05:55 1051136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8ae253a31a7792f4988bf07f4f8f2f56\System.ServiceModel.Web.ni.dll
    + 2012-01-24 05:58 . 2012-01-24 05:58 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4b449c74cb64366db120095cb4a4264b\System.ServiceModel.Discovery.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\065dbab6d368fa0884a0f3611f02d3f7\System.ServiceModel.Activities.ni.dll
    + 2012-01-24 05:46 . 2012-01-24 05:46 2629632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\23922346b589bb71323a14121316aa87\System.Runtime.Serialization.ni.dll
    + 2012-01-24 05:47 . 2012-01-24 05:47 1019392 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a4e7ce1e2d8a7d6f23ddf7cb71071d2a\System.Runtime.DurableInstancing.ni.dll
    + 2012-01-24 05:49 . 2012-01-24 05:49 1048064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\330ab8090ae72709de71b8a2d06f6e98\System.Printing.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 1164800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\856c8246abe0036938edae1802cfdeb0\System.Management.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 1071104 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e7ad404569c958b201b02d526e355fd5\System.IdentityModel.ni.dll
    + 2012-01-24 03:26 . 2012-01-24 03:26 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\be31497ae34de0ea10fccab31729133f\System.Drawing.ni.dll
    + 2012-01-24 05:47 . 2012-01-24 05:47 1171968 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\bd51be5af79a0ba92816e95ee823b14f\System.DirectoryServices.ni.dll
    + 2012-01-24 03:48 . 2012-01-24 03:48 1876992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\80d22c4a296fa01c9833665ccfa34445\System.Deployment.ni.dll
    + 2012-01-24 03:18 . 2012-01-24 03:18 6789632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\4908ac42fd8ceff8dbd612c7f31dcc1f\System.Data.ni.dll
    + 2012-01-24 03:16 . 2012-01-24 03:16 2543616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\dfabb3a4439eaae0e5327618c0eaa0b7\System.Data.SqlXml.ni.dll
    + 2012-01-24 05:55 . 2012-01-24 05:55 2018304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\32dd0b0e1dbb96755bc53b84053f428a\System.Data.Services.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\c0248d0ea5c967d9701bfb24664cd016\System.Data.Services.Client.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\79dac40c552b94ff383a3ea4eb5c6d73\System.Data.OracleClient.ni.dll
    + 2012-01-24 03:13 . 2012-01-24 03:13 2511872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\abc6a2a1a63d4529b3c1a025575a0a3b\System.Data.Linq.ni.dll
    + 2012-01-24 05:54 . 2012-01-24 05:54 1400320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\19253acb1c5de7fbd3ea888d880fbc85\System.Data.Entity.Design.ni.dll
    + 2012-01-24 03:12 . 2012-01-24 03:12 7049216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\62117b1ebb9f66f97a05b39b0c52cf55\System.Core.ni.dll
    + 2012-01-24 05:49 . 2012-01-24 05:49 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\447e17550fceb8e4ebda2ade70967f23\System.Activities.ni.dll
    + 2012-01-24 05:50 . 2012-01-24 05:50 3696640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\f089d1483dea495c8863d0fb7340d64e\System.Activities.Presentation.ni.dll
    + 2012-01-24 05:49 . 2012-01-24 05:49 1511936 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\7c478c30563c0abdf4b8aef273ce2879\System.Activities.Core.Presentation.ni.dll
     
