Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Some sort of virus... [Solved]

Started by rootkitsaremybane , Jan 12 2012 01:16 PM

  • This topic is locked This topic is locked

#1
rootkitsaremybane
Posted 12 January 2012 - 01:16 PM

rootkitsaremybane

    New Member

  • Member
  • Pip
  • 7 posts
Well, of course I got a virus. I managed to get rid of the file source which was flagged by Microsoft Security Essentials as an unknown program. That program was called xpi.exe. It was located in the Local Settings/application data folder. I also found its prefetch data in the windows folder and removed both from my computer.

Well since I got that unknown program, I have not been able to access any program. I figured it was a problem with the registry, in that maybe a rootkit overwrote the data changing exefile to something else. I was right about that since the data that should be exefile is now "ar". Only after using the "Run as" option would it let me in to my registry. I tried to change it back to exefile, but got an error saying that I couldn't write to the registry. I've found so many sites saying I don't have the permissions to access that, that I need to be an admin or have admin access, and since I'm the only one on this computer, I made sure to give my self such access.

In other words, I have a rootkit (more than likely) that's blocking me from doing anything. I tried using tdsskiller, but it won't open unless I use "Run As". But when I go about that method, it says I'm missing the correct .dll file and any scan I attempt to do all say I scanned 0 objects. I tried Advanced system care, but it says I need to install and run the program as an administrator then promptly shuts down. And similarly with Malwarebytes it says it can't find some file to make it run, that i should try to run it as an admin. I can't get back in to Security Essentials at all. I tried safemode but anything I attempt to access through safemode says "This program cannot be accessed in safe mode" which is odd since virus software usually works in safe mode. I tried for MSconfig, similar errors. All these were working just yesterday, though I'm not sure about msconfig since I rarely, if ever, use that.

I'm running an Acer Aspire 1 netbook with Windows Service Pack 3, completely up to date as of a few days ago. I tried to get programs to give you guys a log but alas, I can't currently find my thumb drive to get them on to my netbook. I have a feeling even if I did get such programs, I'd encounter similar errors.

So, anyone got any ideas?
  • 0

Advertisements

#2
Essexboy
Posted 12 January 2012 - 02:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Try this

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
rootkitsaremybane
Posted 14 January 2012 - 01:53 PM

rootkitsaremybane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry for the late reply since I was busy the past couple days. Here's the RougeKiller report:

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Dan [Restricted rights]
Mode: Scan -- Date : 01/14/2012 04:42:43

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 74 ¤¤¤
[] HKCU\[...]\Run : () -> ACCESS DENIED
[] HKLM\[...]\Run : () -> ACCESS DENIED
[] HKCU\[...]\RunOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunOnce : () -> ACCESS DENIED
[] HKCU\[...]\RunServices : () -> ACCESS DENIED
[] HKCU\[...]\RunOnceEx : () -> ACCESS DENIED
[] HKLM\[...]\RunOnceEx : () -> ACCESS DENIED
[] HKCU\[...]\RunServicesOnce : () -> ACCESS DENIED
[] HKLM\[...]\RunServicesOnce : () -> ACCESS DENIED
[] HKCU\[...]\Run : () -> ACCESS DENIED
[] HKLM\[...]\Run : () -> ACCESS DENIED
[] HKCU\[...]\Winlogon : () -> ACCESS DENIED
[] HKCU\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\Winlogon : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\services : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Parameters : () -> ACCESS DENIED
[] HKLM\[...]\Image File Execution Options : () -> ACCESS DENIED
[] HKCU\[...]\System : () -> ACCESS DENIED
[] HKCU\[...]\System : () -> ACCESS DENIED
[] HKCU\[...]\System : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKLM\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Explorer : () -> ACCESS DENIED
[] HKCU\[...]\Internet Settings : () -> ACCESS DENIED
[] HKLM\[...]\SystemRestore : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKLM\[...]\System : () -> ACCESS DENIED
[] HKCU\[...]\ActiveDesktop : () -> ACCESS DENIED
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[] HKCU\[...]\Desktop : () -> ACCESS DENIED
[] HKCU\[...]\Desktop : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKCU\[...]\Advanced : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKLM\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKLM\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\ClassicStartMenu : () -> ACCESS DENIED
[] HKCU\[...]\NewStartPanel : () -> ACCESS DENIED
[] HKCU\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...].exe : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKLM\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\command : () -> ACCESS DENIED
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\ShellServiceObjectDelayLoad : () -> ACCESS DENIED
[] HKLM\[...]\SharedTaskScheduler : () -> ACCESS DENIED
[] HKLM\[...]\Browser Helper Objects : () -> ACCESS DENIED
[] HKCU\[...]\Stats : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt


It says I have restricted rights, though I know for a fact I don't. I checked my permissions and it says I have all. I had to start the program as Run As since clicking on it merely told me to select a program to open it with. I attached the Extras and OTL file to this post as well, unless you wanted me to post their contents as well...

OTL logfile created on: 1/14/2012 4:53:31 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.02 Mb Total Physical Memory | 661.05 Mb Available Physical Memory | 65.26% Memory free
2.38 Gb Paging File | 2.11 Gb Available in Paging File | 88.47% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.05 Gb Total Space | 104.54 Gb Free Space | 75.73% Space Free | Partition Type: NTFS
Drive E: | 7.46 Gb Total Space | 4.15 Gb Free Space | 55.62% Space Free | Partition Type: FAT32

Computer Name: WTFBOOM | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/14 04:34:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.scr
PRC - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/06/21 23:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/01 11:05:02 | 000,037,888 | ---- | M] () -- C:\WINDOWS\system32\sqlesw32.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SqlCSS)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/06/21 23:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/05/26 19:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2012/01/14 04:40:44 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0815518-21D6-4311-86D7-DCA70D7FF859}\MpKsl4f39ae96.sys -- (MpKsl4f39ae96)
DRV - [2011/05/17 09:57:15 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/06/16 23:50:02 | 000,082,384 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010/05/30 20:58:36 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2010/05/19 20:20:26 | 000,061,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2010/05/14 09:49:02 | 003,221,120 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S6000KNT.sys -- (S6000KNT)
DRV - [2010/03/12 14:41:22 | 005,867,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/17 16:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 16:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/12/02 11:52:00 | 000,058,800 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/02 11:52:00 | 000,017,840 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/02 11:52:00 | 000,015,280 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/04/14 05:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3233852318-4212676017-31143968-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-3233852318-4212676017-31143968-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 02:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/15 03:09:03 | 000,000,000 | ---D | M]

