Solved Virus - can't install Malwarebytes - access is denied

[Denio]

I have issue similar to this one :https://www.techspot.com/vb/topic163660.html
The PC has conracted a virus, and also I cant install any program that is related to virus cleaning. Please help me.
Coming in a short while please wait my computer is very slow becouse of the virus

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

What about GMER?

You're running two AV programs, AVG and MSE.
One of them has to go.
If AVG use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

 

[Denio]

AVG remover runed and i think it didnt do any thing

one question should I scan all partitions or just c with gmer ?

the new DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Kolacek at 0:49:16 on 2012-01-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.388 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DWPersistentQueuedReporting] c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE -a
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [kX Mixer] c:\program files\kx audio driver\3550\kxmixer.exe --startup
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AC541501-9314-4A2E-930E-E250381D8E13} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kolacek\application data\mozilla\firefox\profiles\ccqremnb.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl3691d71a;MpKsl3691d71a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d149a01-0aec-45de-b7d0-e505abeb58e0}\MpKsl3691d71a.sys [2012-1-24 29904]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2011-5-16 130384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-23 652872]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ovislink\common\RalinkRegistryWriter.exe [2011-7-16 69632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-23 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-24 40776]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2011-5-15 9472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-21 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-21 136176]
S3 rt2870;Airlive WN-300USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-7-16 619136]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2011-5-15 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2011-5-16 753504]
.
=============== Created Last 30 ================
.
2012-01-23 23:46:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-23 23:46:38 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d149a01-0aec-45de-b7d0-e505abeb58e0}\MpKsl3691d71a.sys
2012-01-23 22:35:56 -------- d-----w- c:\documents and settings\kolacek\application data\Malwarebytes
2012-01-23 22:35:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-23 22:34:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 22:34:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-23 22:29:41 -------- d-----w- C:\ComboFix
2012-01-23 21:56:20 -------- d-----w- C:\_OTL
2012-01-23 20:01:09 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d149a01-0aec-45de-b7d0-e505abeb58e0}\mpengine.dll
2012-01-23 19:56:13 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-23 19:17:48 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-01-23 19:17:48 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-23 19:15:48 -------- d-sha-r- C:\cmdcons
2012-01-23 19:12:44 98816 ----a-w- c:\windows\sed.exe
2012-01-23 19:12:44 518144 ----a-w- c:\windows\SWREG.exe
2012-01-23 19:12:44 256000 ----a-w- c:\windows\PEV.exe
2012-01-23 19:12:44 208896 ----a-w- c:\windows\MBR.exe
2012-01-23 18:34:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 18:14:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-23 18:14:30 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-23 17:57:05 -------- d-----w- c:\program files\Pontifex II
2012-01-23 17:31:01 -------- d-----w- c:\windows\system32\URTTemp
2012-01-23 17:30:26 -------- d-----w- c:\windows\ie8updates
2012-01-23 09:00:03 -------- d-----w- c:\program files\Memory Washer
2012-01-23 08:59:58 -------- d-----w- c:\program files\SpeedFan
2012-01-23 07:20:05 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-01-23 07:20:02 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-01-23 07:20:02 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-23 18:18:20 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-10-28 05:31:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 0:51:38.74 ===============


And attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/16/2011 11:26:09 PM
System Uptime: 1/24/2012 12:41:35 AM (0 hours ago)
.
Motherboard: | | SiS-650
Processor: Intel(R) Celeron(R) CPU 2.00GHz | Socket 478 | 2004/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 28 GiB total, 17.16 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 46.725 GiB free.
E: is FIXED (NTFS) - 86 GiB total, 47.743 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP109: 11/7/2011 4:44:02 PM - System Checkpoint
RP110: 11/8/2011 9:01:30 PM - System Checkpoint
RP111: 11/10/2011 7:15:49 PM - System Checkpoint
RP112: 11/17/2011 5:05:58 PM - System Checkpoint
RP113: 11/18/2011 5:45:59 PM - System Checkpoint
RP114: 11/20/2011 3:35:09 PM - System Checkpoint
RP115: 11/22/2011 3:57:26 PM - System Checkpoint
RP116: 11/23/2011 5:03:06 PM - System Checkpoint
RP117: 11/25/2011 2:38:47 PM - System Checkpoint
RP118: 11/26/2011 5:40:29 PM - System Checkpoint
RP119: 11/28/2011 3:52:03 PM - System Checkpoint
RP120: 11/29/2011 3:57:02 PM - System Checkpoint
RP121: 11/30/2011 4:24:04 PM - System Checkpoint
RP122: 12/1/2011 6:43:40 PM - System Checkpoint
RP123: 12/2/2011 8:12:47 PM - System Checkpoint
RP124: 12/4/2011 10:22:00 AM - System Checkpoint
RP125: 12/5/2011 3:43:34 PM - System Checkpoint
RP126: 12/6/2011 3:58:24 PM - System Checkpoint
RP127: 12/7/2011 5:35:26 PM - System Checkpoint
RP128: 12/8/2011 7:56:42 PM - System Checkpoint
RP129: 12/10/2011 7:28:08 PM - System Checkpoint
RP130: 12/15/2011 5:30:15 PM - System Checkpoint
RP131: 12/17/2011 6:14:25 PM - System Checkpoint
RP132: 12/19/2011 4:47:22 PM - System Checkpoint
RP133: 12/20/2011 6:10:39 PM - System Checkpoint
RP134: 12/21/2011 6:46:02 PM - System Checkpoint
RP135: 12/23/2011 3:44:45 PM - System Checkpoint
RP136: 12/25/2011 12:24:34 PM - System Checkpoint
RP137: 12/26/2011 3:57:16 PM - System Checkpoint
RP138: 12/28/2011 3:46:04 PM - System Checkpoint
RP139: 12/29/2011 3:49:42 PM - System Checkpoint
RP140: 12/30/2011 6:11:29 PM - System Checkpoint
RP141: 1/1/2012 2:29:05 PM - System Checkpoint
RP142: 1/9/2012 4:13:49 PM - System Checkpoint
RP143: 1/10/2012 4:28:51 PM - System Checkpoint
RP144: 1/13/2012 7:09:37 PM - System Checkpoint
RP145: 1/14/2012 8:38:34 PM - System Checkpoint
RP146: 1/16/2012 3:59:51 PM - System Checkpoint
RP147: 1/17/2012 4:33:35 PM - System Checkpoint
RP148: 1/19/2012 4:24:02 PM - System Checkpoint
RP149: 1/21/2012 7:51:01 PM - System Checkpoint
RP150: 1/22/2012 10:57:02 PM - System Checkpoint
RP151: 1/23/2012 5:58:06 PM - Software Distribution Service 3.0
RP152: 1/23/2012 6:04:23 PM - Software Distribution Service 3.0
RP153: 1/23/2012 6:52:14 PM - Removed AirLive WN-300USB Wireless LAN Card
RP154: 1/23/2012 6:56:36 PM - Restore Operation
RP155: 1/23/2012 7:34:38 PM - Software Distribution Service 3.0
RP156: 1/23/2012 8:42:07 PM - Software Distribution Service 3.0
RP157: 1/23/2012 9:00:38 PM - Software Distribution Service 3.0
RP158: 1/23/2012 9:33:57 PM - OTL Restore Point - 1/23/2012 9:33:45 PM
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
BS.Player PRO
Cheat Engine 5.3
Driver Genius Professional Edition 2007
DriverMax 5
Google Chrome
Google Update Helper
Hard Disk Sentinel
HDD Regenerator
Java(TM) 6 Update 24
K-Lite Codec Pack 4.7.5 (Full)
Malwarebytes Anti-Malware version 1.60.0.1800
Marsu-Fix
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP3 Parser (KB973685)
Norton PartitionMagic
Norton PartitionMagic 8.0
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
Ovislink AirLive 300USB
Pontifex II
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2633171)
SiSoftware Sandra Professional Home XI.SP1a (Win64/32/CE)
Sound Blaster Live!
Update for Windows XP (KB2541763)
Weather Watcher Live
WebFldrs XP
Winamp
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
1/24/2012 12:34:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgfws service.
1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2597098).
1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2646524).
1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2639417).
1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2631813).
1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2598479).
1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2564958).
1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2544893).
1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Silverlight (KB2617986).
1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office 2003 (KB2584052).
1/23/2012 8:53:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073).
1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Windows Malicious Software Removal Tool - December 2011 (KB890830).
1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows XP (KB2641690).
1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Office File Validation 2010 (KB2553065), 32-bit Edition.
1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2624667).
1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2592799).
1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2570947).
1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2657424).
1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2656352).
1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
1/23/2012 8:53:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2618444).
1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).
1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows XP (KB2633952).
1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2596520).
1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2619339).
1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2603381).
1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office Publisher 2003 (KB2553084).
1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office Excel 2003 (KB2596954).
1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2572078).
1/23/2012 8:53:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for ActiveX Killbits for Windows XP (KB2618451).
1/23/2012 8:11:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm
1/23/2012 8:10:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/23/2012 8:08:11 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
1/23/2012 8:07:50 PM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
1/23/2012 8:05:53 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/23/2012 8:05:48 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/23/2012 8:04:21 PM, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 1 time(s).
1/23/2012 7:16:27 PM, error: SR [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'netbt.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/23/2012 6:00:30 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.
1/23/2012 6:00:21 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/23/2012 2:11:23 PM, error: System Error [1003] - Error code 1000008e, parameter1 80000002, parameter2 80648b1f, parameter3 b73f2428, parameter4 00000000.
1/23/2012 2:11:09 PM, error: System Error [1003] - Error code 1000008e, parameter1 80000002, parameter2 80648b1f, parameter3 b7496428, parameter4 00000000.
1/23/2012 12:19:53 PM, error: Dhcp [1002] - The IP address lease 188.2.74.233 for the Network Card with network address 00016C27F6B0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/23/2012 10:02:43 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: giveio speedfan
1/22/2012 8:56:09 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/21/2012 7:04:09 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The system cannot find the path specified. .
1/21/2012 7:04:09 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Normal Tanks\Normal Tanks.exe. Reference error message: The operation completed successfully. .
1/20/2012 6:02:33 PM, error: Service Control Manager [7000] - The Creative Service for CDROM Access service failed to start due to the following error: The system cannot find the file specified.
1/20/2012 6:02:33 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.
.
==== End Of File ===========================

 

[Broni]

should I scan all partitions or just c with gmer ?