  14. Denio

    Denio TS Rookie Topic Starter Posts: 48

    4

    + 2012-01-24 05:49 . 2012-01-24 05:49 2857984 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\63de7b1c6733681dd5ba1952ec55e3df\ReachFramework.ni.dll
    + 2012-01-24 04:04 . 2012-01-24 04:04 1626624 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\d829f68c5f65a1119614a66b468b6ef1\PresentationUI.ni.dll
    + 2012-01-24 03:57 . 2012-01-24 03:57 1471488 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\79086519ed31598c82dea6c21acade6a\PresentationBuildTasks.ni.dll
    + 2012-01-24 03:52 . 2012-01-24 03:52 1834496 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f8f5181f865f741f06c3aaed37273f2a\Microsoft.VisualBasic.ni.dll
    + 2012-01-24 03:55 . 2012-01-24 03:55 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c419f255f8b2f78f71eb60707490b99f\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-01-24 03:53 . 2012-01-24 03:53 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\57741616a18c8c55d6c13f6602abf597\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2012-01-24 03:50 . 2012-01-24 03:50 1081856 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ab7ea7a2ca7e34947b121a8b1162f468\Microsoft.Transactions.Bridge.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 2449408 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\e06226abfc40ab63de70dd1cbfbe326e\Microsoft.JScript.ni.dll
    + 2012-01-24 03:15 . 2012-01-24 03:15 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\c4f9bb41be6f039f048ddb6c2be2b32b\Microsoft.CSharp.ni.dll
    + 2012-01-24 03:40 . 2012-01-24 03:40 4242432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\fe5821a843c51680cd231e4a3578bad0\Microsoft.Build.ni.dll
    + 2012-01-24 03:46 . 2012-01-24 03:46 2859520 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\a1ba22eb5a67d8f6915af9913d46f5e6\Microsoft.Build.Tasks.v4.0.ni.dll
    + 2012-01-24 03:42 . 2012-01-24 03:42 1927168 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\33c9a48b7d73c4e61c5eb20fb5c98bf4\Microsoft.Build.Engine.ni.dll
    + 2012-01-24 05:23 . 2012-01-24 05:23 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\5b5edb3223d2055dfb3af206bbc96d9f\System.ni.dll
    + 2012-01-24 05:42 . 2012-01-24 05:42 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16b61670b9a6caff6afea6d1aef06be6\System.Xml.ni.dll
    + 2012-01-24 05:46 . 2012-01-24 05:46 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\78fe79977f7853ac4815948f6739ab36\System.Web.Services.ni.dll
    + 2012-01-24 05:45 . 2012-01-24 05:45 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f98e228c15f52ce9186bd77e88289d97\System.Web.Mobile.ni.dll
    + 2012-01-24 05:45 . 2012-01-24 05:45 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f92c1141bdc98040726d799ed4f3af82\System.Web.Extensions.ni.dll
    + 2012-01-24 05:41 . 2012-01-24 05:41 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1f47e98668e26db666515dc94743e70f\System.Drawing.ni.dll
    - 2012-01-23 17:56 . 2012-01-23 17:56 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1f47e98668e26db666515dc94743e70f\System.Drawing.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\aa508d5c6821abb6e9babfb7d5de18db\System.DirectoryServices.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\8514a4c522358f44ca856750ec56a2d9\System.Deployment.ni.dll