[2010/12/28 11:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2012/01/10 02:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\4cdj7c2a.default\extensions
[2011/01/04 23:28:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\4cdj7c2a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/10 02:32:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\4cdj7c2a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/13 01:05:54 | 000,001,276 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\4cdj7c2a.default\searchplugins\search-the-web.xml
[2011/12/02 01:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4CDJ7C2A.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4CDJ7C2A.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/10 02:31:46 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/10 02:31:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/10 02:31:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt File not found
O4 - HKU\S-1-5-21-3233852318-4212676017-31143968-1006..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3233852318-4212676017-31143968-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3233852318-4212676017-31143968-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3233852318-4212676017-31143968-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3233852318-4212676017-31143968-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3233852318-4212676017-31143968-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\sqlesw32: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()
O20 - Winlogon\Notify\Sqlseses: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/22 00:04:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3233852318-4212676017-31143968-1006\...exe [@ = Ej] -- "C:\Documents and Settings\Dan\Local Settings\Application Data\xpi.exe" -a "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 04:44:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.scr
[2012/01/14 04:42:11 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2012/01/12 11:43:35 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/01/12 11:42:32 | 000,000,000 | ---D | C] -- C:\IObit
[2012/01/12 11:40:38 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan\Desktop\TDSSKiller.exe
[2012/01/12 04:09:57 | 000,274,944 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Dan\My Documents\d65K1EV.exe
[2012/01/10 23:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5
[2012/01/06 15:22:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Recent
[2012/01/06 15:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/06 15:17:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/06 13:49:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/01/06 13:25:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/06 10:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/06 10:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/01/05 12:59:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dan\IECompatCache
[2012/01/05 11:41:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/05 11:41:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/05 11:41:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/05 11:41:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/05 11:41:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/05 11:40:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/05 11:40:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/01/05 11:40:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Administrative Tools
[2012/01/05 11:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/28 17:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/12/28 17:27:55 | 001,602,856 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athw.sys
[2011/12/28 17:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/12/28 17:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2011/12/28 17:26:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2011/12/28 17:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK PCIE Wireless LAN Driver
[2011/12/28 16:55:41 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/12/28 16:55:35 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/12/28 16:55:14 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/12/28 16:55:08 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/12/28 16:54:42 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/12/28 16:54:37 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/12/28 16:54:26 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/12/28 16:53:58 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/12/28 16:53:38 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/12/28 16:53:33 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/12/28 16:53:27 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/12/28 16:53:21 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/12/28 16:53:15 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/12/28 16:53:09 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/12/28 16:53:03 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/12/28 16:52:43 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/12/28 16:52:21 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/12/28 16:52:16 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/12/28 16:52:10 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/12/28 16:52:04 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/12/28 16:51:35 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/12/28 16:51:13 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/12/28 16:51:08 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/12/28 16:50:52 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/12/28 16:50:47 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/12/28 16:50:42 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/12/28 16:50:36 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/12/28 16:50:31 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/12/28 16:50:26 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/12/28 16:49:45 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/12/28 16:49:39 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/12/28 16:49:34 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/12/28 16:49:33 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/12/28 16:49:27 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/12/28 16:49:22 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/12/28 16:49:04 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/12/28 16:48:59 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/12/28 16:48:14 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/12/28 16:48:10 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/12/28 16:48:05 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/12/28 16:47:59 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/12/28 16:47:52 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/12/28 16:46:47 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/12/28 16:46:42 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/12/28 16:46:37 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/12/28 16:46:32 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/12/28 16:46:27 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/12/28 16:45:54 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/12/28 16:45:49 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/12/28 16:45:44 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/12/28 16:45:33 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/12/28 16:44:53 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/12/28 16:44:48 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/12/28 16:44:44 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/12/28 16:44:39 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/12/28 16:44:05 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/12/28 16:43:55 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/12/28 16:43:51 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/12/28 16:43:29 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/12/28 16:43:24 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/12/28 16:43:19 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/12/28 16:43:15 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/12/28 16:43:10 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/12/28 16:43:05 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/12/28 16:43:01 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/12/28 16:42:56 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/12/28 16:42:51 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/12/28 16:42:41 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/12/28 16:42:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/12/28 16:42:34 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/12/28 16:42:32 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/12/28 16:42:15 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/12/28 16:42:07 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/12/28 16:42:02 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/12/28 16:41:56 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/12/28 16:41:39 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/12/28 16:41:34 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/12/28 16:41:14 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/12/28 16:41:10 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/12/28 16:41:05 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/12/28 16:40:48 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/12/28 16:39:51 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/12/28 16:39:33 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/12/28 16:39:32 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/12/28 16:39:27 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/12/28 16:38:31 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/12/28 16:38:27 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/12/28 16:38:22 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/12/28 16:38:17 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/12/28 16:37:52 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/12/28 16:37:35 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/12/28 16:37:30 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/12/28 16:37:23 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/12/28 16:37:10 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/12/28 16:37:06 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/12/28 16:36:55 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/12/28 16:36:51 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/12/28 16:36:47 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/12/28 16:36:42 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/12/28 16:36:38 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/12/28 16:36:34 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/12/28 16:36:21 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/12/28 16:36:16 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/12/28 16:36:12 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/12/28 16:36:08 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/12/28 16:36:04 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/12/28 16:34:25 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/12/28 16:33:56 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/12/28 16:33:52 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/12/28 16:33:50 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/12/28 16:33:46 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/12/28 16:33:46 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/12/28 16:33:42 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/12/28 16:33:31 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/12/28 16:33:28 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/12/28 16:33:24 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/12/28 16:33:19 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/12/28 16:33:14 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/12/28 16:33:10 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/12/28 16:32:36 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/12/28 16:32:01 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/12/28 16:29:43 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/12/28 16:29:29 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/12/28 16:28:52 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/12/28 16:28:49 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/12/28 16:28:46 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/12/28 16:28:25 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/12/28 16:28:15 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/12/28 16:28:12 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/12/28 16:28:08 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/12/28 16:28:04 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/12/28 16:28:01 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/12/28 16:27:59 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/12/28 16:27:37 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/12/28 16:27:32 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/12/28 16:27:29 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/12/28 16:25:35 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/12/28 16:25:30 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/12/28 16:25:19 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/12/28 16:25:16 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/12/28 16:25:14 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/12/28 16:25:07 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/12/28 16:25:06 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/12/28 16:25:04 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/12/28 16:25:03 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/12/28 16:25:00 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/12/28 16:24:32 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/12/28 16:24:30 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/12/28 16:24:25 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/12/28 16:23:57 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/12/28 16:23:56 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/12/28 16:23:54 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/12/28 16:23:53 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/12/28 16:23:51 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/12/28 16:23:50 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/12/28 16:23:48 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/12/28 16:23:46 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/12/28 16:23:36 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/12/28 16:23:23 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/12/28 16:23:15 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/12/28 16:23:08 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/12/28 16:23:07 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/12/28 16:23:06 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/12/28 16:23:05 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/12/28 16:23:04 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/12/28 16:23:02 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/12/28 16:23:01 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/12/28 16:23:00 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/12/28 16:22:59 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/12/28 16:22:57 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/12/28 16:22:55 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/12/28 16:22:27 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/12/28 16:22:26 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/12/28 16:22:25 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/12/28 16:22:25 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/12/28 16:22:24 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/12/28 16:22:23 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/12/28 16:22:22 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/12/28 16:22:21 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/12/28 16:22:20 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/12/28 16:22:19 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/12/28 16:22:18 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/12/28 16:22:17 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/12/28 16:22:16 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/12/28 16:22:15 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/12/28 16:22:15 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/12/28 16:22:14 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/12/28 16:22:13 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/12/28 16:22:12 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/12/28 16:22:09 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/12/28 16:22:06 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/12/28 16:22:05 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/12/28 16:22:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/12/28 16:22:03 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/12/28 16:22:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/12/28 16:22:02 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/12/28 16:22:01 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/12/28 16:21:10 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/12/28 16:21:05 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/12/28 16:20:51 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/12/28 16:20:50 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/12/28 16:20:50 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/12/28 16:20:49 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/12/28 16:20:49 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/12/28 16:20:46 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/12/28 16:20:42 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/12/28 16:20:42 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/12/28 16:20:39 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/12/28 16:20:38 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/12/28 16:20:38 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/14 04:45:08 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/14 04:45:08 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/14 04:43:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\RKreport[1]
[2012/01/14 04:40:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/14 04:40:33 | 1062,301,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 04:36:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/14 04:34:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.scr
[2012/01/14 04:33:40 | 000,783,872 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\RogueKiller.exe
[2012/01/12 11:30:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/12 04:13:27 | 000,002,694 | -HS- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\062x73b105020aw0ur142hw
[2012/01/12 04:13:27 | 000,002,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\062x73b105020aw0ur142hw
[2012/01/12 04:09:57 | 000,274,944 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Dan\My Documents\d65K1EV.exe
[2012/01/10 23:45:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/10 23:23:33 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2012/01/10 23:23:32 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2012/01/10 23:23:32 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
[2012/01/06 15:13:54 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/06 10:40:17 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/05 14:30:10 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/19 16:23:08 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/14 04:43:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RKreport[1]
[2012/01/14 04:41:35 | 000,783,872 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\RogueKiller.exe
[2012/01/12 11:13:47 | 1062,301,696 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/12 04:09:52 | 000,002,694 | -HS- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\062x73b105020aw0ur142hw
[2012/01/12 04:09:52 | 000,002,694 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\062x73b105020aw0ur142hw
[2012/01/10 23:42:57 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/10 23:23:33 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2012/01/10 23:23:32 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2012/01/10 23:23:32 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
[2012/01/06 10:40:17 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/01/06 10:36:01 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/05 14:30:10 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/05 11:41:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/05 11:41:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/05 11:41:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/05 11:41:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/05 11:41:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/28 17:27:55 | 000,200,575 | ---- | C] () -- C:\WINDOWS\System32\netathw.inf
[2011/12/28 17:27:55 | 000,048,710 | ---- | C] () -- C:\WINDOWS\System32\netathw.cat
[2011/12/28 17:26:09 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/12/28 16:55:34 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/12/28 16:55:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/12/28 16:40:58 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/12/28 16:40:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/12/28 16:35:13 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/12/28 16:29:39 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/12/28 16:29:32 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/12/28 16:29:26 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/12/28 16:29:19 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/12/28 16:29:12 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/12/28 16:25:12 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/12/28 16:25:11 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/12/28 16:25:09 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/12/28 16:21:49 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/12/28 16:21:49 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/12/28 16:21:47 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/12/28 16:21:43 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/12/28 16:21:42 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/12/28 16:21:41 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/12/28 16:21:41 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/12/28 16:21:40 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/12/28 16:21:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/12/28 16:21:25 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/12/28 16:05:56 | 000,090,332 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETBT.SY_
[2011/12/04 17:01:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/01 11:08:15 | 000,100,926 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/01 11:08:15 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/01 11:05:02 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\sqlesw32.dll
[2011/12/01 10:52:52 | 000,013,942 | -HS- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\070778v6n562w540h271w2bah2i3
[2011/12/01 10:52:52 | 000,013,942 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\070778v6n562w540h271w2bah2i3
[2011/01/04 23:54:21 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 11:58:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/18 13:35:52 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\S6000DIF.dll
[2010/09/18 13:35:52 | 000,015,190 | ---- | C] () -- C:\WINDOWS\S6000Twn.ini
[2010/07/22 02:37:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/22 01:31:52 | 000,361,808 | ---- | C] () -- C:\WINDOWS\EMCRI_E.dll
[2010/07/22 01:30:47 | 000,231,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010/07/22 01:30:47 | 000,030,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtPCEE3.DAT
[2010/07/22 01:30:47 | 000,001,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010/07/22 01:30:47 | 000,000,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010/07/22 01:30:47 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX3.dat
[2010/07/22 01:30:47 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010/07/22 01:30:47 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2010/07/22 01:30:47 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0_old.dat
[2010/07/22 01:30:47 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2010/07/22 01:30:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010/07/22 00:38:03 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/07/22 00:38:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2010/07/22 00:37:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/07/22 00:37:41 | 000,443,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/22 00:37:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/07/22 00:37:41 | 000,072,582 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/22 00:37:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/07/22 00:37:40 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/07/22 00:37:40 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/07/22 00:37:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/07/22 00:37:37 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/07/22 00:37:37 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/07/22 00:37:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/07/22 00:37:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/07/22 00:07:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2010/07/22 00:06:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/22 00:02:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/22 00:02:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/07/21 16:59:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/21 16:59:02 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/06/14 03:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.WTFBOOM.000\Application Data\IObit
[2010/09/18 13:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.WTFBOOM.000\Application Data\Liteon
[2010/07/22 01:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2011/04/06 19:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aEe06511cMgIn06511
[2011/06/16 11:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/10 10:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/01/05 11:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/06/07 02:03:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/17 09:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/07/22 02:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EgisTec IPS
[2010/07/22 01:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2012/01/10 23:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/17 17:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lGj06511pGdHh06511
[2011/06/10 02:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/28 11:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Partner
[2011/01/31 19:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/06/07 02:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\AVG10
[2011/09/30 23:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Azureus
[2012/01/06 15:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\DAEMON Tools Lite
[2012/01/10 23:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\IObit
[2010/09/18 13:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Liteon
[2011/11/22 07:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\uTorrent
[2011/06/14 03:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IObit
[2010/09/18 13:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Liteon

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: SYSEMDRIVE


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/14 05:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4A31EE05-B343-4F30-96E1-DB7DDCD82FFF}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6DA44E99-C798-484A-A9E3-7321469ED6CA}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7238EDC0-259B-45DA-9EC8-7F69B4196F9E}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9D681F3D-1F3D-46B6-8684-A999E7CD3FBB}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B2E1F897-5ABB-4884-A318-35C48567C78D}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C052465B-D467-480D-8FF2-CCD59018E87B}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C9C0BC73-F8A9-4621-A711-912F2354EE45}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{EDBF78AC-711A-4FCA-89CA-12AE4974DAD8}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/14 05:00:00 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 05 01 03 01 04 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2008/04/14 05:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/10 02:31:32 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/10 02:31:32 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/10 02:31:32 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Dan\Local Settings\Application Data\xpi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/10 02:31:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Dan\Local Settings\Application Data\xpi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Dan\Local Settings\Application Data\xpi.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/10 02:31:32 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/10 02:31:32 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/10 02:31:32 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Dan\Local Settings\Application Data\xpi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/10 02:31:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Dan\Local Settings\Application Data\xpi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Dan\Local Settings\Application Data\xpi.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >

Attached Files


Edited by Essexboy, 14 January 2012 - 02:20 PM.