C only.

 

[Denio]

Gmer

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-24 10:52:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6Y120P0 rev.YAR41BW0
Running: xxyi4ph9.exe; Driver: C:\DOCUME~1\Kolacek\LOCALS~1\Temp\uxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT spqj.sys ZwCreateKey [0xF76CE0E0]
SSDT spqj.sys ZwEnumerateKey [0xF76ECCA2]
SSDT spqj.sys ZwEnumerateValueKey [0xF76ED030]
SSDT spqj.sys ZwOpenKey [0xF76CE0C0]
SSDT spqj.sys ZwQueryKey [0xF76ED108]
SSDT spqj.sys ZwQueryValueKey [0xF76ECF88]
SSDT spqj.sys ZwSetValueKey [0xF76ED19A]

INT 0x3B ? 870BDBF8
INT 0x3E ? 8736BBF8
INT 0x3F ? 8736BBF8

---- Kernel code sections - GMER 1.0.15 ----

? spqj.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6B323A0, 0x5FE082, 0xE8000020]
.text USBPORT.SYS!DllUnload F6B018EC 5 Bytes JMP 870BD1D8
.text aooasj44.SYS F6974386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aooasj44.SYS F69743AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aooasj44.SYS F69743C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aooasj44.SYS F69743C9 1 Byte [2E]
.text aooasj44.SYS F69743C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 873DC2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76FFC4C] spqj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76FFCA0] spqj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76CF040] spqj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76CF13C] spqj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76CF0BE] spqj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76CF7FC] spqj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76CF6D2] spqj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 870BD2D8
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!swprintf] C1815753
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeSetEvent] 00002590
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeCancelTimer] 43881855
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!sprintf] 7E8D503F
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B9E85728
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ZwClose] E0835200
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoStartTimer] 06468A00
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInitializeTimer] 8306E8C0
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ZwCreateKey] 52500000
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeSetTimer] E85350F8
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!_allmul] FFFFF848
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!_except_handler3] BE7875C0
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!PoSetPowerState] 00000008
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!_aulldiv] 838D0000
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!strstr] 00001A8C
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!_strupr] E850006A
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!KeTickCount] 808B8D00
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!memmove] 83FFFF68
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\aooasj44.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76DF048] spqj.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8736A1F8
Device \Driver\usbohci \Device\USBPDO-0 870BC1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 873DA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 873DA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 873DA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 873DA1F8
Device \Driver\usbohci \Device\USBPDO-1 870BC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8736C1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AC541501-9314-4A2E-930E-E250381D8E13} 8681D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8736C1F8
Device \Driver\Cdrom \Device\CdRom0 86354500
Device \Driver\atapi \Device\Ide\IdePort0 [F7622B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7622B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7622B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7622B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8736C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8681D1F8
Device \Driver\NetBT \Device\NetbiosSmb 8681D1F8
Device \Driver\PCI_PNP5616 \Device\0000004e spqj.sys
Device \Driver\PCI_PNP5616 \Device\0000004e spqj.sys
Device \Driver\usbohci \Device\USBFDO-0 870BC1F8
Device \Driver\usbohci \Device\USBFDO-1 870BC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85EE51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85EE51F8
Device \Driver\sptd \Device\898747632 spqj.sys
Device \Driver\Ftdisk \Device\FtControl 8736C1F8
Device \Driver\aooasj44 \Device\Scsi\aooasj441 870931F8
Device \Driver\aooasj44 \Device\Scsi\aooasj441Port2Path0Target0Lun0 870931F8
Device \FileSystem\Cdfs \Cdfs 85ECC500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x80 0x80 0x24 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x02 0x40 0x7C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0x06 0xC3 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x80 0x80 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x02 0x40 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x84 0x97 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x80 0x80 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x02 0x40 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x84 0x97 0x95 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----






MBAM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kolacek :: DENIO [administrator]

Protection: Enabled

1/24/2012 10:53:05
mbam-log-2012-01-24 (10-53-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174397
Time elapsed: 25 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Denio]

The CPU is allways on 100%

[HJT log removed by Broni]

It says I have AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} but i dont... i removed MSE si is that ok ?? please answer...

 

[Broni]

i removed MSE si is that ok ??

No.
Please observe my rules.
Do not do anything else but follow my instructions.
I didn't ask for HJT log, I didn't ask for uninstalling MSE.
AVG listings are just leftovers.
We'll take care of it later.

Reinstall MSE.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Denio]

Here

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
114 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Denio]

2

aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-24 19:03:06
-----------------------------
19:03:06.189 OS Version: Windows 5.1.2600 Service Pack 3
19:03:06.189 Number of processors: 1 586 0x207
19:03:06.189 ComputerName: DENIO UserName:
19:03:07.571 Initialze error C000010E - driver not loaded
19:03:30.023 AVAST engine defs: 12012400
19:03:32.677 Service scanning
19:03:34.069 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
19:03:34.760 Modules scanning
19:03:34.780 Disk 0 trace - called modules:
19:03:34.780
19:03:35.211 AVAST engine scan C:\WINDOWS
19:03:52.315 AVAST engine scan C:\WINDOWS\system32
19:12:03.462 AVAST engine scan C:\WINDOWS\system32\drivers
19:12:43.659 AVAST engine scan C:\Documents and Settings\Kolacek
19:19:00.792 AVAST engine scan C:\Documents and Settings\All Users
19:19:40.018 Scan finished successfully
19:25:57.881 The log file has been saved successfully to "D:\My Documents\aswMBR.txt"

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Denio]