    + 2012-01-24 05:28 . 2012-01-24 05:28 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\257f16884704728354b65c28294b2f0d\System.Data.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d62d4fe98efaf4aace3848026d076892\System.Data.SqlXml.ni.dll
    + 2012-01-24 05:45 . 2012-01-24 05:45 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\7b4a8adb0fe6e4fc9190bcc63ad97f15\System.Core.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d44bfa05a3f247ef1b67cfc97a755f5a\Microsoft.VisualBasic.ni.dll
    + 2012-01-24 05:44 . 2012-01-24 05:44 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a5867359202278a623b6d2dad25e7394\Microsoft.Build.Tasks.ni.dll
    + 2012-01-24 05:43 . 2012-01-24 05:43 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\73609893e7baf09fd714b622c21e3013\Microsoft.Build.Engine.ni.dll
    + 2012-01-24 04:50 . 2012-01-24 04:51 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2012-01-24 04:50 . 2012-01-24 04:50 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2011-05-16 20:45 . 2011-05-16 20:45 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\system.web.extensions.dll
    + 2012-01-24 04:29 . 2012-01-24 04:29 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-01-24 04:49 . 2012-01-24 04:49 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-01-24 04:48 . 2012-01-24 04:48 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2012-01-24 04:51 . 2012-01-24 04:51 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2011-05-16 20:34 . 2011-05-16 20:34 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2012-01-24 04:51 . 2012-01-24 04:51 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2011-05-16 20:33 . 2011-05-16 20:33 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2012-01-24 04:21 . 2012-01-24 04:21 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2012-01-24 04:20 . 2012-01-24 04:20 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-01-24 04:21 . 2012-01-24 04:21 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2011-05-15 22:04 . 2011-12-07 10:44 52988224 c:\windows\system32\MRT.exe
    + 2011-05-15 22:21 . 2011-11-05 13:19 11083776 c:\windows\system32\ieframe.dll
    + 2011-11-05 13:19 . 2011-11-05 13:19 11083776 c:\windows\system32\dllcache\ieframe.dll
    + 2012-01-24 05:08 . 2012-01-24 05:08 20333568 c:\windows\Installer\ea8db1.msp
    + 2011-07-26 15:33 . 2011-07-26 15:33 10984448 c:\windows\Installer\ea8da4.msp
    + 2011-07-11 19:43 . 2011-07-11 19:43 11641344 c:\windows\Installer\ea8d8d.msp
    + 2012-01-24 04:16 . 2012-01-24 04:16 19677184 c:\windows\Installer\ea8d6d.msp
    + 2011-07-11 16:19 . 2011-07-11 16:19 10619904 c:\windows\Installer\80e8c0.msp
    + 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows\Installer\5a867.msp
    + 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
    + 2012-01-24 04:14 . 2011-02-23 04:57 11082752 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
    + 2012-01-24 03:27 . 2012-01-24 03:27 13024256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6e45dc7bef38a6d8b1aef6e716cb648\System.Windows.Forms.ni.dll
    + 2012-01-24 05:47 . 2012-01-24 05:47 12033024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\b3f3ee803ac8203e09ac625027f6e9c2\System.Web.ni.dll
    + 2012-01-24 05:57 . 2012-01-24 05:57 17978368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\21d70baf34340c5e80acd99fa7eede62\System.ServiceModel.ni.dll
    + 2012-01-24 05:48 . 2012-01-24 05:48 10883072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\c4ebd3ffbf50d6c8e9b41dd5fec25065\System.Design.ni.dll