  • 0

#4
Essexboy
Posted 14 January 2012 - 02:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets start clearing some of the rubbish


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - Winlogon\Notify\sqlesw32: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()
    O20 - Winlogon\Notify\Sqlseses: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()
    O37 - HKU\S-1-5-21-3233852318-4212676017-31143968-1006\...exe [@ = Ej] -- "C:\Documents and Settings\Dan\Local Settings\Application Data\xpi.exe" -a "%1" %*
    [2012/01/12 04:09:57 | 000,274,944 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Dan\My Documents\d65K1EV.exe
    [2012/01/12 04:13:27 | 000,002,694 | -HS- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\062x73b105020aw0ur142hw
    [2012/01/12 04:13:27 | 000,002,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\062x73b105020aw0ur142hw
    [2012/01/12 04:09:57 | 000,274,944 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Dan\My Documents\d65K1EV.exe
    [2011/12/01 10:52:52 | 000,013,942 | -HS- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\070778v6n562w540h271w2bah2i3
    [2011/12/01 10:52:52 | 000,013,942 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\070778v6n562w540h271w2bah2i3
    [2011/01/04 23:54:21 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/06 19:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aEe06511cMgIn06511
    [2011/04/17 17:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lGj06511pGdHh06511

    :Files
    ipconfig /flushdns /c

    :Reg
    [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command]
    ""="C:\Program Files\Internet Explorer\iexplore.exe"

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Delete the copy of Combofix that you have


Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks.
  • Also we will require the recovery console so please allow combofix to download and install that

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
rootkitsaremybane
Posted 14 January 2012 - 06:39 PM

rootkitsaremybane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay, just did both those things and everything seems to be running perfectly fine now! Here are the last two logs you asked for. Thanks for your help! I suppose I'll check back just in case there's something else that's noticed in the logs by you guys. Other than that, thanks a bunch!

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sqlesw32\ deleted successfully.
C:\WINDOWS\system32\sqlesw32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sqlseses\ deleted successfully.
File C:\WINDOWS\System32\sqlesw32.dll not found.
Registry key HKEY_USERS\S-1-5-21-3233852318-4212676017-31143968-1006_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3233852318-4212676017-31143968-1006_Classes\Ej\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Dan\My Documents\d65K1EV.exe moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\062x73b105020aw0ur142hw moved successfully.
C:\Documents and Settings\All Users\Application Data\062x73b105020aw0ur142hw moved successfully.
File C:\Documents and Settings\Dan\My Documents\d65K1EV.exe not found.
C:\Documents and Settings\Dan\Local Settings\Application Data\070778v6n562w540h271w2bah2i3 moved successfully.
C:\Documents and Settings\All Users\Application Data\070778v6n562w540h271w2bah2i3 moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\aEe06511cMgIn06511\ not found.
Folder C:\Documents and Settings\All Users\Application Data\lGj06511pGdHh06511\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Dan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dan\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\""|"C:\Program Files\Internet Explorer\iexplore.exe" /E : value set successfully!
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.WTFBOOM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 396 bytes

User: Administrator.WTFBOOM.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 396 bytes

User: All Users

User: Dan
->Temp folder emptied: 19028950 bytes
->Temporary Internet Files folder emptied: 649596 bytes
->Java cache emptied: 39300 bytes
->FireFox cache emptied: 508386264 bytes
->Flash cache emptied: 941 bytes

User: Default User
->Temp folder emptied: 206044938 bytes
->Temporary Internet Files folder emptied: 216145 bytes
->Flash cache emptied: 396 bytes

User: h-manga

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 70850 bytes
->Temporary Internet Files folder emptied: 238400469 bytes
->Java cache emptied: 1111 bytes
->Flash cache emptied: 15670 bytes

User: Polygon Love 2

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 120832 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3358658 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 27096708 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 216413 bytes
RecycleBin emptied: 14476 bytes

Total Files Cleaned = 957.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01142012_164925