log.txt

ComboFix 12-01-23.02 - Kolacek 01/24/2012 20:05:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.568 [GMT 1:00]
Running from: c:\documents and settings\Kolacek\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 17:39 . 2012-01-05 19:19 6557240 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D432E16D-B0CD-4C33-816D-690E719B8F61}\mpengine.dll
2012-01-24 17:34 . 2012-01-24 17:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-24 14:00 . 2012-01-24 14:00 -------- d-----w- c:\program files\MSECache
2012-01-24 12:11 . 2012-01-24 12:11 388096 ----a-r- c:\documents and settings\Kolacek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-24 12:11 . 2012-01-24 12:11 -------- d-----w- c:\program files\Trend Micro
2012-01-24 10:29 . 2012-01-24 10:29 -------- d-----w- c:\program files\Uniblue
2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\Kolacek\Application Data\Malwarebytes
2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-23 22:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 22:34 . 2012-01-23 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-23 21:56 . 2012-01-23 21:56 -------- d-----w- C:\_OTL
2012-01-23 20:51 . 2012-01-23 20:51 -------- d-----w- c:\windows\Sun
2012-01-23 19:17 . 2008-04-14 14:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-01-23 19:17 . 2008-04-14 14:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-23 19:10 . 2012-01-23 19:10 -------- d-----w- c:\documents and settings\Administrator
2012-01-23 18:34 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 18:14 . 2012-01-23 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-23 17:57 . 2012-01-23 17:57 -------- d-----w- c:\program files\Pontifex II
2012-01-23 17:31 . 2012-01-24 04:21 -------- d-----w- c:\windows\system32\URTTemp
2012-01-23 17:30 . 2012-01-23 17:30 -------- d-----w- c:\windows\ie8updates
2012-01-23 09:00 . 2012-01-23 18:00 -------- d-----w- c:\program files\Memory Washer
2012-01-23 08:59 . 2012-01-23 18:00 -------- d-----w- c:\program files\SpeedFan
2012-01-23 07:22 . 2011-11-04 19:19 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-23 07:22 . 2011-11-04 19:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-23 07:21 . 2011-11-04 19:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-23 07:21 . 2011-11-04 19:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-23 07:21 . 2011-11-04 19:19 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-01-23 07:21 . 2011-11-04 19:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-23 07:20 . 2011-10-25 13:38 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-01-23 07:20 . 2011-10-25 13:34 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-01-23 07:20 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 18:18 . 2011-08-17 19:51 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:56 . 2011-05-15 22:13 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2011-05-15 22:13 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2011-05-15 22:36 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:19 . 2011-05-15 22:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:19 . 2011-05-15 22:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:19 . 2011-05-15 22:20 919552 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 15:27 . 2011-05-15 22:11 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:27 . 2011-05-15 22:06 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:05 . 2011-05-15 22:08 1289216 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2011-05-15 22:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-21 07:24 . 2012-01-23 20:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-23_19.36.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 02:41 . 2012-01-24 02:41 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
- 2011-05-16 20:53 . 2011-05-16 20:53 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2012-01-24 04:17 . 2003-02-20 18:09 77824 c:\windows\system32\URTTemp\mscorsn.dll
- 2011-05-15 22:26 . 2011-03-22 14:47 46080 c:\windows\system32\tzchange.exe
+ 2011-05-15 22:26 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2011-06-29 09:02 . 2011-08-12 12:51 17272 c:\windows\system32\spmsg.dll
- 2011-06-29 09:02 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
+ 2011-05-15 22:35 . 2012-01-24 04:52 93802 c:\windows\system32\perfc009.dat
+ 2011-05-15 22:36 . 2011-09-26 10:41 20480 c:\windows\system32\oleaccrc.dll
- 2011-05-15 22:36 . 2009-10-08 15:56 20480 c:\windows\system32\oleaccrc.dll
- 2011-05-15 22:39 . 2011-02-23 01:27 66560 c:\windows\system32\mshtmled.dll
+ 2011-05-15 22:39 . 2011-11-04 19:19 66560 c:\windows\system32\mshtmled.dll
- 2011-05-15 22:38 . 2011-02-23 01:27 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-05-15 22:38 . 2011-11-04 19:19 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-05-15 22:10 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2011-05-15 22:10 . 2008-04-14 14:00 23040 c:\windows\system32\mciseq.dll
- 2011-05-15 22:20 . 2011-02-23 01:27 25600 c:\windows\system32\jsproxy.dll
+ 2011-05-15 22:20 . 2011-11-04 19:19 25600 c:\windows\system32\jsproxy.dll
+ 2011-05-15 22:36 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-05-15 22:36 . 2011-09-26 10:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
- 2011-05-15 22:36 . 2009-10-08 15:56 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2011-05-15 22:39 . 2011-11-04 19:19 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2011-05-15 22:39 . 2011-02-23 01:27 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2011-05-15 22:10 . 2008-04-14 14:00 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2011-05-15 22:10 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2011-05-15 22:32 . 2011-02-23 01:27 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2011-05-15 22:32 . 2011-11-04 19:19 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2011-05-15 22:20 . 2011-02-23 01:27 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-05-15 22:20 . 2011-11-04 19:19 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-05-15 22:15 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2011-05-15 22:15 . 2010-12-09 16:29 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-12-26 02:54 . 2011-12-26 02:54 15120 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
- 2011-07-09 08:30 . 2011-02-10 02:10 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-07-09 08:30 . 2011-07-09 08:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-12-26 02:54 . 2011-12-26 02:54 33552 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
+ 2011-12-25 02:49 . 2011-12-25 02:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-06-24 18:56 . 2009-06-24 18:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2011-12-25 10:07 . 2011-12-25 10:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2011-12-25 10:07 . 2010-09-23 13:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2011-12-24 21:55 . 2010-09-23 00:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2011-12-24 21:55 . 2010-09-23 00:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2011-12-24 21:55 . 2010-09-23 00:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-24 22:49 . 2011-12-24 22:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2011-12-24 22:49 . 2010-09-24 11:59 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-24 22:49 . 2011-12-24 22:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2011-12-24 22:49 . 2010-09-24 11:59 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-01-24 02:42 . 2012-01-24 02:42 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-01-24 02:42 . 2012-01-24 02:42 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2011-05-16 20:53 . 2011-05-16 20:53 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-24 03:03 . 2012-01-24 03:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-24 14:02 . 2012-01-24 14:02 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-05-18 11:34 . 2011-05-18 11:34 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-05-18 11:34 . 2012-01-24 05:15 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-01-24 04:14 . 2011-02-22 23:27 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-01-24 04:14 . 2011-02-23 01:27 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-01-24 04:14 . 2011-02-23 01:27 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-01-24 04:14 . 2011-02-23 01:27 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-01-24 04:14 . 2011-02-23 01:27 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-01-24 04:22 . 2012-01-24 04:22 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_bdcffc60\System.Drawing.Design.dll
+ 2012-01-24 04:22 . 2012-01-24 04:22 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e349a27d\CustomMarshalers.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\22e2167cc0343ffcf33c139d643f7319\UIAutomationProvider.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\cea6ce1b15885902c1a5d9ff3c135d7d\System.Xaml.Hosting.ni.dll
+ 2012-01-24 06:01 . 2012-01-24 06:01 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\1db25513a3c540836f7c9444e5ad858c\System.Windows.Presentation.ni.dll
+ 2012-01-24 06:00 . 2012-01-24 06:00 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\28a1e3505d3fe73d6e3a2e14341f651d\System.Web.Routing.ni.dll
+ 2012-01-24 05:59 . 2012-01-24 05:59 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\814e0eda94597dbaf64a2bad553b72fe\System.Web.DynamicData.Design.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\cdf66ea0ea10bda097e1c3cf98f5488b\System.Web.ApplicationServices.ni.dll
+ 2012-01-24 05:59 . 2012-01-24 05:59 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\fd3d9b91300ec5dabc339d8d27b0734b\System.Web.Abstractions.ni.dll
+ 2012-01-24 05:58 . 2012-01-24 05:58 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f2a1e73f7b5f7a20164a6ebe7c55b233\System.ServiceModel.Channels.ni.dll
+ 2012-01-24 05:58 . 2012-01-24 05:58 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\124b7ed8a85adf997a93f1862d977baa\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-01-24 05:50 . 2012-01-24 05:50 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\816cff697f09551211adea657a5e0658\System.AddIn.Contract.ni.dll
+ 2012-01-24 03:55 . 2012-01-24 03:55 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\610d21ab06f8a5448cbce3d442535b23\Microsoft.Workflow.Compiler.ni.exe
+ 2012-01-24 03:55 . 2012-01-24 03:55 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\b19086a8b2caf5f19936ad3e15d70d24\Microsoft.VisualC.ni.dll
+ 2012-01-24 03:29 . 2012-01-24 03:29 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\786efeb1c616e8f20fc6aa3a4c66e6b3\Accessibility.ni.dll
+ 2012-01-24 05:43 . 2012-01-24 05:43 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\ee58edbd347cad746f99f53afe180d6b\Microsoft.Build.Framework.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\821d323c572a83ef932f68c5bbba4e2e\Microsoft.Build.Framework.ni.dll
+ 2012-01-24 05:43 . 2012-01-24 05:43 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ef8e2a692d734b1d16571ddcf41150cc\dfsvc.ni.exe
+ 2012-01-24 05:43 . 2012-01-24 05:43 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9ddb246e5a79bbe85837c1a499880f00\Accessibility.ni.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-24 04:48 . 2012-01-24 04:48 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-05-16 20:33 . 2011-05-16 20:33 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-24 04:21 . 2012-01-24 04:21 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-05-18 09:03 . 2011-05-18 11:37 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2012-01-24 03:30 . 2012-01-24 03:30 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\92f747c6bba467d98e05a60411bae21f\dfsvc.ni.exe
+ 2012-01-24 04:50 . 2012-01-24 04:50 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-24 04:51 . 2012-01-24 04:51 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-05-16 20:34 . 2011-05-16 20:34 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-02-25 13:13 . 2009-02-25 13:13 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2009-02-25 13:13 . 2009-02-25 13:13 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2009-02-25 13:13 . 2009-02-25 13:13 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2011-05-15 22:06 . 2008-04-14 14:00 176128 c:\windows\system32\winmm.dll
+ 2011-05-15 22:06 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
+ 2012-01-24 04:17 . 2003-02-21 03:42 348160 c:\windows\system32\URTTemp\msvcr71.dll
+ 2012-01-24 04:17 . 2003-02-20 18:06 155648 c:\windows\system32\URTTemp\mscoree.dll
+ 2012-01-24 04:17 . 2003-02-20 18:06 282624 c:\windows\system32\URTTemp\fusion.dll
- 2011-05-15 22:04 . 2009-03-08 05:34 105984 c:\windows\system32\url.dll
+ 2011-05-15 22:04 . 2011-11-04 19:19 105984 c:\windows\system32\url.dll
+ 2011-05-15 22:39 . 2011-09-26 10:41 611328 c:\windows\system32\uiautomationcore.dll
- 2011-05-15 22:39 . 2009-10-08 15:57 611328 c:\windows\system32\uiautomationcore.dll
+ 2011-05-15 22:35 . 2012-01-24 04:52 519104 c:\windows\system32\perfh009.dat
+ 2011-05-15 22:11 . 2011-09-26 10:41 220160 c:\windows\system32\oleacc.dll
- 2011-05-15 22:11 . 2009-10-08 15:57 220160 c:\windows\system32\oleacc.dll
- 2011-05-15 22:19 . 2011-02-23 01:27 206848 c:\windows\system32\occache.dll
+ 2011-05-15 22:19 . 2011-11-04 19:19 206848 c:\windows\system32\occache.dll

 

[Denio]