    + 2012-01-24 05:54 . 2012-01-24 05:54 13324288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\00d105219b970fcbd31a25f3a7c67b77\System.Data.Entity.ni.dll
    + 2012-01-24 03:25 . 2012-01-24 03:25 17662976 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3c61ca33916bf776e0e84cb970336ae6\PresentationFramework.ni.dll
    + 2012-01-24 03:21 . 2012-01-24 03:21 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\260b1bcdb346fe6a15fb6863ff0806cb\PresentationCore.ni.dll
    + 2012-01-24 03:10 . 2012-01-24 03:10 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d94e96530c3b5334354465bf48a033fb\mscorlib.ni.dll
    + 2012-01-24 05:41 . 2012-01-24 05:41 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ec747f2b8df1fdac6777dfd95105eaf0\System.Windows.Forms.ni.dll
    + 2012-01-24 05:45 . 2012-01-24 05:45 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\f28771f44197d6cb1b310c6915d6636b\System.Web.ni.dll
    + 2012-01-24 05:40 . 2012-01-24 05:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\20ee279762ef09880d7abc3584d1991a\System.Design.ni.dll
    + 2012-01-24 05:09 . 2012-01-24 05:10 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c2678ff865d430dbcc94740aa5efdabc\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-18 399736]
    "Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-02-26 437160]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 677896]
    "CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "KB976002-v5"="advpack.dll" [2009-03-08 128512]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"=
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2011 9:27 AM 717296]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/23/2012 11:35 PM 652872]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/23/2012 11:34 PM 20464]
    S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [5/15/2011 11:23 PM 9472]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5/16/2011 9:30 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/15/2011 11:19 PM 14848]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [5/16/2011 9:31 PM 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - MPFILTER
    *NewlyCreated* - MSMPSVC
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
    .
    2012-01-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
    .
    2012-01-24 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Kolacek\Application Data\Mozilla\Firefox\Profiles\ccqremnb.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
    AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
    AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-24 20:18
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-329068152-1580818891-1957994488-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:dd,a1,79,93,e9,77,c9,b5,60,d0,fd,db,99,db,29,19,c3,ec,c6,6a,1d,5d,fe,
    60,fd,07,9e,a9,f7,ec,1c,c3,a7,3c,0f,5a,ba,e0,4b,29,6e,a7,7e,41,e4,39,e4,b9,\
    "??"=hex:43,25,25,21,67,56,f5,c2,91,ee,27,7c,ad,fb,21,71
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3972)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    Completion time: 2012-01-24 20:23:38
    ComboFix-quarantined-files.txt 2012-01-24 19:23
    ComboFix2.txt 2012-01-23 19:41
    .
    Pre-Run: 17,904,001,024 bytes free
    Post-Run: 18,088,640,512 bytes free
    .
    - - End Of File - - 78A31E385D7FDA0AF275F8184D6FDDCA
     