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


ComboFix 12-01-13.05 - Dan 01/14/2012 17:19:42.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.631 [GMT -7:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dan\Templates\062x73b105020aw0ur142hw
c:\windows\$NtUninstallKB61615$\2704036227\@
c:\windows\$NtUninstallKB61615$\2704036227\bckfg.tmp
c:\windows\$NtUninstallKB61615$\2704036227\cfg.ini
c:\windows\$NtUninstallKB61615$\2704036227\Desktop.ini
c:\windows\$NtUninstallKB61615$\2704036227\keywords
c:\windows\$NtUninstallKB61615$\2704036227\kwrd.dll
c:\windows\$NtUninstallKB61615$\2704036227\L\vtkohwnq
c:\windows\$NtUninstallKB61615$\2704036227\lsflt7.ver
c:\windows\$NtUninstallKB61615$\2704036227\U\00000001.@
c:\windows\$NtUninstallKB61615$\2704036227\U\00000002.@
c:\windows\$NtUninstallKB61615$\2704036227\U\00000004.@
c:\windows\$NtUninstallKB61615$\2704036227\U\80000000.@
c:\windows\$NtUninstallKB61615$\2704036227\U\80000004.@
c:\windows\$NtUninstallKB61615$\2704036227\U\80000032.@
c:\windows\$NtUninstallKB61615$\812637549
c:\windows\$NtUninstallKB61615$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-15 to 2012-01-15 )))))))))))))))))))))))))))))))
.
.
2012-01-15 00:30 . 2012-01-15 00:30 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0815518-21D6-4311-86D7-DCA70D7FF859}\MpKsl086c05e9.sys
2012-01-15 00:29 . 2012-01-15 00:29 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0815518-21D6-4311-86D7-DCA70D7FF859}\offreg.dll
2012-01-14 23:49 . 2012-01-14 23:49 -------- d-----w- C:\_OTL
2012-01-14 11:42 . 2012-01-14 11:42 -------- d-----w- C:\RK_Quarantine
2012-01-14 11:36 . 2012-01-14 11:36 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0815518-21D6-4311-86D7-DCA70D7FF859}\MpKsl5cdfd266.sys
2012-01-12 18:43 . 2012-01-12 18:43 -------- d-----w- C:\Malwarebytes
2012-01-12 18:42 . 2012-01-12 18:42 -------- d-----w- C:\IObit
2012-01-11 20:54 . 2011-11-30 09:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0815518-21D6-4311-86D7-DCA70D7FF859}\mpengine.dll
2012-01-07 08:49 . 2011-11-30 09:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-06 22:22 . 2012-01-06 22:22 -------- d-----w- c:\program files\CCleaner
2012-01-06 20:49 . 2012-01-06 22:13 -------- d-----w- c:\windows\SxsCaPendDel
2012-01-06 19:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 17:35 . 2012-01-06 17:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-05 19:59 . 2012-01-05 19:59 -------- d-sh--w- c:\documents and settings\Dan\IECompatCache
2012-01-05 19:27 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-05 18:22 . 2012-01-05 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-12-29 00:28 . 2011-12-29 00:28 -------- d-----w- c:\program files\Broadcom
2011-12-29 00:27 . 2011-12-29 00:27 -------- d-----w- c:\program files\Atheros
2011-12-29 00:27 . 2010-01-04 23:54 1602856 ----a-w- c:\windows\system32\athw.sys
2011-12-29 00:27 . 2011-12-29 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2011-12-29 00:26 . 2011-12-29 00:26 -------- d-----w- c:\windows\OPTIONS
2011-12-29 00:26 . 2010-05-06 21:23 869920 ----a-w- c:\windows\system32\drivers\rtl8192se.sys
2011-12-29 00:26 . 2011-12-29 00:27 -------- d-----w- c:\program files\REALTEK PCIE Wireless LAN Driver
2011-12-29 00:26 . 2009-02-05 09:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2011-12-28 23:33 . 2001-08-17 20:28 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2011-12-28 23:33 . 2001-08-17 20:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2011-12-28 23:33 . 2001-08-17 19:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-12-28 23:33 . 2001-08-17 19:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2011-12-28 23:33 . 2001-08-17 19:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-12-28 23:33 . 2001-08-17 20:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-12-28 23:33 . 2008-04-14 12:00 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-12-28 23:33 . 2001-08-17 19:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-12-28 23:33 . 2001-08-17 19:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-12-28 23:33 . 2001-08-18 05:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-12-28 23:33 . 2008-04-14 12:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-12-28 23:33 . 2008-04-14 12:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-12-28 23:31 . 2001-08-17 21:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-12-28 23:30 . 2008-04-14 12:00 685056 -c--a-w- c:\windows\system32\dllcache\hsfcxts2.sys
2011-12-28 23:29 . 2001-08-17 20:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2011-12-28 23:28 . 2008-04-14 07:06 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2011-12-28 23:27 . 2008-04-14 05:05 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2011-12-28 23:26 . 2001-08-17 20:28 595647 -c--a-w- c:\windows\system32\dllcache\es56cvmp.sys
2011-12-28 23:25 . 2001-08-17 20:28 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2011-12-28 23:24 . 2001-08-18 05:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2011-12-28 23:23 . 2001-08-17 20:50 14848 -c--a-w- c:\windows\system32\dllcache\cyclom-y.sys
2011-12-28 23:22 . 2001-08-17 19:12 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2011-12-28 23:21 . 2001-08-17 21:01 36096 -c--a-w- c:\windows\system32\dllcache\avcaudio.sys
2011-12-28 23:20 . 2008-04-14 12:41 3775 -c--a-w- c:\windows\system32\dllcache\adv11nt5.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 22:24 . 2010-12-28 19:13 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 08:46 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-11-25 21:57 . 2010-07-22 07:37 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2010-07-22 07:37 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2010-07-22 07:37 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-07-22 07:37 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-07-22 07:37 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2010-07-22 07:37 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2010-07-22 07:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-07-22 07:37 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2010-07-22 07:37 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2010-07-22 07:37 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-07-22 07:37 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2010-07-22 07:37 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-07-22 07:37 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2010-07-22 07:37 186880 ----a-w- c:\windows\system32\encdec.dll
2012-01-10 09:31 . 2012-01-10 09:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-05_19.33.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 03:17 . 2011-05-14 03:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 08:06 . 2011-05-14 08:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 08:23 . 2011-05-14 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-14 01:37 . 2011-05-14 01:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-01-15 00:30 . 2012-01-15 00:30 16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat
+ 2010-07-22 07:37 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2010-07-22 07:37 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2010-07-22 08:45 . 2009-02-27 10:42 66440 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2010-07-22 08:45 . 2009-02-27 10:42 66440 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2010-07-22 07:37 . 2012-01-15 00:23 72582 c:\windows\system32\perfc009.dat
+ 2010-07-22 07:37 . 2011-09-26 18:41 20480 c:\windows\system32\oleaccrc.dll
- 2010-07-22 07:37 . 2009-10-08 20:56 20480 c:\windows\system32\oleaccrc.dll
+ 2010-07-22 08:45 . 2009-02-27 10:42 31640 c:\windows\system32\msonpmon.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 11:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 11:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
- 2010-07-22 07:37 . 2008-04-14 12:00 23040 c:\windows\system32\mciseq.dll
+ 2010-07-22 07:37 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
+ 2010-07-22 07:37 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2010-07-22 07:50 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-07-22 07:50 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-07-22 07:37 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2010-07-22 07:37 . 2011-09-26 18:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
- 2010-07-22 07:37 . 2009-10-08 20:56 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2010-07-22 07:37 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2010-07-22 07:37 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-07-22 07:56 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-07-22 07:56 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-07-22 07:37 . 2008-04-14 12:00 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2010-07-22 07:37 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2010-07-22 07:37 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2010-07-22 07:37 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-12-25 10:49 . 2011-12-25 10:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-09-23 22:55 . 2010-09-23 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 18:07 . 2011-12-25 18:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 06:49 . 2011-12-25 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 06:49 . 2011-12-25 06:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2012-01-07 03:15 . 2012-01-07 03:15 19968 c:\windows\Installer\114c3f1.msi
+ 2012-01-07 03:16 . 2012-01-07 03:16 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-06-21 03:26 . 2011-06-21 03:26 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2010-07-22 08:46 . 2012-01-07 03:23 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-07-22 08:46 . 2011-06-21 03:30 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-07-22 08:46 . 2011-06-21 03:30 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-07-22 08:46 . 2012-01-07 03:23 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-07-22 08:46 . 2012-01-07 03:23 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-07-22 08:46 . 2011-06-21 03:30 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-06-21 03:26 . 2011-06-21 03:26 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-01-07 03:16 . 2012-01-07 03:16 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-12-28 19:38 . 2011-06-21 03:25 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-28 19:38 . 2012-01-05 21:53 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-02-26 19:06 . 2009-02-26 19:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 19:06 . 2009-02-26 19:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2009-02-27 01:43 . 2009-02-27 01:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-27 00:45 . 2009-02-27 00:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2009-02-26 22:24 . 2009-02-26 22:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONFILTER.DLL
+ 2009-02-26 22:24 . 2009-02-26 22:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2009-02-27 00:45 . 2009-02-27 00:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 19:06 . 2009-02-26 19:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 19:06 . 2009-02-26 19:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-01-06 21:18 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-01-07 03:27 . 2012-01-07 03:27 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_49e56f5e\System.Drawing.Design.dll
+ 2012-01-07 03:26 . 2012-01-07 03:26 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_157eeb8c\CustomMarshalers.dll
+ 2012-01-06 22:29 . 2012-01-06 22:29 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\1ee639a35730f580f0266d2466d3976d\WindowsLiveWriter.ni.exe
+ 2012-01-06 22:31 . 2012-01-06 22:31 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4490f2c7ba373caac054470763d7081d\WindowsLive.Writer.Api.ni.dll
+ 2012-01-06 22:21 . 2012-01-06 22:21 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2012-01-06 22:38 . 2012-01-06 22:38 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2012-01-07 03:37 . 2012-01-07 03:37 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2012-01-06 22:17 . 2012-01-06 22:17 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
+ 2012-01-06 22:15 . 2012-01-06 22:15 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\a615508098c5f4f5a34e89d22527c9de\Microsoft.WSMan.Runtime.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\6fe0ec64be50db1d60d4b6f1ef914215\Microsoft.WSMan.Management.resources.ni.dll
+ 2012-01-06 22:37 . 2012-01-06 22:37 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f336ce6e2c551ae93c93f92cf60677bb\Microsoft.PowerShell.Commands.Diagnostics.resources.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d66515e04af07be267ca1d1b2b9a1113\Microsoft.PowerShell.GPowerShell.resources.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\caec9a9b0ae96df2e324cde6ebcac3e7\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 67072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c44cda92e7a0bc4224cb54409aab05f1\Microsoft.PowerShell.Editor.resources.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7891b4f8446137c93298b36129ee43b4\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 38912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\73e9eadf2fc234ff59c7297a4a96982b\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\65632f4fe9504960d242e8a7e88be8f5\Microsoft.PowerShell.GraphicalHost.resources.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 31744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\384f30e8714277e4c61af987d2e2e017\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 14848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\f667da1d215cd7d804c2e57a16aeb5e1\Microsoft.BackgroundIntelligentTransfer.Management.resources.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\17fc30ccabf04ef1cf60a571067bc6dc\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2012-01-06 22:27 . 2012-01-06 22:27 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-07 03:26 . 2012-01-07 03:26 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-01-01 01:47 . 2011-01-01 01:47 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-07 03:22 . 2012-01-07 03:22 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2012-01-07 03:22 . 2012-01-07 03:22 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2010-07-22 08:49 . 2010-07-22 08:49 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-07-22 07:52 . 2011-08-16 10:45 6144 c:\windows\system32\dllcache\iecompat.dll
+ 2012-01-11 06:42 . 2010-10-18 11:10 7680 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-07-01 10:25 . 2011-07-01 10:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-07-01 10:25 . 2011-07-01 10:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-05-14 08:17 . 2011-05-14 08:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 08:12 . 2011-05-14 08:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 08:11 . 2011-05-14 08:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2010-07-22 07:37 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2010-07-22 07:37 . 2008-04-14 12:00 176128 c:\windows\system32\winmm.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