log2.txt

+ 2011-05-15 22:11 . 2011-11-04 19:19 611840 c:\windows\system32\mstime.dll
- 2011-05-15 22:11 . 2011-02-23 01:27 611840 c:\windows\system32\mstime.dll
+ 2011-05-15 22:17 . 2011-11-04 19:19 602112 c:\windows\system32\msfeeds.dll
- 2011-05-15 22:17 . 2011-02-23 01:27 602112 c:\windows\system32\msfeeds.dll
- 2011-05-16 21:10 . 2011-03-07 05:31 692736 c:\windows\system32\inetcomm.dll
+ 2011-05-16 21:10 . 2011-10-10 14:21 692736 c:\windows\system32\inetcomm.dll
- 2011-05-15 22:21 . 2011-02-23 01:27 184320 c:\windows\system32\iepeers.dll
+ 2011-05-15 22:21 . 2011-11-04 19:19 184320 c:\windows\system32\iepeers.dll
+ 2011-05-15 22:32 . 2011-11-04 19:19 387584 c:\windows\system32\iedkcs32.dll
- 2011-05-15 22:32 . 2011-02-23 01:27 387584 c:\windows\system32\iedkcs32.dll
+ 2011-05-15 22:31 . 2011-10-25 12:01 174080 c:\windows\system32\ie4uinit.exe
- 2011-05-16 22:11 . 2012-01-23 18:15 191384 c:\windows\system32\FNTCACHE.DAT
+ 2011-05-16 22:11 . 2012-01-24 05:37 191384 c:\windows\system32\FNTCACHE.DAT
+ 2011-05-15 22:14 . 2011-10-18 11:12 186880 c:\windows\system32\encdec.dll
- 2011-05-15 22:14 . 2011-02-09 15:52 186880 c:\windows\system32\encdec.dll
+ 2011-04-18 12:18 . 2011-04-18 12:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2011-05-15 22:04 . 2011-08-17 13:41 138496 c:\windows\system32\drivers\afd.sys
- 2011-05-15 22:04 . 2009-09-16 13:41 138496 c:\windows\system32\drivers\afd.sys
+ 2011-05-15 22:13 . 2011-11-25 21:56 293376 c:\windows\system32\dllcache\winsrv.dll
- 2011-05-15 22:13 . 2010-06-18 19:43 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-05-15 22:06 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
- 2011-05-15 22:06 . 2008-04-14 14:00 176128 c:\windows\system32\dllcache\winmm.dll
- 2011-05-15 22:20 . 2011-02-23 01:27 919552 c:\windows\system32\dllcache\wininet.dll
+ 2011-05-15 22:20 . 2011-11-04 19:19 919552 c:\windows\system32\dllcache\wininet.dll
- 2011-05-15 22:04 . 2009-03-08 05:34 105984 c:\windows\system32\dllcache\url.dll
+ 2011-05-15 22:04 . 2011-11-04 19:19 105984 c:\windows\system32\dllcache\url.dll
- 2011-05-15 22:06 . 2008-04-14 14:00 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2011-05-15 22:06 . 2011-11-03 15:27 386048 c:\windows\system32\dllcache\qdvd.dll
- 2011-05-15 22:11 . 2009-10-08 15:57 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2011-05-15 22:11 . 2011-09-26 10:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2011-05-15 22:19 . 2011-11-04 19:19 206848 c:\windows\system32\dllcache\occache.dll
- 2011-05-15 22:19 . 2011-02-23 01:27 206848 c:\windows\system32\dllcache\occache.dll
- 2011-05-15 22:11 . 2011-02-23 01:27 611840 c:\windows\system32\dllcache\mstime.dll
+ 2011-05-15 22:11 . 2011-11-04 19:19 611840 c:\windows\system32\dllcache\mstime.dll
+ 2011-05-16 21:10 . 2011-10-10 14:21 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2011-05-16 21:10 . 2011-03-07 05:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2011-05-15 22:21 . 2011-11-04 19:19 184320 c:\windows\system32\dllcache\iepeers.dll
- 2011-05-15 22:21 . 2011-02-23 01:27 184320 c:\windows\system32\dllcache\iepeers.dll
- 2011-05-15 22:32 . 2011-02-23 01:27 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2011-05-15 22:32 . 2011-11-04 19:19 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2011-05-15 22:31 . 2011-10-25 12:01 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-05-15 22:14 . 2011-10-18 11:12 186880 c:\windows\system32\dllcache\encdec.dll
- 2011-05-15 22:14 . 2011-02-09 15:52 186880 c:\windows\system32\dllcache\encdec.dll
- 2011-05-15 22:16 . 2009-03-19 16:22 599552 c:\windows\system32\dllcache\crypt32.dll
+ 2011-05-15 22:16 . 2011-09-28 07:05 599552 c:\windows\system32\dllcache\crypt32.dll
- 2011-05-15 22:04 . 2009-09-16 13:41 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-05-15 22:04 . 2011-08-17 13:41 138496 c:\windows\system32\dllcache\afd.sys
- 2011-05-15 22:16 . 2009-03-19 16:22 599552 c:\windows\system32\crypt32.dll
+ 2011-05-15 22:16 . 2011-09-28 07:05 599552 c:\windows\system32\crypt32.dll
+ 2011-12-26 02:54 . 2011-12-26 02:54 496400 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
+ 2011-07-09 08:30 . 2011-07-09 08:30 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2011-07-09 08:30 . 2011-02-10 02:10 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-26 03:39 . 2011-12-26 03:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2011-07-09 08:30 . 2011-07-09 08:30 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-12-25 02:49 . 2011-12-25 02:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2011-07-07 04:18 . 2011-01-18 02:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-07-07 04:18 . 2011-07-07 04:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-07-07 04:18 . 2011-07-07 04:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-07-07 04:18 . 2011-01-18 02:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-12-24 21:55 . 2010-09-23 00:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2011-12-24 21:53 . 2010-09-23 00:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-24 21:53 . 2011-12-24 21:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2011-12-24 22:49 . 2010-09-24 11:59 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-24 22:49 . 2011-12-24 22:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-24 02:42 . 2012-01-24 02:42 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-01-24 02:42 . 2012-01-24 02:42 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-01-24 02:42 . 2012-01-24 02:42 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-12-25 04:40 . 2011-12-25 04:40 819200 c:\windows\Installer\ea8d75.msp
+ 2012-01-24 14:02 . 2012-01-24 14:02 381440 c:\windows\Installer\b6d95d.msi
+ 2012-01-24 17:35 . 2012-01-24 17:35 785920 c:\windows\Installer\17b3934.msi
+ 2012-01-24 17:35 . 2012-01-24 17:35 483840 c:\windows\Installer\17b392c.msi
+ 2012-01-24 17:35 . 2012-01-24 17:35 301056 c:\windows\Installer\17b3925.msi
+ 2011-05-18 09:03 . 2012-01-24 05:20 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2011-05-18 09:03 . 2011-05-18 11:37 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-05-18 09:03 . 2012-01-24 05:20 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-01-14 05:10 . 2011-01-14 05:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 05:10 . 2011-01-14 05:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2012-01-24 04:14 . 2011-02-23 01:27 919552 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-01-24 04:14 . 2009-03-08 05:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-01-24 04:14 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-01-24 04:14 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-01-24 04:14 . 2011-02-23 01:27 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-01-24 04:14 . 2011-02-23 01:27 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-01-24 04:14 . 2011-02-23 01:27 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-01-24 04:14 . 2011-02-22 23:27 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-01-24 04:14 . 2011-02-23 01:27 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-01-24 04:14 . 2011-02-22 23:27 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-01-24 04:14 . 2011-02-23 01:27 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-01-24 04:14 . 2011-02-22 14:08 173568 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-01-24 04:24 . 2012-01-24 04:24 839680 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0eeb8e49\System.Drawing.dll
+ 2012-01-24 04:25 . 2012-01-24 04:25 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_48457660\System.Drawing.Design.dll
+ 2012-01-24 04:25 . 2012-01-24 04:25 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_076930b4\CustomMarshalers.dll
+ 2012-01-24 06:02 . 2012-01-24 06:02 399360 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\9664642291c9e6947e80e282f8ad936f\XamlBuildTask.ni.dll
+ 2012-01-24 03:42 . 2012-01-24 03:42 355840 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\91f36a1266605d3ae195da050ba346b7\WsatConfig.ni.exe
+ 2012-01-24 06:02 . 2012-01-24 06:02 246272 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\3837b5762a65500f4625d7d7eeaafec7\WindowsFormsIntegration.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7256f900ecbcc13fcc2016bee355a0a9\UIAutomationTypes.ni.dll
+ 2012-01-24 06:02 . 2012-01-24 06:02 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ac6d7b772cf6adb6cc801a34cf542a94\UIAutomationClient.ni.dll
+ 2012-01-24 04:41 . 2012-01-24 04:41 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\3166f5b3d399907f79b1c1fc5e12466e\System.Xml.Linq.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 188416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0354774f1ef6c5a5abcddd7efd8bc87d\System.Windows.Input.Manipulations.ni.dll
+ 2012-01-24 06:01 . 2012-01-24 06:01 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\fb116e90974a0fc4c64bd720a647de5a\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 218624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\7cc3cb571c7c768245bd7cab440cdf91\System.Web.RegularExpressions.ni.dll
+ 2012-01-24 06:00 . 2012-01-24 06:00 860672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\8714143400e6ebf691254e8d2c291a23\System.Web.Extensions.Design.ni.dll
+ 2012-01-24 05:59 . 2012-01-24 05:59 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\85291eb24ab40a23a6bd942c58ea4035\System.Web.Entity.ni.dll
+ 2012-01-24 06:00 . 2012-01-24 06:00 296960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\02132f6d9109c545016db6e48bc53750\System.Web.Entity.Design.ni.dll
+ 2012-01-24 05:59 . 2012-01-24 05:59 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\11a83f56847d2d88fc3800757cd0852e\System.Web.DynamicData.ni.dll
+ 2012-01-24 05:59 . 2012-01-24 05:59 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\b1822e4c5245131c1f2262329591ee85\System.Web.DataVisualization.Design.ni.dll
+ 2012-01-24 05:47 . 2012-01-24 05:47 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\235026f0a845502850cfb33ae7527308\System.Transactions.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\3a6b4997eab9790d3900652765ed1077\System.ServiceProcess.ni.dll
+ 2012-01-24 05:58 . 2012-01-24 05:58 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7cad8e5bf13ea5f715818878b5e96404\System.ServiceModel.Routing.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 425472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\170fe1b3f56962340fe863a3ff078472\System.ServiceModel.Activation.ni.dll
+ 2012-01-24 03:17 . 2012-01-24 03:17 726016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ff4cf675d5ac2c499051972634086a9\System.Security.ni.dll
+ 2012-01-24 03:47 . 2012-01-24 03:47 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\57fc8072288ebd23b420caf6decf35d2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-01-24 05:47 . 2012-01-24 05:47 770560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\03c0dcb8ebf1b3e288a55e2f661b5a10\System.Runtime.Remoting.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 241664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\1fc5600348d7e1eed880a13757c37587\System.Runtime.Caching.ni.dll
+ 2012-01-24 03:17 . 2012-01-24 03:17 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\24a3c5d98224f2520beba30e52999bef\System.Numerics.ni.dll
+ 2012-01-24 05:58 . 2012-01-24 05:58 652288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\7e059f7c19fdf252565d40e7be4f4d4b\System.Net.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\0e7af058442641e30535c6ffdf94bc20\System.Messaging.ni.dll
+ 2012-01-24 05:58 . 2012-01-24 05:58 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\3a628f36997c6c3f599f6b4030606365\System.Management.Instrumentation.ni.dll
+ 2012-01-24 05:58 . 2012-01-24 05:58 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\fa2a34469e3040db61e12309de553bc7\System.IO.Log.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3c7c1f327f3cd933d0e490a8d7138389\System.IdentityModel.Selectors.ni.dll
+ 2012-01-24 05:47 . 2012-01-24 05:47 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\cf62767314b744e8ae8ed554e2810d0b\System.EnterpriseServices.Wrapper.dll
+ 2012-01-24 05:47 . 2012-01-24 05:47 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\cf62767314b744e8ae8ed554e2810d0b\System.EnterpriseServices.ni.dll
+ 2012-01-24 03:17 . 2012-01-24 03:17 376832 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\080eded167e72615a60acd2118bf460d\System.Dynamic.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 223232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\d5c8056f3ea9fdacaa405e1aea0736b7\System.Drawing.Design.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 468480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9ad6acca957f6c4990dbd2cf7838bc35\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-24 05:58 . 2012-01-24 05:58 913408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\4c2f15666166376535c9dcf5ee9ff06e\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-24 05:58 . 2012-01-24 05:58 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\3cfcf1294c9314de02b99761b530a10a\System.Device.ni.dll
+ 2012-01-24 05:58 . 2012-01-24 05:58 501248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\a449b594acf495f839b67a49419ced37\System.Data.Services.Design.ni.dll

 

[Denio]