  15. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    We have one system file missing.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      usbehci.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  16. Denio

    Denio TS Rookie Topic Starter Posts: 48

    e

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:13 on 24/01/2012 by Kolacek
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "usbehci.sys"
    No files found.

    -= EOF =-
     
  17. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    I uploaded missing usbehci.sys file here: http://www.filedropper.com/usbehci
    Download it and paste it to c:\windows\system32\drivers folder.
    Disregard any Windows warnings.

    Then....

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    SecCenter::
    {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  18. Denio

    Denio TS Rookie Topic Starter Posts: 48

    123

    ComboFix 12-01-23.02 - Kolacek 01/24/2012 22:10:47.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.494 [GMT 1:00]
    Running from: c:\documents and settings\Kolacek\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Kolacek\Desktop\CFScript.txt
    AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-24 21:06 . 2012-01-24 21:06 -------- d-----w- c:\windows\LastGood
    2012-01-24 21:06 . 2012-01-24 21:05 30208 ----a-w- c:\windows\system32\drivers\OLD125.tmp
    2012-01-24 21:06 . 2009-06-08 15:56 30464 -c--a-w- c:\windows\system32\dllcache\usbehci.sys
    2012-01-24 21:06 . 2009-06-08 15:56 30464 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2012-01-24 17:39 . 2012-01-05 19:19 6557240 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D432E16D-B0CD-4C33-816D-690E719B8F61}\mpengine.dll
    2012-01-24 17:34 . 2012-01-24 17:35 -------- d-----w- c:\program files\Microsoft Security Client
    2012-01-24 14:00 . 2012-01-24 14:00 -------- d-----w- c:\program files\MSECache
    2012-01-24 12:11 . 2012-01-24 12:11 388096 ----a-r- c:\documents and settings\Kolacek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-24 12:11 . 2012-01-24 12:11 -------- d-----w- c:\program files\Trend Micro
    2012-01-24 10:29 . 2012-01-24 10:29 -------- d-----w- c:\program files\Uniblue
    2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\Kolacek\Application Data\Malwarebytes
    2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-23 22:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-23 22:34 . 2012-01-23 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-23 21:56 . 2012-01-23 21:56 -------- d-----w- C:\_OTL
    2012-01-23 20:51 . 2012-01-23 20:51 -------- d-----w- c:\windows\Sun
    2012-01-23 19:17 . 2008-04-14 14:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
    2012-01-23 19:17 . 2008-04-14 14:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-01-23 19:10 . 2012-01-23 19:10 -------- d-----w- c:\documents and settings\Administrator
    2012-01-23 18:34 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-23 18:14 . 2012-01-23 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-23 17:57 . 2012-01-23 17:57 -------- d-----w- c:\program files\Pontifex II
    2012-01-23 17:31 . 2012-01-24 04:21 -------- d-----w- c:\windows\system32\URTTemp
    2012-01-23 17:30 . 2012-01-23 17:30 -------- d-----w- c:\windows\ie8updates
    2012-01-23 09:00 . 2012-01-23 18:00 -------- d-----w- c:\program files\Memory Washer
    2012-01-23 08:59 . 2012-01-23 18:00 -------- d-----w- c:\program files\SpeedFan