- 2010-07-22 07:37 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
- 2008-07-30 02:59 . 2009-10-08 20:57 611328 c:\windows\system32\uiautomationcore.dll
+ 2008-07-30 02:59 . 2011-09-26 18:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2010-07-22 08:45 . 2009-02-27 10:42 863128 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2010-07-22 08:45 . 2009-02-27 10:42 863128 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2010-07-22 07:37 . 2012-01-15 00:23 443482 c:\windows\system32\perfh009.dat
+ 2010-07-22 07:37 . 2011-09-26 18:41 220160 c:\windows\system32\oleacc.dll
- 2010-07-22 07:37 . 2009-10-08 20:57 220160 c:\windows\system32\oleacc.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 11:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 11:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
- 2010-07-22 07:37 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2010-07-22 07:37 . 2011-10-28 16:07 726528 c:\windows\system32\jscript.dll
- 2010-07-22 07:02 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
+ 2010-07-22 07:02 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
+ 2010-07-22 07:37 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
- 2010-07-21 23:59 . 2011-04-18 12:47 248696 c:\windows\system32\FNTCACHE.DAT
+ 2010-07-21 23:59 . 2012-01-06 22:13 248696 c:\windows\system32\FNTCACHE.DAT
+ 2010-07-22 07:01 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
- 2010-07-22 07:01 . 2008-04-14 12:00 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2010-07-22 07:37 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
- 2010-07-22 07:37 . 2011-04-29 16:19 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2011-04-18 20:18 . 2011-04-18 20:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2010-07-22 07:37 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2010-07-22 07:37 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
+ 2010-07-22 07:37 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-07-22 07:37 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-07-22 07:37 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
- 2010-07-22 07:37 . 2008-04-14 12:00 176128 c:\windows\system32\dllcache\winmm.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
- 2010-07-22 07:37 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2010-07-22 07:37 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
- 2010-07-22 07:37 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
+ 2010-07-22 07:37 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2010-07-22 07:01 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2010-07-22 07:01 . 2008-04-14 12:00 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2010-07-22 07:37 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
- 2010-07-22 07:37 . 2008-04-14 12:00 386048 c:\windows\system32\dllcache\qdvd.dll
- 2010-07-22 07:37 . 2009-10-08 20:57 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2010-07-22 07:37 . 2011-09-26 18:41 220160 c:\windows\system32\dllcache\oleacc.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-07-22 07:56 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-07-22 07:56 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-07-22 07:37 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2010-07-22 07:37 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2010-07-22 07:37 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
+ 2010-07-22 07:37 . 2011-10-28 16:07 726528 c:\windows\system32\dllcache\jscript.dll
- 2010-07-22 07:02 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-07-22 07:02 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-07-22 07:50 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-07-22 07:50 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-09-18 20:31 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-09-18 20:31 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-07-22 07:37 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2010-07-22 07:37 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2010-07-22 07:37 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2010-07-22 07:37 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
+ 2010-07-22 07:37 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2010-07-22 07:37 . 2008-04-14 12:00 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2010-07-22 07:37 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2010-07-22 07:37 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
- 2010-07-22 07:37 . 2008-04-14 12:00 599040 c:\windows\system32\crypt32.dll
+ 2010-07-22 07:37 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
+ 2011-12-25 10:49 . 2011-12-25 10:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2011-03-25 12:15 . 2011-03-25 12:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-03-25 12:15 . 2011-03-25 12:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 05:53 . 2011-12-25 05:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 09:25 . 2010-09-23 09:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 06:49 . 2011-12-25 06:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2012-01-06 20:51 . 2012-01-06 20:51 467456 c:\windows\Installer\a91925.msi
+ 2012-01-06 17:36 . 2012-01-06 17:36 785920 c:\windows\Installer\a6b2d.msi
+ 2012-01-06 17:35 . 2012-01-06 17:35 483840 c:\windows\Installer\a6b27.msi
+ 2012-01-06 17:35 . 2012-01-06 17:35 301056 c:\windows\Installer\a6b22.msi
+ 2011-12-25 12:40 . 2011-12-25 12:40 819200 c:\windows\Installer\114c57c.msp
+ 2010-07-22 08:46 . 2012-01-07 03:23 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-07-22 08:46 . 2011-06-21 03:30 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-07-22 08:46 . 2012-01-07 03:23 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2010-07-22 08:46 . 2011-06-21 03:30 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-07-22 08:46 . 2012-01-07 03:23 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-07-22 08:46 . 2011-06-21 03:30 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-07-22 08:46 . 2011-06-21 03:30 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-07-22 08:46 . 2012-01-07 03:23 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-01-07 03:18 . 2012-01-07 03:18 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2010-07-22 08:47 . 2010-07-22 08:47 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-01-14 14:10 . 2011-01-14 14:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 14:10 . 2011-01-14 14:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2009-02-27 00:45 . 2009-02-27 00:45 509256 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12CVR.DLL
+ 2007-06-08 02:51 . 2007-06-08 02:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 13:27 . 2008-03-19 13:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2006-07-24 17:50 . 2006-07-24 17:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2008-10-25 13:18 . 2008-10-25 13:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2012-01-11 06:46 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2632503-IE8\spuninst\updspapi.dll
+ 2012-01-11 06:46 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2632503-IE8\spuninst\spuninst.exe
+ 2012-01-11 06:46 . 2011-03-04 06:37 726528 c:\windows\ie8updates\KB2632503-IE8\jscript.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-01-06 21:18 . 2009-03-08 11:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-01-06 21:18 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-01-06 21:18 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-01-06 21:18 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-01-06 21:18 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-01-11 06:42 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2012-01-11 06:42 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
+ 2012-01-07 03:27 . 2012-01-07 03:27 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_78ae93dd\System.Drawing.dll
+ 2012-01-07 03:28 . 2012-01-07 03:28 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_429da603\System.Drawing.Design.dll
+ 2012-01-07 03:28 . 2012-01-07 03:28 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c853c7a5\CustomMarshalers.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2012-01-07 03:35 . 2012-01-07 03:35 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\50a6b7b288e01e8fdec1c5ed85870aaf\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f3247ee4c8974dcb21978a283ca5dd37\WindowsLive.Writer.Interop.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\de41662d8b5a65327eb32e4601b29734\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-01-07 03:35 . 2012-01-07 03:35 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1b91ce62c2112134557681b72d1a014\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb87acb24dd38a2a35c460e960909f26\WindowsLive.Writer.Passport.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b9c42f04581b04b23db07d4d29e47a1d\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-01-07 03:35 . 2012-01-07 03:35 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ae16b5d368a8e9e2248c2e367ae3550b\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-01-07 03:35 . 2012-01-07 03:35 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7703006c43877a5e6463a0971bb59d1a\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\71caec3c513d97567d5196a72ee57ef0\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6adb0eaf9a145a2ba81619e49b1c4480\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\599239bb43737ad8063b7e9620a4c16e\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\49ab3a63512d9d028cc4fa800c1c3d2f\WindowsLive.Writer.Localization.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3ae7eae306c355e1efb728fac33b3965\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\14ddbf463c0b9b17f98d8f048777784a\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-01-06 22:29 . 2012-01-06 22:29 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0c0afa682f30eb3e75011f1c92b04129\WindowsLive.Writer.Controls.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\097baf70e23eed55818deec43d26c44a\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\a295b8cfd7c63e29f4972592e2b7ef4b\WindowsLive.Client.ni.dll
+ 2012-01-06 22:21 . 2012-01-06 22:21 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
+ 2012-01-06 22:21 . 2012-01-06 22:21 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2012-01-06 22:21 . 2012-01-06 22:21 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
+ 2012-01-06 22:39 . 2012-01-06 22:39 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2012-01-07 03:36 . 2012-01-07 03:36 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2012-01-07 03:37 . 2012-01-07 03:37 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-07 03:37 . 2012-01-07 03:37 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-01-07 03:37 . 2012-01-07 03:37 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-07 03:36 . 2012-01-07 03:36 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-01-07 03:36 . 2012-01-07 03:36 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
+ 2012-01-06 22:29 . 2012-01-06 22:29 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
+ 2012-01-06 22:29 . 2012-01-06 22:29 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-01-07 03:35 . 2012-01-07 03:35 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
+ 2012-01-06 22:37 . 2012-01-06 22:37 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
+ 2012-01-06 22:37 . 2012-01-06 22:37 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
+ 2012-01-06 22:37 . 2012-01-06 22:37 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
+ 2012-01-06 22:37 . 2012-01-06 22:37 250368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\fff9ba9f177c193d8c5ac9bc74d1ff6e\System.Management.Automation.resources.ni.dll
+ 2012-01-06 22:27 . 2012-01-06 22:27 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
+ 2012-01-06 22:27 . 2012-01-06 22:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
+ 2012-01-06 22:19 . 2012-01-06 22:19 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-06 22:36 . 2012-01-06 22:36 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-06 22:36 . 2012-01-06 22:36 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
+ 2012-01-06 22:36 . 2012-01-06 22:36 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
+ 2012-01-07 03:36 . 2012-01-07 03:36 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
+ 2012-01-06 22:29 . 2012-01-06 22:29 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
+ 2012-01-06 22:31 . 2012-01-06 22:31 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
+ 2012-01-07 03:36 . 2012-01-07 03:36 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-01-06 22:18 . 2012-01-06 22:18 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
+ 2012-01-06 22:18 . 2012-01-06 22:18 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
+ 2012-01-06 22:18 . 2012-01-06 22:18 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
+ 2012-01-06 22:18 . 2012-01-06 22:18 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2012-01-06 22:33 . 2012-01-06 22:33 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a976a4b51c81150402b0abee38f41ab1\Microsoft.WSMan.Management.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4a7b6bc850621fa2d38fb08f910ef7\Microsoft.PowerShell.Security.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b3d3d76cfc8350587616860fb0f64ccc\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6f6b54b6cebab6867dafeb6db1b98ab1\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\592e4b99037ec91cd4201d1ee28895b7\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3a03ec48148fa16aa65fd9ba5df49cb8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
+ 2012-01-07 03:34 . 2012-01-07 03:34 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-07-01 10:26 . 2011-07-01 10:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-07-01 10:26 . 2011-07-01 10:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-07 03:22 . 2012-01-07 03:22 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2010-07-22 08:49 . 2010-07-22 08:49 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-01-06 21:26 . 2012-01-06 21:26 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2012-01-07 03:22 . 2012-01-07 03:22 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2011-05-14 03:04 . 2011-05-14 03:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 03:04 . 2011-05-14 03:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2010-07-22 07:37 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
+ 2009-03-08 11:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2011-07-07 09:28 . 2011-07-07 09:28 1193320 c:\windows\system32\FM20.DLL
+ 2010-07-22 07:37 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