3

+ 2012-01-24 05:50 . 2012-01-24 05:50 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\b166d527268774e832107870ea864f21\System.Data.DataSetExtensions.ni.dll
+ 2012-01-24 03:15 . 2012-01-24 03:15 974336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\59e675e55549ff602b0fe723672a6118\System.Configuration.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 147968 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\895f1fbb108fb721a3370a4c707215f1\System.Configuration.Install.ni.dll
+ 2012-01-24 05:50 . 2012-01-24 05:50 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\ee955be04c9a855715b47adfb5ec3eb1\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-01-24 03:19 . 2012-01-24 03:19 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\340852f5314ea19829a0c2f3fc110f78\System.ComponentModel.Composition.ni.dll
+ 2012-01-24 05:50 . 2012-01-24 05:50 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\5c688f3d580bc6284c13ba84dbb0fc96\System.AddIn.ni.dll
+ 2012-01-24 05:49 . 2012-01-24 05:49 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\42dce8c63266b73a24a0ffeabf57cd59\System.Activities.DurableInstancing.ni.dll
+ 2012-01-24 03:42 . 2012-01-24 03:42 317440 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\8621cea6a4dbe59db926a107913f6e2a\SMSvcHost.ni.exe
+ 2012-01-24 05:47 . 2012-01-24 05:47 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0d4c94983ade48449ab00c3faeb5b2d6\SMDiagnostics.ni.dll
+ 2012-01-24 03:25 . 2012-01-24 03:25 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f8323ba6e6dc9f17b3d464d881ecd755\PresentationFramework.Luna.ni.dll
+ 2012-01-24 03:25 . 2012-01-24 03:25 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aecf2b8b073161883e7317043924161b\PresentationFramework.Classic.ni.dll
+ 2012-01-24 03:22 . 2012-01-24 03:22 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5f55f8e72e68974a0d14b5e397a35878\PresentationFramework.Aero.ni.dll
+ 2012-01-24 03:22 . 2012-01-24 03:22 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\0617c21f18d1a637df8730a4fa6e5922\PresentationFramework.Royale.ni.dll
+ 2012-01-24 03:30 . 2012-01-24 03:30 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\693da8e825ef8c1e7df9e7e43872379b\MSBuild.ni.exe
+ 2012-01-24 03:55 . 2012-01-24 03:55 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\397202fed5fe6a0eb268b246cf6b5b1c\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-01-24 03:50 . 2012-01-24 03:50 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\0207a1bdffee2936b2164bff36f8fe2e\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-24 03:47 . 2012-01-24 03:47 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\4c9e18cadb51acd910e528fac7a12d7f\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-01-24 03:31 . 2012-01-24 03:31 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\215159a55e53f3c477e64ce1eda9bfad\Microsoft.Build.Framework.ni.dll
+ 2012-01-24 03:43 . 2012-01-24 03:43 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\a46404e6aed0165cbb90423a28955938\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-01-24 03:42 . 2012-01-24 03:42 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dace95e962d11c1991897933dbbe9ffd\CustomMarshalers.ni.dll
+ 2012-01-24 03:30 . 2012-01-24 03:30 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\a52dd9ab2dea894462a2547ae595d61f\ComSvcConfig.ni.exe
+ 2012-01-24 03:29 . 2012-01-24 03:29 849920 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\b73c586b88617bcbc6409e345909c1b6\AspNetMMCExt.ni.dll
+ 2012-01-24 05:46 . 2012-01-24 05:46 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\9f1da6cc2d020cede28f71910854f36c\System.Web.RegularExpressions.ni.dll
+ 2012-01-24 05:45 . 2012-01-24 05:45 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b859aa773905383eb55c998b1243aaeb\System.Web.Abstractions.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\908a7a37e005c4a7d05c5ca0d99a8f6b\System.Transactions.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\19b930a4bc667660d2ed4780b571bb61\System.ServiceProcess.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\8d33c6ec91acda780596c29b1b0e4ee8\System.Security.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\51315451cee4cef2cae6ceb7f46452a0\System.EnterpriseServices.Wrapper.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\51315451cee4cef2cae6ceb7f46452a0\System.EnterpriseServices.ni.dll
- 2012-01-23 17:56 . 2012-01-23 17:56 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\351a3929f350c03900d1af77f25bccff\System.Drawing.Design.ni.dll
+ 2012-01-24 05:41 . 2012-01-24 05:41 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\351a3929f350c03900d1af77f25bccff\System.Drawing.Design.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\32c1b0f1ba97a332ff2ba6ecb69fb115\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-24 05:43 . 2012-01-24 05:43 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3b851ac7ec20c53f6bb6b46dad52d9f7\System.Configuration.ni.dll
+ 2012-01-24 05:43 . 2012-01-24 05:43 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2a528d177ee389cfa96dc56a3b625d97\MSBuild.ni.exe
+ 2012-01-24 05:44 . 2012-01-24 05:44 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ba1a3dcecc7dc8980b81c470ff14f541\Microsoft.Build.Utilities.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a098f2a2bc884f1a5f8f08817ec89ead\Microsoft.Build.Engine.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\97c8c3e61afe8ff023aa5a052146d231\CustomMarshalers.ni.dll
+ 2012-01-24 05:43 . 2012-01-24 05:43 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8b173c2f4cc27d3af56a93e7daf98471\AspNetMMCExt.ni.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-24 04:48 . 2012-01-24 04:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-24 04:48 . 2012-01-24 04:48 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-24 04:51 . 2012-01-24 04:51 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-24 04:51 . 2012-01-24 04:51 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-24 04:51 . 2012-01-24 04:51 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-24 04:48 . 2012-01-24 04:48 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-05-16 20:35 . 2011-05-16 20:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-24 04:17 . 2003-02-20 18:08 2482176 c:\windows\system32\URTTemp\mscorwks.dll
+ 2011-05-15 22:10 . 2011-11-04 19:19 1214464 c:\windows\system32\urlmon.dll
+ 2011-05-15 22:36 . 2011-10-25 13:34 2192768 c:\windows\system32\ntoskrnl.exe
- 2011-05-15 22:36 . 2010-12-09 15:43 2192768 c:\windows\system32\ntoskrnl.exe
- 2010-12-09 19:39 . 2008-04-14 14:00 2069376 c:\windows\system32\ntkrnlpa.exe
+ 2010-12-09 19:39 . 2011-10-25 17:22 2069376 c:\windows\system32\ntkrnlpa.exe
+ 2011-05-15 22:12 . 2011-11-04 19:19 5978624 c:\windows\system32\mshtml.dll
+ 2011-05-15 22:32 . 2011-11-04 19:19 2001408 c:\windows\system32\iertutil.dll
+ 2011-05-15 22:13 . 2011-11-23 13:29 1868544 c:\windows\system32\dllcache\win32k.sys
+ 2011-05-15 22:10 . 2011-11-04 19:19 1214464 c:\windows\system32\dllcache\urlmon.dll
+ 2011-05-15 22:11 . 2011-11-03 15:27 1292288 c:\windows\system32\dllcache\quartz.dll
- 2011-05-15 22:11 . 2010-07-14 07:48 1292288 c:\windows\system32\dllcache\quartz.dll
- 2011-05-15 22:08 . 2010-07-16 14:04 1289216 c:\windows\system32\dllcache\ole32.dll
+ 2011-05-15 22:08 . 2011-11-01 16:05 1289216 c:\windows\system32\dllcache\ole32.dll
+ 2011-10-25 17:22 . 2011-10-25 17:22 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2011-05-15 22:12 . 2011-11-04 19:19 5978624 c:\windows\system32\dllcache\mshtml.dll
+ 2011-12-26 02:54 . 2011-12-26 02:54 1863464 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2011-12-26 02:54 . 2011-12-26 02:54 5230864 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
+ 2011-07-09 08:30 . 2011-07-09 08:30 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-07-09 08:30 . 2011-07-09 08:30 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-07-09 08:30 . 2011-07-09 08:30 6724424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-07-07 04:18 . 2011-07-07 04:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-07-07 04:18 . 2011-01-18 02:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-07-07 04:18 . 2011-07-07 04:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 10:07 . 2011-12-25 10:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 10:06 . 2011-12-25 10:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2011-12-25 10:06 . 2010-09-23 13:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 10:06 . 2011-12-25 10:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-24 21:54 . 2011-12-24 21:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2011-12-24 21:54 . 2010-09-23 00:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-24 21:53 . 2011-12-24 21:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-12-25 10:06 . 2010-09-23 13:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-25 10:06 . 2011-12-25 10:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-01-24 02:42 . 2012-01-24 02:42 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 1863464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-01-24 02:41 . 2012-01-24 02:41 5230864 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-24 03:04 . 2012-01-24 03:04 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-24 03:06 . 2012-01-24 03:06 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-24 03:03 . 2012-01-24 03:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-05-16 20:53 . 2011-05-16 20:53 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-24 03:05 . 2012-01-24 03:05 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-06 14:22 . 2011-12-06 14:22 5519360 c:\windows\Installer\ea8dc6.msp