    2012-01-23 07:22 . 2011-11-04 19:19 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2012-01-23 07:22 . 2011-11-04 19:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2012-01-23 07:21 . 2011-11-04 19:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2012-01-23 07:21 . 2011-11-04 19:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2012-01-23 07:21 . 2011-11-04 19:19 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2012-01-23 07:21 . 2011-11-04 19:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2012-01-23 07:20 . 2011-10-25 13:38 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2012-01-23 07:20 . 2011-10-25 13:34 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2012-01-23 07:20 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-23 18:18 . 2011-08-17 19:51 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-25 21:56 . 2011-05-15 22:13 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:29 . 2011-05-15 22:13 1868544 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2011-05-15 22:36 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-04 19:19 . 2011-05-15 22:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:19 . 2011-05-15 22:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 19:19 . 2011-05-15 22:20 919552 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 15:27 . 2011-05-15 22:11 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-03 15:27 . 2011-05-15 22:06 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-01 16:05 . 2011-05-15 22:08 1289216 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2011-05-15 22:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-21 07:24 . 2012-01-23 20:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-01-24_19.18.58 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-24 21:06 . 2012-01-24 21:05 30208 c:\windows\LastGood\system32\drivers\usbehci.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-18 399736]
    "Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-02-26 437160]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 677896]
    "CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "KB976002-v5"="advpack.dll" [2009-03-08 128512]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"=
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2011 9:27 AM 717296]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/23/2012 11:35 PM 652872]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/23/2012 11:34 PM 20464]
    S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [5/15/2011 11:23 PM 9472]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5/16/2011 9:30 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/15/2011 11:19 PM 14848]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [5/16/2011 9:31 PM 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - MPFILTER
    *NewlyCreated* - MSMPSVC
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
    .
    2012-01-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Kolacek\Application Data\Mozilla\Firefox\Profiles\ccqremnb.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-24 22:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-329068152-1580818891-1957994488-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:dd,a1,79,93,e9,77,c9,b5,60,d0,fd,db,99,db,29,19,c3,ec,c6,6a,1d,5d,fe,
    60,fd,07,9e,a9,f7,ec,1c,c3,a7,3c,0f,5a,ba,e0,4b,29,6e,a7,7e,41,e4,39,e4,b9,\
    "??"=hex:43,25,25,21,67,56,f5,c2,91,ee,27,7c,ad,fb,21,71
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3556)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-01-24 22:24:41
    ComboFix-quarantined-files.txt 2012-01-24 21:24
    ComboFix2.txt 2012-01-24 21:02
    ComboFix3.txt 2012-01-24 19:23
    ComboFix4.txt 2012-01-23 19:41
    .
    Pre-Run: 18,295,660,544 bytes free
    Post-Run: 18,276,073,472 bytes free
    .
    - - End Of File - - 610239F6CD81E648BC911D150E0FEA3B
     
  19. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    You didn't run my script.
     
  20. Denio

    Denio TS Rookie Topic Starter Posts: 48

    I did

    I did, ok I will do it again but I am certain that I did everything according to what you wrote...
     