+ 2010-07-22 07:37 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-22 07:37 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-22 07:37 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2010-07-22 07:35 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2010-07-22 07:35 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-04-14 00:01 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-04-14 00:01 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2010-07-22 07:35 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-07-22 07:35 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-04-14 00:54 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-04-14 00:54 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-07-22 07:37 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2010-07-22 07:50 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-04-29 04:50 . 2011-04-29 04:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-01-18 10:39 . 2011-01-18 10:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-03-25 12:15 . 2011-03-25 12:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-03-25 12:15 . 2011-03-25 12:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 18:07 . 2011-12-25 18:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-09-23 22:55 . 2010-09-23 22:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 05:54 . 2011-12-25 05:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 05:53 . 2011-12-25 05:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-09-23 22:55 . 2010-09-23 22:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-11-01 20:34 . 2011-11-01 20:34 1552384 c:\windows\Installer\d94c96.msp
+ 2011-05-02 07:06 . 2011-05-02 07:06 2705920 c:\windows\Installer\d94c8e.msp
+ 2011-08-11 00:43 . 2011-08-11 00:43 3795968 c:\windows\Installer\d94c75.msp
+ 2011-11-01 20:34 . 2011-11-01 20:34 4250112 c:\windows\Installer\d94c63.msp
+ 2011-08-11 00:42 . 2011-08-11 00:42 7070208 c:\windows\Installer\d94c42.msp
+ 2011-11-01 20:34 . 2011-11-01 20:34 2247168 c:\windows\Installer\a9198b.msp
+ 2011-11-11 23:14 . 2011-11-11 23:14 9096192 c:\windows\Installer\a9197a.msp
+ 2011-11-01 20:34 . 2011-11-01 20:34 2531840 c:\windows\Installer\a91957.msp
+ 2011-11-11 23:15 . 2011-11-11 23:15 1795584 c:\windows\Installer\a9194f.msp
+ 2011-07-27 14:39 . 2011-07-27 14:39 9892352 c:\windows\Installer\a9192c.msp
+ 2011-11-11 23:16 . 2011-11-11 23:16 8458240 c:\windows\Installer\a9190d.msp
+ 2011-07-21 19:34 . 2011-07-21 19:34 3456000 c:\windows\Installer\3e09172.msp
+ 2011-12-26 16:59 . 2011-12-26 16:59 4368896 c:\windows\Installer\114c59e.msp
+ 2011-09-16 01:40 . 2011-09-16 01:40 7959552 c:\windows\Installer\114c575.msp
+ 2010-07-22 08:46 . 2012-01-07 03:23 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-07-22 08:46 . 2011-06-21 03:30 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-01-14 14:10 . 2011-01-14 14:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 14:10 . 2011-01-14 14:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 14:10 . 2011-01-14 14:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2011-07-07 09:58 . 2011-07-07 09:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 07:14 . 2011-08-03 07:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2011-08-17 16:49 . 2011-08-17 16:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2009-10-10 06:10 . 2009-10-10 06:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-07 09:58 . 2011-07-07 09:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 07:14 . 2011-08-03 07:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2006-10-27 03:25 . 2006-10-27 03:25 2172688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSRCHFEA.DLL
+ 2012-01-06 21:18 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-01-06 21:18 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-01-06 21:18 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2012-01-07 03:28 . 2012-01-07 03:28 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_bd4f7e6a\System.dll
+ 2012-01-07 03:26 . 2012-01-07 03:26 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_9bb276e8\System.dll
+ 2012-01-07 03:29 . 2012-01-07 03:29 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b43c65b6\System.Xml.dll
+ 2012-01-07 03:27 . 2012-01-07 03:27 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9b033b79\System.Xml.dll
+ 2012-01-07 03:28 . 2012-01-07 03:28 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b0776ed9\System.Windows.Forms.dll
+ 2012-01-07 03:27 . 2012-01-07 03:27 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ad5c58e9\System.Windows.Forms.dll
+ 2012-01-07 03:29 . 2012-01-07 03:29 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_03c4ce66\System.Drawing.dll
+ 2012-01-07 03:29 . 2012-01-07 03:29 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c2a1e76a\System.Design.dll
+ 2012-01-07 03:27 . 2012-01-07 03:27 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_6859b9ae\System.Design.dll
+ 2012-01-07 03:29 . 2012-01-07 03:29 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_764c803f\mscorlib.dll
+ 2012-01-07 03:27 . 2012-01-07 03:27 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4113fd28\mscorlib.dll
+ 2012-01-07 03:35 . 2012-01-07 03:35 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d2ab8b140af5c2c72d46d8499326ef76\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-01-07 03:35 . 2012-01-07 03:35 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa480ebaa7b235a22c8598d6bc52131a\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ea9639305271fc22aa925a7356d7db6\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-01-06 22:16 . 2012-01-06 22:16 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
+ 2012-01-06 22:21 . 2012-01-06 22:21 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
+ 2012-01-06 22:15 . 2012-01-06 22:15 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
+ 2012-01-06 22:20 . 2012-01-06 22:20 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
+ 2012-01-07 03:37 . 2012-01-07 03:37 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-07 03:37 . 2012-01-07 03:37 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-07 03:37 . 2012-01-07 03:37 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-07 03:37 . 2012-01-07 03:37 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-07 03:35 . 2012-01-07 03:35 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-07 03:37 . 2012-01-07 03:37 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-07 03:36 . 2012-01-07 03:36 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-01-06 22:19 . 2012-01-06 22:19 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll
+ 2012-01-07 03:36 . 2012-01-07 03:36 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-01-06 22:27 . 2012-01-06 22:27 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
+ 2012-01-06 22:19 . 2012-01-06 22:19 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
+ 2012-01-06 22:36 . 2012-01-06 22:37 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\3959e9012ee532343861eb35c6c72b24\System.Management.Automation.ni.dll
+ 2012-01-07 03:34 . 2012-01-07 03:34 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-01-06 22:19 . 2012-01-06 22:19 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
+ 2012-01-06 22:29 . 2012-01-06 22:29 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
+ 2012-01-06 22:18 . 2012-01-06 22:18 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
+ 2012-01-06 22:29 . 2012-01-06 22:29 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
+ 2012-01-07 03:36 . 2012-01-07 03:36 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-01-06 22:30 . 2012-01-06 22:30 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5d5aa4b926ae422607ea833d934665c2\System.Data.OracleClient.ni.dll
+ 2012-01-06 22:18 . 2012-01-06 22:18 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
+ 2012-01-06 22:35 . 2012-01-06 22:35 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll
+ 2012-01-06 22:18 . 2012-01-06 22:18 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
+ 2012-01-06 22:18 . 2012-01-06 22:18 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
+ 2012-01-06 22:18 . 2012-01-06 22:18 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
+ 2012-01-06 22:15 . 2012-01-06 22:15 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad515bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll
+ 2012-01-07 03:36 . 2012-01-07 03:36 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-06 22:33 . 2012-01-06 22:33 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fba2661cffd923f17dbfa6662adf5ce3\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eb5b6ad2dc6e2ecbdbb1ce1bf754b32e\Microsoft.PowerShell.Editor.ni.dll
+ 2012-01-07 03:36 . 2012-01-07 03:36 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6c46eade19e6f222f8b233ab0065d84a\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-06 22:37 . 2012-01-06 22:37 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
+ 2012-01-06 22:32 . 2012-01-06 22:32 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-01-06 22:31 . 2012-01-06 22:31 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
- 2011-07-01 10:26 . 2011-07-01 10:26 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-01-01 02:13 . 2011-01-01 02:13 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-07 03:25 . 2012-01-07 03:25 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-07 03:30 . 2012-01-07 03:30 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-07-01 10:25 . 2011-07-01 10:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-07-01 10:25 . 2011-07-01 10:25 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-07 03:31 . 2012-01-07 03:31 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-07 03:26 . 2012-01-07 03:26 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2011-01-01 01:47 . 2011-01-01 01:47 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-07 03:26 . 2012-01-07 03:26 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-07 03:26 . 2012-01-07 03:26 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-07 03:22 . 2012-01-07 03:22 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2011-01-05 06:29 . 2012-01-11 22:44 52128560 c:\windows\system32\MRT.exe
- 2009-03-08 11:39 . 2011-04-26 16:11 11081728 c:\windows\system32\ieframe.dll
+ 2009-03-08 11:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
- 2010-07-22 07:50 . 2011-04-26 16:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2010-07-22 07:50 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-27 00:02 . 2011-12-27 00:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2011-07-12 03:43 . 2011-07-12 03:43 11641344 c:\windows\Installer\d94c6d.msp
+ 2011-07-12 22:50 . 2011-07-12 22:50 17555968 c:\windows\Installer\a91906.msp
+ 2012-01-05 21:52 . 2012-01-05 21:52 20333568 c:\windows\Installer\7f8f2f.msp
+ 2011-12-26 16:02 . 2011-12-26 16:02 19677184 c:\windows\Installer\114c595.msp
+ 2011-09-16 01:39 . 2011-09-16 01:39 11163136 c:\windows\Installer\114c56c.msp
+ 2011-09-16 01:38 . 2011-09-16 01:38 10838528 c:\windows\Installer\114c561.msp
+ 2011-09-16 01:37 . 2011-09-16 01:37 34428416 c:\windows\Installer\114c452.msp
+ 2011-09-16 01:37 . 2011-09-16 01:37 16691712 c:\windows\Installer\114c443.msp
+ 2011-09-16 01:37 . 2011-09-16 01:37 37148160 c:\windows\Installer\114c42b.msp
+ 2011-09-16 01:37 . 2011-09-16 01:37 38176256 c:\windows\Installer\114c421.msp
+ 2011-08-04 02:53 . 2011-08-04 02:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\MSO.DLL
+ 2011-08-17 17:01 . 2011-08-17 17:01 16149352 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OART.DLL
+ 2011-08-04 02:53 . 2011-08-04 02:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2012-01-06 21:18 . 2011-04-26 16:11 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2012-01-06 22:20 . 2012-01-06 22:20 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
+ 2012-01-07 03:35 . 2012-01-07 03:35 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-01-07 03:34 . 2012-01-07 03:35 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-01-07 03:32 . 2012-01-07 03:32 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
+ 2012-01-06 22:17 . 2012-01-06 22:18 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
+ 2012-01-06 22:16 . 2012-01-06 22:16 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
+ 2012-01-06 21:46 . 2012-01-06 21:46 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2011-09-16 01:34 . 2011-09-16 01:34 428804608 c:\windows\Installer\114c557.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-7-22 704032]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/17/2011 9:56 AM 218688]
R1 MpKsl086c05e9;MpKsl086c05e9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0815518-21D6-4311-86D7-DCA70D7FF859}\MpKsl086c05e9.sys [1/14/2012 5:30 PM 29904]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [7/22/2010 2:04 AM 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [7/22/2010 2:04 AM 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [7/22/2010 2:04 AM 58800]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [1/10/2012 11:23 PM 497496]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [7/19/2010 1:11 AM 321104]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [7/22/2010 2:12 AM 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [7/22/2010 1:56 AM 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [7/22/2010 12:38 AM 61552]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [9/18/2010 1:35 PM 3221120]
S0 89230503;89230503;c:\windows\system32\drivers\35165979.sys --> c:\windows\system32\drivers\35165979.sys [?]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\System32\svchost.exe -k Sqlses [7/22/2010 12:37 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/22/2010 1:30 AM 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [7/22/2010 1:31 AM 82384]
S3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [5/26/2010 7:41 PM 305520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/22/2010 12:37 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL086C05E9
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Sqlses REG_MULTI_SZ SqlCSS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\4cdj7c2a.default\
FF - user.js: dom.disable_window_open_feature.minimizable - True
FF - user.js: dom.disable_window_open_feature.menubar - True
FF - user.js: dom.disable_window_open_feature.scrollbars - True
.
- - - - ORPHANS REMOVED - - - -
.
Notify-Sqlseses - sqlesw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 17:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WININET.dll
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\WebCam\S6000\S6000Mnt.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-01-14 17:35:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-15 00:35
ComboFix2.txt 2012-01-05 19:38
.
Pre-Run: 113,161,695,232 bytes free
Post-Run: 113,165,582,336 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 843A94D4F5706D5FA7AC9C58AB36CBDB