+ 2011-07-21 11:34 . 2011-07-21 11:34 3456000 c:\windows\Installer\ea8d82.msp
+ 2011-12-26 09:00 . 2011-12-26 09:00 2608640 c:\windows\Installer\ea8d54.msp
+ 2011-12-26 08:59 . 2011-12-26 08:59 4368896 c:\windows\Installer\ea8d53.msp
+ 2011-10-29 22:10 . 2011-10-29 22:10 6824960 c:\windows\Installer\80e8d6.msp
+ 2011-09-20 14:36 . 2011-09-20 14:36 5521408 c:\windows\Installer\80e8b2.msp
+ 2011-10-31 11:37 . 2011-10-31 11:37 4146688 c:\windows\Installer\80e89c.msp
+ 2011-12-26 04:06 . 2011-12-26 04:06 5115392 c:\windows\Installer\5a86f.msp
+ 2012-01-24 12:11 . 2012-01-24 12:11 1094656 c:\windows\Installer\537589.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-01-14 05:10 . 2011-01-14 05:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 05:10 . 2011-01-14 05:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 05:10 . 2011-01-14 05:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2012-01-24 04:14 . 2011-02-23 01:27 1212928 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-01-24 04:14 . 2011-02-23 01:27 5964800 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-01-24 04:14 . 2011-02-23 01:27 1992192 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2012-01-23 07:20 . 2011-10-25 13:34 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2012-01-23 07:20 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2011-10-25 17:22 . 2011-10-25 17:22 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2012-01-23 07:20 . 2011-10-25 13:38 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-01-24 04:25 . 2012-01-24 04:25 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_8526a91d\System.dll
+ 2012-01-24 04:22 . 2012-01-24 04:22 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_4d80d871\System.dll
+ 2012-01-24 04:26 . 2012-01-24 04:26 5644288 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f989ec7c\System.Xml.dll
+ 2012-01-24 04:23 . 2012-01-24 04:23 2117632 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_350d1c5c\System.Xml.dll
+ 2012-01-24 04:26 . 2012-01-24 04:26 7925760 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_850e090a\System.Windows.Forms.dll
+ 2012-01-24 04:23 . 2012-01-24 04:23 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_12878893\System.Windows.Forms.dll
+ 2012-01-24 04:26 . 2012-01-24 04:26 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_89781aaf\System.Drawing.dll
+ 2012-01-24 04:24 . 2012-01-24 04:24 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9e060296\System.Design.dll
+ 2012-01-24 04:26 . 2012-01-24 04:26 3403776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2a7240c9\System.Design.dll
+ 2012-01-24 04:27 . 2012-01-24 04:27 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_52b5706b\mscorlib.dll
+ 2012-01-24 04:25 . 2012-01-24 04:25 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_117148bb\mscorlib.dll
+ 2012-01-24 03:14 . 2012-01-24 03:14 3793408 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\35e559423e66ab394f254970d2bedba9\WindowsBase.ni.dll
+ 2012-01-24 06:02 . 2012-01-24 06:02 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\bae88c0df1ef666a7d6f3203cdaa0249\UIAutomationClientsideProviders.ni.dll
+ 2012-01-24 03:11 . 2012-01-24 03:11 9060352 c:\windows\assembly\NativeImages_v4.0.30319_32\System\2accd7336f3f1b087ba31adf573d1beb\System.ni.dll
+ 2012-01-24 03:16 . 2012-01-24 03:16 5611008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\8f49ea3bbe3b41cd34615e214c640255\System.Xml.ni.dll
+ 2012-01-24 03:32 . 2012-01-24 03:32 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e13335445ab741fb18e039cc53df9cd7\System.Xaml.ni.dll
+ 2012-01-24 06:02 . 2012-01-24 06:02 1206784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\245d249eb4959eaad6fca7105c0f4405\System.WorkflowServices.ni.dll
+ 2012-01-24 06:01 . 2012-01-24 06:01 1969152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\2453cd963ccde8d72968a0d8f54dd2d3\System.Workflow.Runtime.ni.dll
+ 2012-01-24 06:01 . 2012-01-24 06:01 4444672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\badaff27602e0ceb65449c8129be4760\System.Workflow.ComponentModel.ni.dll
+ 2012-01-24 06:01 . 2012-01-24 06:01 2860032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\469c0fd6288dccccddd1fe5ee15cbb87\System.Workflow.Activities.ni.dll
+ 2012-01-24 06:01 . 2012-01-24 06:01 4544000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\98bcefcbd76ed89c7ac5d4c6c03ca928\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 1887232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\7312e95505aa3bb844165d21f50cd973\System.Web.Services.ni.dll
+ 2012-01-24 06:00 . 2012-01-24 06:00 2333184 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\1fa17076a42f6ffab775c479812ff372\System.Web.Mobile.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 3120128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\2bf01ad4406bb1265732bc6501279f69\System.Web.Extensions.ni.dll
+ 2012-01-24 05:59 . 2012-01-24 05:59 4481024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\5dcefaa000a3af031eeb85b1cdff5294\System.Web.DataVisualization.ni.dll
+ 2012-01-24 05:59 . 2012-01-24 05:59 2004992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\f231a8b7b5850adedf3acfc86b932c5f\System.Speech.ni.dll
+ 2012-01-24 05:55 . 2012-01-24 05:55 1051136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8ae253a31a7792f4988bf07f4f8f2f56\System.ServiceModel.Web.ni.dll
+ 2012-01-24 05:58 . 2012-01-24 05:58 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4b449c74cb64366db120095cb4a4264b\System.ServiceModel.Discovery.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\065dbab6d368fa0884a0f3611f02d3f7\System.ServiceModel.Activities.ni.dll
+ 2012-01-24 05:46 . 2012-01-24 05:46 2629632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\23922346b589bb71323a14121316aa87\System.Runtime.Serialization.ni.dll
+ 2012-01-24 05:47 . 2012-01-24 05:47 1019392 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a4e7ce1e2d8a7d6f23ddf7cb71071d2a\System.Runtime.DurableInstancing.ni.dll
+ 2012-01-24 05:49 . 2012-01-24 05:49 1048064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\330ab8090ae72709de71b8a2d06f6e98\System.Printing.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 1164800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\856c8246abe0036938edae1802cfdeb0\System.Management.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 1071104 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e7ad404569c958b201b02d526e355fd5\System.IdentityModel.ni.dll
+ 2012-01-24 03:26 . 2012-01-24 03:26 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\be31497ae34de0ea10fccab31729133f\System.Drawing.ni.dll
+ 2012-01-24 05:47 . 2012-01-24 05:47 1171968 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\bd51be5af79a0ba92816e95ee823b14f\System.DirectoryServices.ni.dll
+ 2012-01-24 03:48 . 2012-01-24 03:48 1876992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\80d22c4a296fa01c9833665ccfa34445\System.Deployment.ni.dll
+ 2012-01-24 03:18 . 2012-01-24 03:18 6789632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\4908ac42fd8ceff8dbd612c7f31dcc1f\System.Data.ni.dll
+ 2012-01-24 03:16 . 2012-01-24 03:16 2543616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\dfabb3a4439eaae0e5327618c0eaa0b7\System.Data.SqlXml.ni.dll
+ 2012-01-24 05:55 . 2012-01-24 05:55 2018304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\32dd0b0e1dbb96755bc53b84053f428a\System.Data.Services.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\c0248d0ea5c967d9701bfb24664cd016\System.Data.Services.Client.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\79dac40c552b94ff383a3ea4eb5c6d73\System.Data.OracleClient.ni.dll
+ 2012-01-24 03:13 . 2012-01-24 03:13 2511872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\abc6a2a1a63d4529b3c1a025575a0a3b\System.Data.Linq.ni.dll
+ 2012-01-24 05:54 . 2012-01-24 05:54 1400320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\19253acb1c5de7fbd3ea888d880fbc85\System.Data.Entity.Design.ni.dll
+ 2012-01-24 03:12 . 2012-01-24 03:12 7049216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\62117b1ebb9f66f97a05b39b0c52cf55\System.Core.ni.dll
+ 2012-01-24 05:49 . 2012-01-24 05:49 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\447e17550fceb8e4ebda2ade70967f23\System.Activities.ni.dll
+ 2012-01-24 05:50 . 2012-01-24 05:50 3696640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\f089d1483dea495c8863d0fb7340d64e\System.Activities.Presentation.ni.dll
+ 2012-01-24 05:49 . 2012-01-24 05:49 1511936 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\7c478c30563c0abdf4b8aef273ce2879\System.Activities.Core.Presentation.ni.dll