  21. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    My fault.
    The script had incorrect text in it.
    I just edited it.
     
  22. Denio

    Denio TS Rookie Topic Starter Posts: 48

    Again :)

    ComboFix 12-01-23.02 - Kolacek 01/24/2012 23:03:03.5.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.506 [GMT 1:00]
    Running from: c:\documents and settings\Kolacek\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Kolacek\Desktop\CFScript.txt
    AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\alcrmv.exe
    c:\windows\system32\404Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-24 21:06 . 2012-01-24 21:06 -------- d-----w- c:\windows\LastGood
    2012-01-24 21:06 . 2012-01-24 21:05 30208 ----a-w- c:\windows\system32\drivers\OLD125.tmp
    2012-01-24 21:06 . 2009-06-08 15:56 30464 -c--a-w- c:\windows\system32\dllcache\usbehci.sys
    2012-01-24 21:06 . 2009-06-08 15:56 30464 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2012-01-24 17:39 . 2012-01-05 19:19 6557240 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D432E16D-B0CD-4C33-816D-690E719B8F61}\mpengine.dll
    2012-01-24 17:34 . 2012-01-24 17:35 -------- d-----w- c:\program files\Microsoft Security Client
    2012-01-24 14:00 . 2012-01-24 14:00 -------- d-----w- c:\program files\MSECache
    2012-01-24 12:11 . 2012-01-24 12:11 388096 ----a-r- c:\documents and settings\Kolacek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-24 12:11 . 2012-01-24 12:11 -------- d-----w- c:\program files\Trend Micro
    2012-01-24 10:29 . 2012-01-24 10:29 -------- d-----w- c:\program files\Uniblue
    2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\Kolacek\Application Data\Malwarebytes
    2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-23 22:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-23 22:34 . 2012-01-23 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-23 21:56 . 2012-01-23 21:56 -------- d-----w- C:\_OTL
    2012-01-23 20:51 . 2012-01-23 20:51 -------- d-----w- c:\windows\Sun
    2012-01-23 19:17 . 2008-04-14 14:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
    2012-01-23 19:17 . 2008-04-14 14:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-01-23 19:10 . 2012-01-23 19:10 -------- d-----w- c:\documents and settings\Administrator
    2012-01-23 18:34 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-23 18:14 . 2012-01-23 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-23 17:57 . 2012-01-23 17:57 -------- d-----w- c:\program files\Pontifex II
    2012-01-23 17:31 . 2012-01-24 04:21 -------- d-----w- c:\windows\system32\URTTemp
    2012-01-23 17:30 . 2012-01-23 17:30 -------- d-----w- c:\windows\ie8updates
    2012-01-23 09:00 . 2012-01-23 18:00 -------- d-----w- c:\program files\Memory Washer
    2012-01-23 08:59 . 2012-01-23 18:00 -------- d-----w- c:\program files\SpeedFan
    2012-01-23 07:22 . 2011-11-04 19:19 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2012-01-23 07:22 . 2011-11-04 19:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2012-01-23 07:21 . 2011-11-04 19:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2012-01-23 07:21 . 2011-11-04 19:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2012-01-23 07:21 . 2011-11-04 19:19 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2012-01-23 07:21 . 2011-11-04 19:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2012-01-23 07:20 . 2011-10-25 13:38 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2012-01-23 07:20 . 2011-10-25 13:34 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2012-01-23 07:20 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-23 18:18 . 2011-08-17 19:51 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-25 21:56 . 2011-05-15 22:13 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:29 . 2011-05-15 22:13 1868544 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2011-05-15 22:36 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-04 19:19 . 2011-05-15 22:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:19 . 2011-05-15 22:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 19:19 . 2011-05-15 22:20 919552 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 15:27 . 2011-05-15 22:11 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-03 15:27 . 2011-05-15 22:06 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-01 16:05 . 2011-05-15 22:08 1289216 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2011-05-15 22:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-21 07:24 . 2012-01-23 20:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-01-24_19.18.58 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-24 21:06 . 2012-01-24 21:05 30208 c:\windows\LastGood\system32\drivers\usbehci.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-18 399736]
    "Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-02-26 437160]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 677896]
    "CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "KB976002-v5"="advpack.dll" [2009-03-08 128512]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"=
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2011 9:27 AM 717296]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/23/2012 11:35 PM 652872]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/23/2012 11:34 PM 20464]
    S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [5/15/2011 11:23 PM 9472]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5/16/2011 9:30 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/15/2011 11:19 PM 14848]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [5/16/2011 9:31 PM 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - MPFILTER
    *NewlyCreated* - MSMPSVC
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
    .
    2012-01-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Kolacek\Application Data\Mozilla\Firefox\Profiles\ccqremnb.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-24 23:18
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-329068152-1580818891-1957994488-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:dd,a1,79,93,e9,77,c9,b5,60,d0,fd,db,99,db,29,19,c3,ec,c6,6a,1d,5d,fe,
    60,fd,07,9e,a9,f7,ec,1c,c3,a7,3c,0f,5a,ba,e0,4b,29,6e,a7,7e,41,e4,39,e4,b9,\
    "??"=hex:43,25,25,21,67,56,f5,c2,91,ee,27,7c,ad,fb,21,71
    .
    Completion time: 2012-01-24 23:22:47
    ComboFix-quarantined-files.txt 2012-01-24 22:22
    ComboFix2.txt 2012-01-24 21:24
    ComboFix3.txt 2012-01-24 21:02
    ComboFix4.txt 2012-01-24 19:23
    ComboFix5.txt 2012-01-24 22:00
    .
    Pre-Run: 18,288,472,064 bytes free
    Post-Run: 18,270,318,592 bytes free
    .
    - - End Of File - - 62479671DFAAE73B29E28D540BB441DC
     
  23. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. Denio

    Denio TS Rookie Topic Starter Posts: 48

    I am sorry this is the 3. time i runed the script i wasnt sure that second time I used the right one... so is it ok ??

    ComboFix 12-01-23.02 - Kolacek 01/24/2012 23:40:22.6.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.499 [GMT 1:00]
    Running from: c:\documents and settings\Kolacek\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Kolacek\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-24 21:06 . 2012-01-24 21:06 -------- d-----w- c:\windows\LastGood
    2012-01-24 21:06 . 2012-01-24 21:05 30208 ----a-w- c:\windows\system32\drivers\OLD125.tmp
    2012-01-24 21:06 . 2009-06-08 15:56 30464 -c--a-w- c:\windows\system32\dllcache\usbehci.sys
    2012-01-24 21:06 . 2009-06-08 15:56 30464 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2012-01-24 17:39 . 2012-01-05 19:19 6557240 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D432E16D-B0CD-4C33-816D-690E719B8F61}\mpengine.dll
    2012-01-24 17:34 . 2012-01-24 17:35 -------- d-----w- c:\program files\Microsoft Security Client
    2012-01-24 14:00 . 2012-01-24 14:00 -------- d-----w- c:\program files\MSECache
    2012-01-24 12:11 . 2012-01-24 12:11 388096 ----a-r- c:\documents and settings\Kolacek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-24 12:11 . 2012-01-24 12:11 -------- d-----w- c:\program files\Trend Micro
    2012-01-24 10:29 . 2012-01-24 10:29 -------- d-----w- c:\program files\Uniblue
    2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\Kolacek\Application Data\Malwarebytes
    2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-23 22:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-23 22:34 . 2012-01-23 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-23 21:56 . 2012-01-23 21:56 -------- d-----w- C:\_OTL
    2012-01-23 20:51 . 2012-01-23 20:51 -------- d-----w- c:\windows\Sun
    2012-01-23 19:17 . 2008-04-14 14:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
    2012-01-23 19:17 . 2008-04-14 14:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-01-23 19:10 . 2012-01-23 19:10 -------- d-----w- c:\documents and settings\Administrator
    2012-01-23 18:34 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-23 18:14 . 2012-01-23 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-23 17:57 . 2012-01-23 17:57 -------- d-----w- c:\program files\Pontifex II
    2012-01-23 17:31 . 2012-01-24 04:21 -------- d-----w- c:\windows\system32\URTTemp
    2012-01-23 17:30 . 2012-01-23 17:30 -------- d-----w- c:\windows\ie8updates
    2012-01-23 09:00 . 2012-01-23 18:00 -------- d-----w- c:\program files\Memory Washer
    2012-01-23 08:59 . 2012-01-23 18:00 -------- d-----w- c:\program files\SpeedFan
    2012-01-23 07:22 . 2011-11-04 19:19 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2012-01-23 07:22 . 2011-11-04 19:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2012-01-23 07:21 . 2011-11-04 19:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2012-01-23 07:21 . 2011-11-04 19:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2012-01-23 07:21 . 2011-11-04 19:19 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2012-01-23 07:21 . 2011-11-04 19:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2012-01-23 07:20 . 2011-10-25 13:38 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2012-01-23 07:20 . 2011-10-25 13:34 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2012-01-23 07:20 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-23 18:18 . 2011-08-17 19:51 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-25 21:56 . 2011-05-15 22:13 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:29 . 2011-05-15 22:13 1868544 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2011-05-15 22:36 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-04 19:19 . 2011-05-15 22:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:19 . 2011-05-15 22:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 19:19 . 2011-05-15 22:20 919552 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 15:27 . 2011-05-15 22:11 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-03 15:27 . 2011-05-15 22:06 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-01 16:05 . 2011-05-15 22:08 1289216 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2011-05-15 22:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-21 07:24 . 2012-01-23 20:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-01-24_19.18.58 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-24 21:06 . 2012-01-24 21:05 30208 c:\windows\LastGood\system32\drivers\usbehci.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-18 399736]
    "Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-02-26 437160]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 677896]
    "CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "KB976002-v5"="advpack.dll" [2009-03-08 128512]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"=
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2011 9:27 AM 717296]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/23/2012 11:35 PM 652872]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/23/2012 11:34 PM 20464]
    S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [5/15/2011 11:23 PM 9472]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5/16/2011 9:30 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/15/2011 11:19 PM 14848]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [5/16/2011 9:31 PM 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - MPFILTER
    *NewlyCreated* - MSMPSVC
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
    .
    2012-01-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Kolacek\Application Data\Mozilla\Firefox\Profiles\ccqremnb.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-24 23:52
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-329068152-1580818891-1957994488-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:dd,a1,79,93,e9,77,c9,b5,60,d0,fd,db,99,db,29,19,c3,ec,c6,6a,1d,5d,fe,
    60,fd,07,9e,a9,f7,ec,1c,c3,a7,3c,0f,5a,ba,e0,4b,29,6e,a7,7e,41,e4,39,e4,b9,\
    "??"=hex:43,25,25,21,67,56,f5,c2,91,ee,27,7c,ad,fb,21,71
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(884)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-01-24 23:56:49
    ComboFix-quarantined-files.txt 2012-01-24 22:56
    ComboFix2.txt 2012-01-24 22:22
    ComboFix3.txt 2012-01-24 21:24
    ComboFix4.txt 2012-01-24 21:02
    ComboFix5.txt 2012-01-24 22:37
    .
    Pre-Run: 18,284,597,248 bytes free
    Post-Run: 18,264,584,192 bytes free
    .
    - - End Of File - - 9B74C5095F8C261D160D02F4BA868821
     
  25. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    Yes, it worked :)

    Let me know how computer is doing and proceed with OTL.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.