Edited by rootkitsaremybane, 14 January 2012 - 06:41 PM.

  • 0

#6
Essexboy
Posted 15 January 2012 - 05:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Still a folder to remove, also could you check out windows updates and windows security centre to ensure that they are working

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\windows\$NtUninstallKB61615$

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#7
rootkitsaremybane
Posted 17 January 2012 - 05:17 AM

rootkitsaremybane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Seems now my keyboard is disabled after doing that last thing ya said, though who knows, it's probably more than that. but here's the next chunk. I should mention my netbook does detect the keyboard, it's just not working with any commands and neither is the mouse pad. A USB mouse does work however.

ComboFix 12-01-16.05 - Dan 01/17/2012 3:51.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.632 [GMT -7:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dan\Local Settings\Application Data\vvqrpuao.exe
c:\windows\$NtUninstallKB61615$\2704036227\@
c:\windows\$NtUninstallKB61615$\2704036227\bckfg.tmp
c:\windows\$NtUninstallKB61615$\2704036227\cfg.ini
c:\windows\$NtUninstallKB61615$\2704036227\Desktop.ini
c:\windows\$NtUninstallKB61615$\2704036227\kwrd.dll
c:\windows\$NtUninstallKB61615$\2704036227\L\vtkohwnq
c:\windows\$NtUninstallKB61615$\2704036227\lsflt7.ver
c:\windows\$NtUninstallKB61615$\2704036227\U\00000001.@
c:\windows\$NtUninstallKB61615$\2704036227\U\00000002.@
c:\windows\$NtUninstallKB61615$\2704036227\U\00000004.@
c:\windows\$NtUninstallKB61615$\2704036227\U\80000000.@
c:\windows\$NtUninstallKB61615$\2704036227\U\80000004.@
c:\windows\$NtUninstallKB61615$\2704036227\U\80000032.@
c:\windows\$NtUninstallKB61615$\2958600693
c:\windows\$NtUninstallKB61615$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 11:02 . 2012-01-17 11:02 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84765E88-8B64-45CB-ACC3-F80AB3420AC0}\MpKsl5d8b1e00.sys
2012-01-17 11:02 . 2012-01-17 11:02 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84765E88-8B64-45CB-ACC3-F80AB3420AC0}\offreg.dll
2012-01-16 11:07 . 2011-11-30 09:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84765E88-8B64-45CB-ACC3-F80AB3420AC0}\mpengine.dll
2012-01-14 23:49 . 2012-01-14 23:49 -------- d-----w- C:\_OTL
2012-01-14 11:42 . 2012-01-14 11:42 -------- d-----w- C:\RK_Quarantine
2012-01-12 18:43 . 2012-01-12 18:43 -------- d-----w- C:\Malwarebytes
2012-01-12 18:42 . 2012-01-12 18:42 -------- d-----w- C:\IObit
2012-01-11 20:41 . 2012-01-11 20:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-01-07 08:49 . 2011-11-30 09:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-06 22:22 . 2012-01-06 22:22 -------- d-----w- c:\program files\CCleaner
2012-01-06 20:49 . 2012-01-06 22:13 -------- d-----w- c:\windows\SxsCaPendDel
2012-01-06 19:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 17:35 . 2012-01-06 17:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-05 19:59 . 2012-01-05 19:59 -------- d-sh--w- c:\documents and settings\Dan\IECompatCache
2012-01-05 19:27 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-05 18:22 . 2012-01-05 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-12-29 00:28 . 2011-12-29 00:28 -------- d-----w- c:\program files\Broadcom
2011-12-29 00:27 . 2011-12-29 00:27 -------- d-----w- c:\program files\Atheros
2011-12-29 00:27 . 2010-01-04 23:54 1602856 ----a-w- c:\windows\system32\athw.sys
2011-12-29 00:27 . 2011-12-29 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2011-12-29 00:26 . 2011-12-29 00:26 -------- d-----w- c:\windows\OPTIONS
2011-12-29 00:26 . 2010-05-06 21:23 869920 ----a-w- c:\windows\system32\drivers\rtl8192se.sys
2011-12-29 00:26 . 2011-12-29 00:27 -------- d-----w- c:\program files\REALTEK PCIE Wireless LAN Driver
2011-12-29 00:26 . 2009-02-05 09:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2011-12-28 23:30 . 2008-04-14 12:00 685056 -c--a-w- c:\windows\system32\dllcache\hsfcxts2.sys
2011-12-28 23:30 . 2008-04-14 12:00 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2011-12-28 23:30 . 2008-04-14 12:00 32285 -c--a-w- c:\windows\system32\dllcache\hsfcisp2.dll
2011-12-28 23:30 . 2008-04-14 12:00 220032 -c--a-w- c:\windows\system32\dllcache\hsfbs2s2.sys
2011-12-28 23:30 . 2001-08-17 20:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2011-12-28 23:30 . 2001-08-18 05:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2011-12-28 23:28 . 2008-04-14 07:06 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2011-12-28 23:27 . 2008-04-14 05:05 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2011-12-28 23:26 . 2001-08-17 20:28 595647 -c--a-w- c:\windows\system32\dllcache\es56cvmp.sys
2011-12-28 23:25 . 2001-08-17 20:28 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2011-12-28 23:24 . 2001-08-18 05:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2011-12-28 23:23 . 2001-08-17 20:50 14848 -c--a-w- c:\windows\system32\dllcache\cyclom-y.sys
2011-12-28 23:22 . 2001-08-17 19:12 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2011-12-28 23:21 . 2001-08-17 21:01 36096 -c--a-w- c:\windows\system32\dllcache\avcaudio.sys
2011-12-28 23:20 . 2008-04-14 12:41 3775 -c--a-w- c:\windows\system32\dllcache\adv11nt5.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 22:24 . 2010-12-28 19:13 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 08:46 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-11-25 21:57 . 2010-07-22 07:37 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2010-07-22 07:37 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2010-07-22 07:37 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-07-22 07:37 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-07-22 07:37 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2010-07-22 07:37 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2010-07-22 07:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-07-22 07:37 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2010-07-22 07:37 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2010-07-22 07:37 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-07-22 07:37 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2010-07-22 07:37 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-07-22 07:37 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-10 09:31 . 2012-01-10 09:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-15_00.30.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-17 11:03 . 2012-01-17 11:03 16384 c:\windows\Temp\Perflib_Perfdata_2bc.dat
+ 2010-07-22 07:37 . 2012-01-17 10:54 72582 c:\windows\system32\perfc009.dat
- 2010-07-22 07:37 . 2012-01-15 00:23 72582 c:\windows\system32\perfc009.dat
+ 2010-07-22 07:37 . 2012-01-17 10:54 443482 c:\windows\system32\perfh009.dat
- 2010-07-22 07:37 . 2012-01-15 00:23 443482 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-7-22 704032]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/17/2011 9:56 AM 218688]
R1 MpKsl5d8b1e00;MpKsl5d8b1e00;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84765E88-8B64-45CB-ACC3-F80AB3420AC0}\MpKsl5d8b1e00.sys [1/17/2012 4:02 AM 29904]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [7/22/2010 2:04 AM 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [7/22/2010 2:04 AM 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [7/22/2010 2:04 AM 58800]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [1/10/2012 11:23 PM 497496]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [7/19/2010 1:11 AM 321104]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [7/22/2010 2:12 AM 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [7/22/2010 1:56 AM 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [7/22/2010 12:38 AM 61552]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [9/18/2010 1:35 PM 3221120]
S0 89230503;89230503;c:\windows\system32\drivers\35165979.sys --> c:\windows\system32\drivers\35165979.sys [?]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\System32\svchost.exe -k Sqlses [7/22/2010 12:37 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/22/2010 1:30 AM 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [7/22/2010 1:31 AM 82384]
S3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [5/26/2010 7:41 PM 305520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/22/2010 12:37 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL5D8B1E00
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Sqlses REG_MULTI_SZ SqlCSS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\4cdj7c2a.default\
FF - user.js: dom.disable_window_open_feature.minimizable - True
FF - user.js: dom.disable_window_open_feature.menubar - True
FF - user.js: dom.disable_window_open_feature.scrollbars - True
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 04:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1944)
c:\windows\system32\WININET.dll
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\locator.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\WebCam\S6000\S6000Mnt.exe
c:\windows\RTHDCPL.EXE
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-01-17 04:08:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 11:08
ComboFix2.txt 2012-01-15 00:35
ComboFix3.txt 2012-01-05 19:38
.
Pre-Run: 113,553,346,560 bytes free
Post-Run: 113,635,250,176 bytes free
.
- - End Of File - - EE9F911A207753FC06CD04BA1053361B


Edited by rootkitsaremybane, 17 January 2012 - 05:22 AM.

  • 0

#8
Essexboy
Posted 17 January 2012 - 06:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We may have to replace the drivers but first we need to take a final swipe at the folder

What is the make and model of your laptop so that I can search out the drivers

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\windows\$NtUninstallKB61615$::

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
rootkitsaremybane
Posted 18 January 2012 - 12:07 AM

rootkitsaremybane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
My netbook is an Acer Aspire One model number AOD255.