 

[Denio]

4

+ 2012-01-24 05:49 . 2012-01-24 05:49 2857984 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\63de7b1c6733681dd5ba1952ec55e3df\ReachFramework.ni.dll
+ 2012-01-24 04:04 . 2012-01-24 04:04 1626624 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\d829f68c5f65a1119614a66b468b6ef1\PresentationUI.ni.dll
+ 2012-01-24 03:57 . 2012-01-24 03:57 1471488 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\79086519ed31598c82dea6c21acade6a\PresentationBuildTasks.ni.dll
+ 2012-01-24 03:52 . 2012-01-24 03:52 1834496 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f8f5181f865f741f06c3aaed37273f2a\Microsoft.VisualBasic.ni.dll
+ 2012-01-24 03:55 . 2012-01-24 03:55 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c419f255f8b2f78f71eb60707490b99f\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-01-24 03:53 . 2012-01-24 03:53 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\57741616a18c8c55d6c13f6602abf597\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-01-24 03:50 . 2012-01-24 03:50 1081856 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ab7ea7a2ca7e34947b121a8b1162f468\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 2449408 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\e06226abfc40ab63de70dd1cbfbe326e\Microsoft.JScript.ni.dll
+ 2012-01-24 03:15 . 2012-01-24 03:15 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\c4f9bb41be6f039f048ddb6c2be2b32b\Microsoft.CSharp.ni.dll
+ 2012-01-24 03:40 . 2012-01-24 03:40 4242432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\fe5821a843c51680cd231e4a3578bad0\Microsoft.Build.ni.dll
+ 2012-01-24 03:46 . 2012-01-24 03:46 2859520 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\a1ba22eb5a67d8f6915af9913d46f5e6\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-01-24 03:42 . 2012-01-24 03:42 1927168 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\33c9a48b7d73c4e61c5eb20fb5c98bf4\Microsoft.Build.Engine.ni.dll
+ 2012-01-24 05:23 . 2012-01-24 05:23 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\5b5edb3223d2055dfb3af206bbc96d9f\System.ni.dll
+ 2012-01-24 05:42 . 2012-01-24 05:42 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16b61670b9a6caff6afea6d1aef06be6\System.Xml.ni.dll
+ 2012-01-24 05:46 . 2012-01-24 05:46 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\78fe79977f7853ac4815948f6739ab36\System.Web.Services.ni.dll
+ 2012-01-24 05:45 . 2012-01-24 05:45 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f98e228c15f52ce9186bd77e88289d97\System.Web.Mobile.ni.dll
+ 2012-01-24 05:45 . 2012-01-24 05:45 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f92c1141bdc98040726d799ed4f3af82\System.Web.Extensions.ni.dll
+ 2012-01-24 05:41 . 2012-01-24 05:41 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1f47e98668e26db666515dc94743e70f\System.Drawing.ni.dll
- 2012-01-23 17:56 . 2012-01-23 17:56 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1f47e98668e26db666515dc94743e70f\System.Drawing.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\aa508d5c6821abb6e9babfb7d5de18db\System.DirectoryServices.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\8514a4c522358f44ca856750ec56a2d9\System.Deployment.ni.dll
+ 2012-01-24 05:28 . 2012-01-24 05:28 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\257f16884704728354b65c28294b2f0d\System.Data.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d62d4fe98efaf4aace3848026d076892\System.Data.SqlXml.ni.dll
+ 2012-01-24 05:45 . 2012-01-24 05:45 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\7b4a8adb0fe6e4fc9190bcc63ad97f15\System.Core.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d44bfa05a3f247ef1b67cfc97a755f5a\Microsoft.VisualBasic.ni.dll
+ 2012-01-24 05:44 . 2012-01-24 05:44 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a5867359202278a623b6d2dad25e7394\Microsoft.Build.Tasks.ni.dll
+ 2012-01-24 05:43 . 2012-01-24 05:43 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\73609893e7baf09fd714b622c21e3013\Microsoft.Build.Engine.ni.dll
+ 2012-01-24 04:50 . 2012-01-24 04:51 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-24 04:50 . 2012-01-24 04:50 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-05-16 20:45 . 2011-05-16 20:45 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\system.web.extensions.dll
+ 2012-01-24 04:29 . 2012-01-24 04:29 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-24 04:49 . 2012-01-24 04:49 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-24 04:48 . 2012-01-24 04:48 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-24 04:51 . 2012-01-24 04:51 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-05-16 20:34 . 2011-05-16 20:34 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-24 04:51 . 2012-01-24 04:51 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-05-16 20:33 . 2011-05-16 20:33 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-24 04:21 . 2012-01-24 04:21 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-24 04:20 . 2012-01-24 04:20 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-24 04:21 . 2012-01-24 04:21 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-05-15 22:04 . 2011-12-07 10:44 52988224 c:\windows\system32\MRT.exe
+ 2011-05-15 22:21 . 2011-11-05 13:19 11083776 c:\windows\system32\ieframe.dll
+ 2011-11-05 13:19 . 2011-11-05 13:19 11083776 c:\windows\system32\dllcache\ieframe.dll
+ 2012-01-24 05:08 . 2012-01-24 05:08 20333568 c:\windows\Installer\ea8db1.msp
+ 2011-07-26 15:33 . 2011-07-26 15:33 10984448 c:\windows\Installer\ea8da4.msp
+ 2011-07-11 19:43 . 2011-07-11 19:43 11641344 c:\windows\Installer\ea8d8d.msp
+ 2012-01-24 04:16 . 2012-01-24 04:16 19677184 c:\windows\Installer\ea8d6d.msp
+ 2011-07-11 16:19 . 2011-07-11 16:19 10619904 c:\windows\Installer\80e8c0.msp
+ 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows\Installer\5a867.msp
+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2012-01-24 04:14 . 2011-02-23 04:57 11082752 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2012-01-24 03:27 . 2012-01-24 03:27 13024256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6e45dc7bef38a6d8b1aef6e716cb648\System.Windows.Forms.ni.dll
+ 2012-01-24 05:47 . 2012-01-24 05:47 12033024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\b3f3ee803ac8203e09ac625027f6e9c2\System.Web.ni.dll
+ 2012-01-24 05:57 . 2012-01-24 05:57 17978368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\21d70baf34340c5e80acd99fa7eede62\System.ServiceModel.ni.dll
+ 2012-01-24 05:48 . 2012-01-24 05:48 10883072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\c4ebd3ffbf50d6c8e9b41dd5fec25065\System.Design.ni.dll
+ 2012-01-24 05:54 . 2012-01-24 05:54 13324288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\00d105219b970fcbd31a25f3a7c67b77\System.Data.Entity.ni.dll
+ 2012-01-24 03:25 . 2012-01-24 03:25 17662976 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3c61ca33916bf776e0e84cb970336ae6\PresentationFramework.ni.dll
+ 2012-01-24 03:21 . 2012-01-24 03:21 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\260b1bcdb346fe6a15fb6863ff0806cb\PresentationCore.ni.dll
+ 2012-01-24 03:10 . 2012-01-24 03:10 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d94e96530c3b5334354465bf48a033fb\mscorlib.ni.dll
+ 2012-01-24 05:41 . 2012-01-24 05:41 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ec747f2b8df1fdac6777dfd95105eaf0\System.Windows.Forms.ni.dll
+ 2012-01-24 05:45 . 2012-01-24 05:45 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\f28771f44197d6cb1b310c6915d6636b\System.Web.ni.dll
+ 2012-01-24 05:40 . 2012-01-24 05:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\20ee279762ef09880d7abc3584d1991a\System.Design.ni.dll
+ 2012-01-24 05:09 . 2012-01-24 05:10 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c2678ff865d430dbcc94740aa5efdabc\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-18 399736]
"Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-02-26 437160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 677896]
"CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2011 9:27 AM 717296]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/23/2012 11:35 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/23/2012 11:34 PM 20464]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [5/15/2011 11:23 PM 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5/16/2011 9:30 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/15/2011 11:19 PM 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [5/16/2011 9:31 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPFILTER
*NewlyCreated* - MSMPSVC
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
.
2012-01-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
2012-01-24 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kolacek\Application Data\Mozilla\Firefox\Profiles\ccqremnb.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 20:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1580818891-1957994488-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dd,a1,79,93,e9,77,c9,b5,60,d0,fd,db,99,db,29,19,c3,ec,c6,6a,1d,5d,fe,
60,fd,07,9e,a9,f7,ec,1c,c3,a7,3c,0f,5a,ba,e0,4b,29,6e,a7,7e,41,e4,39,e4,b9,\
"??"=hex:43,25,25,21,67,56,f5,c2,91,ee,27,7c,ad,fb,21,71
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2012-01-24 20:23:38
ComboFix-quarantined-files.txt 2012-01-24 19:23
ComboFix2.txt 2012-01-23 19:41
.
Pre-Run: 17,904,001,024 bytes free
Post-Run: 18,088,640,512 bytes free
.
- - End Of File - - 78A31E385D7FDA0AF275F8184D6FDDCA

 

[Broni]

We have one system file missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  

  :filefind
  usbehci.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[Denio]

e

SystemLook 30.07.11 by jpshortstuff
Log created at 21:13 on 24/01/2012 by Kolacek
Administrator - Elevation successful

========== filefind ==========

Searching for "usbehci.sys"
No files found.

-= EOF =-

 

[Broni]

I uploaded missing usbehci.sys file here: http://www.filedropper.com/usbehci
Download it and paste it to c:\windows\system32\drivers folder.
Disregard any Windows warnings.

Then....

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Denio]

123

ComboFix 12-01-23.02 - Kolacek 01/24/2012 22:10:47.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.494 [GMT 1:00]
Running from: c:\documents and settings\Kolacek\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kolacek\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 21:06 . 2012-01-24 21:06 -------- d-----w- c:\windows\LastGood
2012-01-24 21:06 . 2012-01-24 21:05 30208 ----a-w- c:\windows\system32\drivers\OLD125.tmp
2012-01-24 21:06 . 2009-06-08 15:56 30464 -c--a-w- c:\windows\system32\dllcache\usbehci.sys
2012-01-24 21:06 . 2009-06-08 15:56 30464 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-24 17:39 . 2012-01-05 19:19 6557240 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D432E16D-B0CD-4C33-816D-690E719B8F61}\mpengine.dll
2012-01-24 17:34 . 2012-01-24 17:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-24 14:00 . 2012-01-24 14:00 -------- d-----w- c:\program files\MSECache
2012-01-24 12:11 . 2012-01-24 12:11 388096 ----a-r- c:\documents and settings\Kolacek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-24 12:11 . 2012-01-24 12:11 -------- d-----w- c:\program files\Trend Micro
2012-01-24 10:29 . 2012-01-24 10:29 -------- d-----w- c:\program files\Uniblue
2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\Kolacek\Application Data\Malwarebytes
2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-23 22:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 22:34 . 2012-01-23 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-23 21:56 . 2012-01-23 21:56 -------- d-----w- C:\_OTL
2012-01-23 20:51 . 2012-01-23 20:51 -------- d-----w- c:\windows\Sun
2012-01-23 19:17 . 2008-04-14 14:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-01-23 19:17 . 2008-04-14 14:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-23 19:10 . 2012-01-23 19:10 -------- d-----w- c:\documents and settings\Administrator
2012-01-23 18:34 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 18:14 . 2012-01-23 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-23 17:57 . 2012-01-23 17:57 -------- d-----w- c:\program files\Pontifex II
2012-01-23 17:31 . 2012-01-24 04:21 -------- d-----w- c:\windows\system32\URTTemp
2012-01-23 17:30 . 2012-01-23 17:30 -------- d-----w- c:\windows\ie8updates
2012-01-23 09:00 . 2012-01-23 18:00 -------- d-----w- c:\program files\Memory Washer
2012-01-23 08:59 . 2012-01-23 18:00 -------- d-----w- c:\program files\SpeedFan
2012-01-23 07:22 . 2011-11-04 19:19 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-23 07:22 . 2011-11-04 19:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-23 07:21 . 2011-11-04 19:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-23 07:21 . 2011-11-04 19:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-23 07:21 . 2011-11-04 19:19 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-01-23 07:21 . 2011-11-04 19:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-23 07:20 . 2011-10-25 13:38 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-01-23 07:20 . 2011-10-25 13:34 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-01-23 07:20 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 18:18 . 2011-08-17 19:51 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:56 . 2011-05-15 22:13 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2011-05-15 22:13 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2011-05-15 22:36 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:19 . 2011-05-15 22:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:19 . 2011-05-15 22:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:19 . 2011-05-15 22:20 919552 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 15:27 . 2011-05-15 22:11 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:27 . 2011-05-15 22:06 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:05 . 2011-05-15 22:08 1289216 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2011-05-15 22:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-21 07:24 . 2012-01-23 20:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-24_19.18.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 21:06 . 2012-01-24 21:05 30208 c:\windows\LastGood\system32\drivers\usbehci.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-18 399736]
"Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-02-26 437160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 677896]
"CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2011 9:27 AM 717296]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/23/2012 11:35 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/23/2012 11:34 PM 20464]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [5/15/2011 11:23 PM 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5/16/2011 9:30 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/15/2011 11:19 PM 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [5/16/2011 9:31 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPFILTER
*NewlyCreated* - MSMPSVC
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
.
2012-01-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kolacek\Application Data\Mozilla\Firefox\Profiles\ccqremnb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 22:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1580818891-1957994488-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dd,a1,79,93,e9,77,c9,b5,60,d0,fd,db,99,db,29,19,c3,ec,c6,6a,1d,5d,fe,
60,fd,07,9e,a9,f7,ec,1c,c3,a7,3c,0f,5a,ba,e0,4b,29,6e,a7,7e,41,e4,39,e4,b9,\
"??"=hex:43,25,25,21,67,56,f5,c2,91,ee,27,7c,ad,fb,21,71
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-24 22:24:41
ComboFix-quarantined-files.txt 2012-01-24 21:24
ComboFix2.txt 2012-01-24 21:02
ComboFix3.txt 2012-01-24 19:23
ComboFix4.txt 2012-01-23 19:41
.
Pre-Run: 18,295,660,544 bytes free
Post-Run: 18,276,073,472 bytes free
.
- - End Of File - - 610239F6CD81E648BC911D150E0FEA3B

 

[Broni]

You didn't run my script.

 

[Denio]

I did

I did, ok I will do it again but I am certain that I did everything according to what you wrote...

 

[Broni]

My fault.
The script had incorrect text in it.
I just edited it.

 

[Denio]

Again

ComboFix 12-01-23.02 - Kolacek 01/24/2012 23:03:03.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.506 [GMT 1:00]
Running from: c:\documents and settings\Kolacek\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kolacek\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\alcrmv.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 21:06 . 2012-01-24 21:06 -------- d-----w- c:\windows\LastGood
2012-01-24 21:06 . 2012-01-24 21:05 30208 ----a-w- c:\windows\system32\drivers\OLD125.tmp
2012-01-24 21:06 . 2009-06-08 15:56 30464 -c--a-w- c:\windows\system32\dllcache\usbehci.sys
2012-01-24 21:06 . 2009-06-08 15:56 30464 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-24 17:39 . 2012-01-05 19:19 6557240 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D432E16D-B0CD-4C33-816D-690E719B8F61}\mpengine.dll
2012-01-24 17:34 . 2012-01-24 17:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-24 14:00 . 2012-01-24 14:00 -------- d-----w- c:\program files\MSECache
2012-01-24 12:11 . 2012-01-24 12:11 388096 ----a-r- c:\documents and settings\Kolacek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-24 12:11 . 2012-01-24 12:11 -------- d-----w- c:\program files\Trend Micro
2012-01-24 10:29 . 2012-01-24 10:29 -------- d-----w- c:\program files\Uniblue
2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\Kolacek\Application Data\Malwarebytes
2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-23 22:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 22:34 . 2012-01-23 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-23 21:56 . 2012-01-23 21:56 -------- d-----w- C:\_OTL
2012-01-23 20:51 . 2012-01-23 20:51 -------- d-----w- c:\windows\Sun
2012-01-23 19:17 . 2008-04-14 14:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-01-23 19:17 . 2008-04-14 14:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-23 19:10 . 2012-01-23 19:10 -------- d-----w- c:\documents and settings\Administrator
2012-01-23 18:34 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 18:14 . 2012-01-23 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-23 17:57 . 2012-01-23 17:57 -------- d-----w- c:\program files\Pontifex II
2012-01-23 17:31 . 2012-01-24 04:21 -------- d-----w- c:\windows\system32\URTTemp
2012-01-23 17:30 . 2012-01-23 17:30 -------- d-----w- c:\windows\ie8updates
2012-01-23 09:00 . 2012-01-23 18:00 -------- d-----w- c:\program files\Memory Washer
2012-01-23 08:59 . 2012-01-23 18:00 -------- d-----w- c:\program files\SpeedFan
2012-01-23 07:22 . 2011-11-04 19:19 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-23 07:22 . 2011-11-04 19:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-23 07:21 . 2011-11-04 19:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-23 07:21 . 2011-11-04 19:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-23 07:21 . 2011-11-04 19:19 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-01-23 07:21 . 2011-11-04 19:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-23 07:20 . 2011-10-25 13:38 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-01-23 07:20 . 2011-10-25 13:34 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-01-23 07:20 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 18:18 . 2011-08-17 19:51 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:56 . 2011-05-15 22:13 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2011-05-15 22:13 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2011-05-15 22:36 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:19 . 2011-05-15 22:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:19 . 2011-05-15 22:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:19 . 2011-05-15 22:20 919552 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 15:27 . 2011-05-15 22:11 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:27 . 2011-05-15 22:06 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:05 . 2011-05-15 22:08 1289216 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2011-05-15 22:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-21 07:24 . 2012-01-23 20:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-24_19.18.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 21:06 . 2012-01-24 21:05 30208 c:\windows\LastGood\system32\drivers\usbehci.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-18 399736]
"Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-02-26 437160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 677896]
"CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2011 9:27 AM 717296]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/23/2012 11:35 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/23/2012 11:34 PM 20464]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [5/15/2011 11:23 PM 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5/16/2011 9:30 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/15/2011 11:19 PM 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [5/16/2011 9:31 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPFILTER
*NewlyCreated* - MSMPSVC
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
.
2012-01-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kolacek\Application Data\Mozilla\Firefox\Profiles\ccqremnb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 23:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1580818891-1957994488-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dd,a1,79,93,e9,77,c9,b5,60,d0,fd,db,99,db,29,19,c3,ec,c6,6a,1d,5d,fe,
60,fd,07,9e,a9,f7,ec,1c,c3,a7,3c,0f,5a,ba,e0,4b,29,6e,a7,7e,41,e4,39,e4,b9,\
"??"=hex:43,25,25,21,67,56,f5,c2,91,ee,27,7c,ad,fb,21,71
.
Completion time: 2012-01-24 23:22:47
ComboFix-quarantined-files.txt 2012-01-24 22:22
ComboFix2.txt 2012-01-24 21:24
ComboFix3.txt 2012-01-24 21:02
ComboFix4.txt 2012-01-24 19:23
ComboFix5.txt 2012-01-24 22:00
.
Pre-Run: 18,288,472,064 bytes free
Post-Run: 18,270,318,592 bytes free
.
- - End Of File - - 62479671DFAAE73B29E28D540BB441DC

 

[Broni]

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Denio]

I am sorry this is the 3. time i runed the script i wasnt sure that second time I used the right one... so is it ok ??

ComboFix 12-01-23.02 - Kolacek 01/24/2012 23:40:22.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.499 [GMT 1:00]
Running from: c:\documents and settings\Kolacek\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kolacek\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 21:06 . 2012-01-24 21:06 -------- d-----w- c:\windows\LastGood
2012-01-24 21:06 . 2012-01-24 21:05 30208 ----a-w- c:\windows\system32\drivers\OLD125.tmp
2012-01-24 21:06 . 2009-06-08 15:56 30464 -c--a-w- c:\windows\system32\dllcache\usbehci.sys
2012-01-24 21:06 . 2009-06-08 15:56 30464 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-24 17:39 . 2012-01-05 19:19 6557240 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D432E16D-B0CD-4C33-816D-690E719B8F61}\mpengine.dll
2012-01-24 17:34 . 2012-01-24 17:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-24 14:00 . 2012-01-24 14:00 -------- d-----w- c:\program files\MSECache
2012-01-24 12:11 . 2012-01-24 12:11 388096 ----a-r- c:\documents and settings\Kolacek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-24 12:11 . 2012-01-24 12:11 -------- d-----w- c:\program files\Trend Micro
2012-01-24 10:29 . 2012-01-24 10:29 -------- d-----w- c:\program files\Uniblue
2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\Kolacek\Application Data\Malwarebytes
2012-01-23 22:35 . 2012-01-23 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-23 22:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 22:34 . 2012-01-23 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-23 21:56 . 2012-01-23 21:56 -------- d-----w- C:\_OTL
2012-01-23 20:51 . 2012-01-23 20:51 -------- d-----w- c:\windows\Sun
2012-01-23 19:17 . 2008-04-14 14:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-01-23 19:17 . 2008-04-14 14:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-23 19:10 . 2012-01-23 19:10 -------- d-----w- c:\documents and settings\Administrator
2012-01-23 18:34 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 18:14 . 2012-01-23 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-23 17:57 . 2012-01-23 17:57 -------- d-----w- c:\program files\Pontifex II
2012-01-23 17:31 . 2012-01-24 04:21 -------- d-----w- c:\windows\system32\URTTemp
2012-01-23 17:30 . 2012-01-23 17:30 -------- d-----w- c:\windows\ie8updates
2012-01-23 09:00 . 2012-01-23 18:00 -------- d-----w- c:\program files\Memory Washer
2012-01-23 08:59 . 2012-01-23 18:00 -------- d-----w- c:\program files\SpeedFan
2012-01-23 07:22 . 2011-11-04 19:19 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-23 07:22 . 2011-11-04 19:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-23 07:21 . 2011-11-04 19:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-23 07:21 . 2011-11-04 19:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-23 07:21 . 2011-11-04 19:19 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-01-23 07:21 . 2011-11-04 19:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-23 07:20 . 2011-10-25 13:38 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-01-23 07:20 . 2011-10-25 13:34 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-01-23 07:20 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 18:18 . 2011-08-17 19:51 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:56 . 2011-05-15 22:13 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2011-05-15 22:13 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2011-05-15 22:36 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:19 . 2011-05-15 22:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:19 . 2011-05-15 22:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:19 . 2011-05-15 22:20 919552 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 15:27 . 2011-05-15 22:11 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:27 . 2011-05-15 22:06 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:05 . 2011-05-15 22:08 1289216 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2011-05-15 22:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-21 07:24 . 2012-01-23 20:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-24_19.18.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 21:06 . 2012-01-24 21:05 30208 c:\windows\LastGood\system32\drivers\usbehci.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-18 399736]
"Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-02-26 437160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 677896]
"CTHelper"="CTHELPER.EXE" [2003-06-09 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2011 9:27 AM 717296]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/23/2012 11:35 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/23/2012 11:34 PM 20464]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [5/15/2011 11:23 PM 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5/16/2011 9:30 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2011 12:20 PM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/15/2011 11:19 PM 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [5/16/2011 9:31 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPFILTER
*NewlyCreated* - MSMPSVC
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 11:20]
.
2012-01-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kolacek\Application Data\Mozilla\Firefox\Profiles\ccqremnb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 23:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1580818891-1957994488-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dd,a1,79,93,e9,77,c9,b5,60,d0,fd,db,99,db,29,19,c3,ec,c6,6a,1d,5d,fe,
60,fd,07,9e,a9,f7,ec,1c,c3,a7,3c,0f,5a,ba,e0,4b,29,6e,a7,7e,41,e4,39,e4,b9,\
"??"=hex:43,25,25,21,67,56,f5,c2,91,ee,27,7c,ad,fb,21,71
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(884)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-24 23:56:49
ComboFix-quarantined-files.txt 2012-01-24 22:56
ComboFix2.txt 2012-01-24 22:22
ComboFix3.txt 2012-01-24 21:24
ComboFix4.txt 2012-01-24 21:02
ComboFix5.txt 2012-01-24 22:37
.
Pre-Run: 18,284,597,248 bytes free
Post-Run: 18,264,584,192 bytes free
.
- - End Of File - - 9B74C5095F8C261D160D02F4BA868821

 

[Broni]

Yes, it worked

Let me know how computer is doing and proceed with OTL.