ComboFix 12-01-16.05 - Dan 01/17/2012 22:40:10.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.638 [GMT -7:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-18 05:39 . 2012-01-18 05:39 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47D2F245-B216-4C10-B2D2-5E59DAB8B996}\offreg.dll
2012-01-17 11:21 . 2011-11-30 09:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47D2F245-B216-4C10-B2D2-5E59DAB8B996}\mpengine.dll
2012-01-14 23:49 . 2012-01-14 23:49 -------- d-----w- C:\_OTL
2012-01-14 11:42 . 2012-01-14 11:42 -------- d-----w- C:\RK_Quarantine
2012-01-12 18:43 . 2012-01-12 18:43 -------- d-----w- C:\Malwarebytes
2012-01-12 18:42 . 2012-01-12 18:42 -------- d-----w- C:\IObit
2012-01-11 20:41 . 2012-01-11 20:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-01-07 08:49 . 2011-11-30 09:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-06 22:22 . 2012-01-06 22:22 -------- d-----w- c:\program files\CCleaner
2012-01-06 20:49 . 2012-01-06 22:13 -------- d-----w- c:\windows\SxsCaPendDel
2012-01-06 19:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 17:35 . 2012-01-06 17:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-05 19:59 . 2012-01-05 19:59 -------- d-sh--w- c:\documents and settings\Dan\IECompatCache
2012-01-05 19:27 . 2008-04-14 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-01-05 19:27 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-05 18:22 . 2012-01-05 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-12-29 00:28 . 2011-12-29 00:28 -------- d-----w- c:\program files\Broadcom
2011-12-29 00:27 . 2011-12-29 00:27 -------- d-----w- c:\program files\Atheros
2011-12-29 00:27 . 2010-01-04 23:54 1602856 ----a-w- c:\windows\system32\athw.sys
2011-12-29 00:27 . 2011-12-29 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2011-12-29 00:26 . 2011-12-29 00:26 -------- d-----w- c:\windows\OPTIONS
2011-12-29 00:26 . 2010-05-06 21:23 869920 ----a-w- c:\windows\system32\drivers\rtl8192se.sys
2011-12-29 00:26 . 2011-12-29 00:27 -------- d-----w- c:\program files\REALTEK PCIE Wireless LAN Driver
2011-12-29 00:26 . 2009-02-05 09:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2011-12-28 23:55 . 2008-04-14 12:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-12-28 23:55 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-12-28 23:55 . 2008-04-14 12:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-12-28 23:55 . 2001-08-18 05:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-12-28 23:55 . 2001-08-18 05:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-12-28 23:55 . 2001-08-18 05:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-12-28 23:55 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-12-28 23:55 . 2008-04-14 05:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-12-28 23:55 . 2008-04-14 05:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-12-28 23:55 . 2008-04-14 12:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-12-28 23:54 . 2008-04-14 05:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-12-28 23:54 . 2001-08-17 19:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-12-28 23:54 . 2001-08-17 20:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-12-28 23:54 . 2001-08-18 05:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-12-28 23:54 . 2001-08-18 05:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-12-28 23:54 . 2001-08-17 20:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2011-12-28 23:54 . 2008-04-14 07:15 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-12-28 23:54 . 2008-04-14 05:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2011-12-28 23:52 . 2001-08-17 20:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-12-28 23:51 . 2001-08-18 05:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-12-28 23:51 . 2001-08-18 05:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-12-28 23:51 . 2001-08-18 05:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-12-28 23:51 . 2001-08-18 05:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-12-28 23:51 . 2001-08-18 05:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-12-28 23:51 . 2001-08-17 20:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-12-28 23:51 . 2001-08-18 05:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-12-28 23:51 . 2001-08-18 05:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-12-28 23:51 . 2001-08-18 05:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-12-28 23:51 . 2001-08-18 05:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-12-28 23:51 . 2008-04-14 07:06 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2011-12-28 23:51 . 2001-08-17 20:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-12-28 23:50 . 2001-08-17 19:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-12-28 23:50 . 2001-08-18 05:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-12-28 23:50 . 2001-08-17 19:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-12-28 23:50 . 2001-08-17 21:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-12-28 23:50 . 2001-08-17 19:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-12-28 23:50 . 2001-08-17 21:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-12-28 23:50 . 2001-08-17 19:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-12-28 23:50 . 2001-08-18 05:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-12-28 23:50 . 2008-04-14 12:42 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-12-28 23:50 . 2001-08-18 05:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2011-12-28 23:50 . 2001-08-17 21:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-12-28 23:49 . 2001-08-17 21:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-12-28 23:49 . 2001-08-17 19:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-12-28 23:49 . 2001-08-17 19:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-12-28 23:49 . 2001-08-17 19:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-12-28 23:49 . 2001-08-17 21:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-12-28 23:49 . 2008-04-14 12:00 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-12-28 23:49 . 2001-08-17 19:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-12-28 23:49 . 2001-08-17 19:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-12-28 23:49 . 2001-08-17 20:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-12-28 23:49 . 2001-08-17 20:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-12-28 23:49 . 2001-08-17 19:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-12-28 23:48 . 2001-08-17 21:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-12-28 23:48 . 2001-08-18 05:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-12-28 23:48 . 2001-08-17 20:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-12-28 23:48 . 2001-08-17 21:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-12-28 23:48 . 2001-08-18 05:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-12-28 23:48 . 2001-08-18 05:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-12-28 23:48 . 2001-08-18 05:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-12-28 23:48 . 2001-08-18 05:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-12-28 23:48 . 2001-08-18 05:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-12-28 23:48 . 2001-08-18 05:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-12-28 23:48 . 2001-08-17 19:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-12-28 23:47 . 2001-08-17 20:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-12-28 23:47 . 2001-08-17 19:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-12-28 23:47 . 2001-08-18 05:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-12-28 23:47 . 2001-08-18 05:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-12-28 23:47 . 2001-08-17 20:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-12-28 23:47 . 2001-08-18 05:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-12-28 23:47 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-12-28 23:47 . 2001-08-17 19:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-12-28 23:47 . 2001-08-18 05:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-12-28 23:47 . 2001-08-17 19:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-12-28 23:47 . 2001-08-17 20:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-12-28 23:47 . 2008-04-14 07:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-12-28 23:45 . 2001-08-18 05:36 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2011-12-28 23:44 . 2001-07-21 21:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-12-28 23:44 . 2001-07-21 21:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-12-28 23:44 . 2001-08-17 19:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-12-28 23:44 . 2001-08-18 05:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-12-28 23:44 . 2001-08-17 19:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-12-28 23:44 . 2001-08-17 20:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-12-28 23:44 . 2001-08-17 20:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2011-12-28 23:44 . 2001-08-17 20:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-12-28 23:44 . 2008-04-14 07:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-12-28 23:44 . 2001-08-17 20:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2011-12-28 23:44 . 2001-08-17 20:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2011-12-28 23:44 . 2001-08-17 20:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-12-28 23:42 . 2001-08-17 21:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2011-12-28 23:41 . 2001-08-18 05:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-12-28 23:41 . 2008-04-14 12:00 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2011-12-28 23:41 . 2001-08-17 20:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-12-28 23:41 . 2001-08-17 20:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-12-28 23:41 . 2001-08-17 20:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-12-28 23:41 . 2001-08-18 05:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-12-28 23:41 . 2001-08-17 20:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-12-28 23:41 . 2008-04-14 07:10 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-12-28 23:41 . 2001-08-17 20:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-12-28 23:41 . 2001-08-17 20:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2011-12-28 23:41 . 2001-08-17 20:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 22:24 . 2010-12-28 19:13 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 08:46 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-11-25 21:57 . 2010-07-22 07:37 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2010-07-22 07:37 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2010-07-22 07:37 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-07-22 07:37 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-07-22 07:37 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2010-07-22 07:37 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2010-07-22 07:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-07-22 07:37 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2010-07-22 07:37 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2010-07-22 07:37 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-07-22 07:37 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2010-07-22 07:37 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-07-22 07:37 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-10 09:31 . 2012-01-10 09:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-15_00.30.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-18 05:39 . 2012-01-18 05:39 16384 c:\windows\Temp\Perflib_Perfdata_290.dat
+ 2010-07-22 07:37 . 2012-01-18 05:43 72582 c:\windows\system32\perfc009.dat
- 2010-07-22 07:37 . 2012-01-15 00:23 72582 c:\windows\system32\perfc009.dat
+ 2010-07-22 07:37 . 2012-01-18 05:43 443482 c:\windows\system32\perfh009.dat
- 2010-07-22 07:37 . 2012-01-15 00:23 443482 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-7-22 704032]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/17/2011 9:56 AM 218688]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [7/22/2010 2:04 AM 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [7/22/2010 2:04 AM 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [7/22/2010 2:04 AM 58800]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [1/10/2012 11:23 PM 497496]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [7/19/2010 1:11 AM 321104]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [7/22/2010 2:12 AM 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [7/22/2010 1:56 AM 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [7/22/2010 12:38 AM 61552]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [9/18/2010 1:35 PM 3221120]
S0 89230503;89230503;c:\windows\system32\drivers\35165979.sys --> c:\windows\system32\drivers\35165979.sys [?]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\System32\svchost.exe -k Sqlses [7/22/2010 12:37 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/22/2010 1:30 AM 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [7/22/2010 1:31 AM 82384]
S3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [5/26/2010 7:41 PM 305520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/22/2010 12:37 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Sqlses REG_MULTI_SZ SqlCSS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\4cdj7c2a.default\
FF - user.js: dom.disable_window_open_feature.minimizable - True
FF - user.js: dom.disable_window_open_feature.menubar - True
FF - user.js: dom.disable_window_open_feature.scrollbars - True
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 22:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-01-17 22:51:11
ComboFix-quarantined-files.txt 2012-01-18 05:51
ComboFix2.txt 2012-01-17 11:08
ComboFix3.txt 2012-01-15 00:35
ComboFix4.txt 2012-01-05 19:38
.
Pre-Run: 113,580,494,848 bytes free
Post-Run: 113,588,989,952 bytes free
.
- - End Of File - - 3A94FE520E5B8052B9432B50562B632B


  • 0

#10
Essexboy
Posted 18 January 2012 - 07:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The touchpad driver is located here download and install that

What are your current problems ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#11
rootkitsaremybane
Posted 18 January 2012 - 08:58 PM

rootkitsaremybane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here's the MBAM report. Everything is working properly now. The only concern I have really is that out of all the times I've used ComboFix, each time it said I was infected with the Zero.Access rootkit but I don't have any suspicious processes running so I don't know if maybe it's just thinking a fix was a rootkit or if it is actually a rootkit.

alwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.18.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dan :: WTFBOOM [administrator]

1/18/2012 1:42:25 PM
mbam-log-2012-01-18 (13-42-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281093
Time elapsed: 1 hour(s), 29 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dan\Local Settings\Application Data\xpi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Qoobox\Quarantine\C\Documents and Settings\Dan\Local Settings\Application Data\vvqrpuao.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)


  • 0

#12
Essexboy
Posted 19 January 2012 - 04:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
By the definition of a rootkit you will not see it running in task manager as it is hidden

Lets run one final check

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#13
rootkitsaremybane
Posted 19 January 2012 - 05:02 AM

rootkitsaremybane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
here's that last log for ya

swMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 03:44:58
-----------------------------
03:44:58.250 OS Version: Windows 5.1.2600 Service Pack 3
03:44:58.250 Number of processors: 2 586 0x1C0A
03:44:58.250 ComputerName: WTFBOOM UserName: Dan
03:45:01.578 Initialize success
03:46:37.906 AVAST engine defs: 12011900
03:47:02.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:47:02.328 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
03:47:02.359 Disk 0 MBR read successfully
03:47:02.375 Disk 0 MBR scan
03:47:02.437 Disk 0 Windows 7 default MBR code
03:47:02.468 Disk 0 Partition 1 00 12 Compaq diag NTFS 11264 MB offset 2048
03:47:02.546 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 141361 MB offset 23070720
03:47:02.718 Disk 0 scanning sectors +312578048
03:47:02.921 Disk 0 scanning C:\WINDOWS\system32\drivers
03:47:30.843 Service scanning
03:47:31.468 Service MpKsl3b3019a6 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{910D2608-C520-496D-9B1B-3FFB947E7557}\MpKsl3b3019a6.sys **LOCKED** 32
03:47:32.203 Modules scanning
03:47:40.890 Disk 0 trace - called modules:
03:47:40.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
03:47:40.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d6d030]
03:47:41.015 3 CLASSPNP.SYS[f75f2fd7] -> nt!IofCallDriver -> \Device\00000066[0x86d7cd80]
03:47:41.031 5 ACPI.sys[f7489620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86d6e028]
03:47:42.625 AVAST engine scan C:\WINDOWS
03:48:03.515 AVAST engine scan C:\WINDOWS\system32
03:52:44.796 AVAST engine scan C:\WINDOWS\system32\drivers
03:53:18.828 AVAST engine scan C:\Documents and Settings\Dan
03:56:08.546 AVAST engine scan C:\Documents and Settings\All Users
04:00:19.750 Scan finished successfully
04:02:20.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dan\Desktop\MBR.dat"
04:02:21.031 The log file has been saved successfully to "C:\Documents and Settings\Dan\Desktop\aswMBR.txt"



  • 0

#14
Essexboy
Posted 19 January 2012 - 06:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#15
Essexboy
Posted 20 January 2012 - 12:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP