1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Unable to access Windows Updates and Google being redirected

Discussion in 'Malware and Virus Removal Archive' started by Cliffhanger, 2010/12/08.

Page 1 of 2
  1. 2010/12/08
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    [Resolved] Unable to access Windows Updates and Google being redirected

    Good morning. I'm helping clean up a friends laptop and have cleared quite a bit of malware off of it already, but I'm stumped on one issue:

    I'm unable to access Windows Updates. I receive a "Cannot display the webpage" error when I try. All other websites appear to work fine.

    Logs to follow

    Thanks in advance for any help,
    Cliffhanger
     
    Cliffhanger,
    #1
  2. 2010/12/08
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    Malware Bytes Log

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5271

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/8/2010 10:15:49 AM
    mbam-log-2010-12-08 (10-15-49).txt

    Scan type: Quick scan
    Objects scanned: 139551
    Time elapsed: 4 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    Cliffhanger,
    #2


  3. to hide this advert.

  4. 2010/12/08
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    GMER Log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-08 10:28:17
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD16 rev.11.0
    Running: zt8ofp44.exe; Driver: C:\DOCUME~1\THECOM~1\LOCALS~1\Temp\agtoapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAD2026B8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAD202574]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAD202A52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAD20214C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAD20264E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAD20208C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAD2020F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAD20276E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAD20272E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAD2028AE]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7CFE380, 0x37DE8D, 0xE8000020]
    init C:\WINDOWS\system32\Drivers\OEM13Afx.sys entry point in "init" section [0xB1312310]
    .rsrc C:\WINDOWS\System32\drivers\afd.sys entry point in ".rsrc" section [0xAD30FC94]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[524] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
    .text C:\WINDOWS\Explorer.EXE[524] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
    .text C:\WINDOWS\Explorer.EXE[524] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 05BC5110
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 05BCD150
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 05BC4108
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!AnimateWindow 7E422156 5 Bytes JMP 05BC9130
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 05BCA138
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 05BC3100
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 05BC8128
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 05BCC148
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 05BC6118
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!DestroyWindow 7E42B19C 5 Bytes JMP 05BC7120
    .text C:\PROGRA~1\Raptr\raptr.exe[684] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 05BCB140
    .text C:\PROGRA~1\Raptr\raptr.exe[684] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 05BC20F8
    .text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
    .text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
    .text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
    .text C:\WINDOWS\System32\svchost.exe[1360] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F6000A
    .text C:\Program Files\Xfire\Xfire.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03CD2D09 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 03CD26AD C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 03CD2125 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!ReleaseDC 7E41869D 3 Bytes JMP 03CD208A C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!ReleaseDC + 4 7E4186A1 1 Byte [85]
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 03CD1FF6 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!CreateDialogParamW 7E41EA3B 3 Bytes JMP 03CD27F8 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!CreateDialogParamW + 4 7E41EA3F 1 Byte [85]
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 03CD2946 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 03CD2754 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!InvalidateRect 7E428FD5 5 Bytes JMP 03CD226D C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 03CD1F62 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 03CD2441 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 03CD24D9 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!RedrawWindow 7E429944 5 Bytes JMP 03CD2574 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 03CD289C C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!IsWindowVisible 7E429E3D 7 Bytes JMP 03CD2A97 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!SetFocus 7E42B112 5 Bytes JMP 03CD21D5 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 03CD23A9 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!InvalidateRgn 7E42CDFE 5 Bytes JMP 03CD230B C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 03CD29DE C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 03CD2615 C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)
    .text C:\Program Files\Xfire\Xfire.exe[1880] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 03CD2C5F C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Toucan DLL/Xfire Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 88A99AEA

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \FileSystem\Fastfat \Fat A8AE8D20
    Device \FileSystem\Fastfat \Fat A8B00631

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
    Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#4&6047958&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sectors 312581552 (+254): rootkit-like behavior;

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\System32\drivers\afd.sys suspicious modification; TDL3 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
     
    Cliffhanger,
    #3
  5. 2010/12/08
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    MBRCheck Log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 142):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA4C4000 ACPIEC.sys
    0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xBA0C8000 VolSnap.sys
    0xB9F0B000 atapi.sys
    0xB9E44000 iaStor.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9E24000 fltMgr.sys
    0xBA5AC000 DLACDBHM.SYS
    0xB9E0D000 DRVMCDB.SYS
    0xBA0F8000 PxHelp20.sys
    0xB9DF6000 KSecDD.sys
    0xB9D69000 Ntfs.sys
    0xB9D3C000 NDIS.sys
    0xBA108000 ohci1394.sys
    0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9D22000 Mup.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA2C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB9CE6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xB7CFE000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB7CEA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA3C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB7CC6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB7C9E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB7B63000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xB7B37000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xBA2D8000 \SystemRoot\system32\DRIVERS\o2sd.sys
    0xB7B1F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0xBA2E8000 \SystemRoot\system32\DRIVERS\o2media.sys
    0xB9CE2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xBA2F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA3D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB7AED000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xBA5EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA308000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB7A71000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xBA400000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB83D6000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB83C6000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB83B6000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB756B000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA771000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB83A6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9CBD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB7554000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB8396000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB8386000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA410000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB7543000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB8376000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA418000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA420000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB7513000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB8366000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA5F6000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB74B5000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9CA5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB35DB000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB35CB000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB133C000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB1318000 \SystemRoot\system32\drivers\portcls.sys
    0xB35BB000 \SystemRoot\system32\drivers\drmk.sys
    0xB12F5000 \??\C:\WINDOWS\system32\Drivers\OEM13Afx.sys
    0xB6DD2000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xAD427000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0xBA380000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xBA610000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xAD47B000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA612000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA390000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0xBA398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
    0xBA614000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA616000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA3A8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA3B0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xAE6CD000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAD3F4000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAD39B000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAD33A000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB6AE8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB6AD8000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xB3DC0000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xAD312000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAD2F0000 \SystemRoot\System32\drivers\afd.sys
    0xAD2B6000 \SystemRoot\system32\DRIVERS\OEM13Vid.sys
    0xBA618000 \SystemRoot\system32\DRIVERS\OEM13Vfx.sys
    0xB3DA0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xAD28B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAD21B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB3D90000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAD1FA000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xAE44C000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    0xB6829000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xB3D60000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xAD133000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAD6AF000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB3CDB000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA7AB000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB36CE000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
    0xB3D50000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xBA695000 \SystemRoot\System32\Drivers\DLADResM.SYS
    0xAA75B000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
    0xB36AE000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
    0xB1819000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
    0xB2E7D000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
    0xBA368000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
    0xAA745000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
    0xAA72E000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
    0xBA5A0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAA600000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xAA523000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB2983000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA9E16000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA9294000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA8D03000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA8B05000 \??\C:\DOCUME~1\THECOM~1\LOCALS~1\Temp\agtoapow.sys
    0xA8AE1000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xA8AB6000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 54):
    0 System Idle Process
    4 System
    848 C:\WINDOWS\system32\smss.exe
    920 csrss.exe
    952 C:\WINDOWS\system32\winlogon.exe
    1000 C:\WINDOWS\system32\services.exe
    1012 C:\WINDOWS\system32\lsass.exe
    1208 C:\WINDOWS\system32\svchost.exe
    1280 svchost.exe
    1324 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    1360 C:\WINDOWS\system32\svchost.exe
    1500 svchost.exe
    1576 svchost.exe
    1852 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    1900 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    192 C:\WINDOWS\system32\WLTRYSVC.EXE
    180 C:\WINDOWS\system32\BCMWLTRY.EXE
    448 C:\WINDOWS\system32\spoolsv.exe
    524 C:\WINDOWS\explorer.exe
    896 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    912 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    900 C:\WINDOWS\RTHDCPL.EXE
    140 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    924 C:\WINDOWS\OEM13Mon.exe
    1140 C:\WINDOWS\system32\rundll32.exe
    1016 C:\WINDOWS\system32\rundll32.exe
    1236 C:\Program Files\Microsoft Security Essentials\msseces.exe
    1264 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    1420 C:\Program Files\Dell\QuickSet\quickset.exe
    1468 C:\WINDOWS\system32\WLTRAY.EXE
    1516 C:\WINDOWS\system32\ctfmon.exe
    1524 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1540 C:\Program Files\Messenger\msmsgs.exe
    1452 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    1772 C:\Program Files\History Channel Games\kgsystray\Kuma_tray.exe
    1880 C:\Program Files\Xfire\Xfire.exe
    2096 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    3116 svchost.exe
    3224 C:\WINDOWS\system32\svchost.exe
    3488 C:\Program Files\Java\jre6\bin\jqs.exe
    3672 C:\WINDOWS\system32\nvsvc32.exe
    3820 C:\WINDOWS\system32\drivers\o2flash.exe
    3948 C:\WINDOWS\system32\svchost.exe
    4072 C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    684 C:\PROGRA~1\Raptr\raptr.exe
    1124 C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    2068 C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
    3396 wmiprvse.exe
    3964 alg.exe
    2904 C:\PROGRA~1\Raptr\raptr_im.exe
    3596 C:\WINDOWS\system32\svchost.exe
    2208 MpCmdRun.exe
    1804 wmiprvse.exe
    2852 C:\Documents and Settings\The Computer People\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600BEVT-75ZCT2, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
    SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


    Done!
     
    Cliffhanger,
    #4
  6. 2010/12/08
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    DDS.txt log

    DDS (Ver_10-12-05.01) - NTFSx86
    Run by The Computer People at 10:37:45.07 on Wed 12/08/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1212 [GMT -5:00]

    AV: avast! antivirus 4.8.1368 [VPS 100123-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\WINDOWS\OEM13Mon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\History Channel Games\kgsystray\Kuma_tray.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\DRIVERS\o2flash.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    C:\PROGRA~1\Raptr\raptr.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
    C:\PROGRA~1\Raptr\raptr_im.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\The Computer People\Desktop\Clean\dds.scr

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {DD662A0C-12FE-4B38-BA53-247F7EC82F46} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [Raptr] c:\progra~1\raptr\raptrstub.exe --startup
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [IMC] c:\program files\friendfinder\friendfinder messenger 4\imc.exe
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 - "Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.2.3)_Gecko/20100401__Firefo666600603_[xSP_2:544268_899708057903__(_.NET" - "http://match.xamo.net/html/direct.php?sid=%3B%1CRB%02%1B%13%3DSE%2B%0EZ%3A%15U%16Tv%5EF%03%1D%60QAe%02S%5B%08fj%40%03%1BWXLa%0A%11xRNmB%02XS%3F%3D%1EOZ%3E%0D%15d%06KYT%7C%0D%18%5DR%08%19%12k%12dsF%230%14%5C%05%140P%3Fa%13gOEp%13%00%07Y%01%09J%13D%11TP%7E%0B%1FzHGpZ%7F%0F%00%28%1F%5E%07%03cQD%7F%03TIT%123%03VP%08XWf%04%01xPDjZc%120%13%2FC%0F%06fUF%7D%0BEQMmmA%0B%06RYX%60%01%11hNTw4%7D%3EC%00%3C%23%15%00%7CQZ%7F%06U_ZfkD%01%1F%1B%5C%1Dg%07%004%0E%00-%0A%02EL4%07%06%1BR%3F%00%00.F%17%04%15%209%19%1DU%08%03N%3DW%5C%2A%03%06%2AU_%0B%0E%26%03%5E%0A%40%3B%04I%1A%03%07%5D%1Dm%1E%12zl%00%1F%0D%2A%00%02%2F%29%17k-%09%20%19%0E7%3E%06U%3E%09Qyq6%02%020%1C%27IY%22%3D%19%09Xh9%09%04%08%2Al%0B%14fC5%10%00%16%1DGz%01&game=StripBlackJack "
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
    mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
    StartupFolder: c:\docume~1\thecom~1\startm~1\programs\startup\kuma_t~1.lnk - c:\program files\history channel games\kgsystray\Kuma_tray.exe
    StartupFolder: c:\docume~1\thecom~1\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\thecom~1\applic~1\mozilla\firefox\profiles\j1vz90w5.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: XULRunner: {B0EEDD10-67DB-4B85-A418-B126450F4F2B} - c:\documents and settings\the computer people\local settings\application data\{B0EEDD10-67DB-4B85-A418-B126450F4F2B}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Extension: SC Screen Settings: {D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6} - c:\program files\mozilla firefox\extensions\{D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Extension: XULRunner: {B0EEDD10-67DB-4B85-A418-B126450F4F2B} - c:\documents and settings\the computer people\local settings\application data\{B0EEDD10-67DB-4B85-A418-B126450F4F2B}
    FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\docume~1\thecom~1\applic~1\mozilla\firefox\profiles\j1vz90w5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Extension: Multiple Tab Handler: multipletab@piro.sakura.ne.jp - c:\docume~1\thecom~1\applic~1\mozilla\firefox\profiles\j1vz90w5.default\extensions\multipletab@piro.sakura.ne.jp
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\thecom~1\applic~1\mozilla\firefox\profiles\j1vz90w5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: SC Screen Settings: {D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6} - c:\docume~1\thecom~1\applic~1\mozilla\firefox\profiles\j1vz90w5.default\extensions\{D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-15 114768]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-25 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-15 20560]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
    R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
    R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
    R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-12-10 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-12-10 43608]
    R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2008-12-10 141376]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2008-12-10 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-12-10 235840]
    S1 bvrtscyj;bvrtscyj;\??\c:\windows\system32\drivers\bvrtscyj.sys --> c:\windows\system32\drivers\bvrtscyj.sys [?]
    S1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys --> c:\program files\symantec antivirus\savrt.sys [?]
    S1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\savrtpel.sys --> c:\program files\symantec antivirus\Savrtpel.sys [?]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 avast! Antivirus;avast! Antivirus; "c:\program files\alwil software\avast4\ashserv.exe" --> c:\program files\alwil software\avast4\ashServ.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-2 136176]
    S2 Symantec AntiVirus;Symantec AntiVirus; "c:\program files\symantec antivirus\rtvscan.exe" --> c:\program files\symantec antivirus\Rtvscan.exe [?]
    S3 avast! Mail Scanner;avast! Mail Scanner; "c:\program files\alwil software\avast4\ashmaisv.exe" /service --> c:\program files\alwil software\avast4\ashMaiSv.exe [?]
    S3 avast! Web Scanner;avast! Web Scanner; "c:\program files\alwil software\avast4\ashwebsv.exe" /service --> c:\program files\alwil software\avast4\ashWebSv.exe [?]
    S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20090520.003\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20090520.003\naveng.sys [?]
    S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20090520.003\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20090520.003\navex15.sys [?]
    S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-9-10 50704]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SavRoam;SAVRoam; "c:\program files\symantec antivirus\savroam.exe" --> c:\program files\symantec antivirus\SavRoam.exe [?]
    S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]

    =============== Created Last 30 ================

    2010-12-08 15:28:42 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bbaeb390-a3ef-4d68-9ae9-0d0e9347ba24}\mpengine.dll
    2010-12-08 14:40:39 -------- d-sh--w- c:\documents and settings\the computer people\IECompatCache
    2010-12-08 14:40:19 -------- d-sh--w- c:\documents and settings\the computer people\PrivacIE
    2010-12-08 14:37:03 -------- d-sh--w- c:\documents and settings\the computer people\IETldCache
    2010-12-08 14:34:45 -------- dc-h--w- c:\windows\ie8
    2010-12-08 12:46:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-08 12:46:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-08 12:46:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-07 19:30:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-07 19:30:04 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2010-12-07 19:04:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-07 17:57:59 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-12-07 14:51:19 -------- d-----w- c:\windows\system32\%APPDATA%

    ==================== Find3M ====================

    2010-12-07 17:30:20 0 ----a-w- c:\windows\Dtaroce.bin
    2010-12-07 13:10:47 507904 ----a-w- c:\windows\system32\winlogon.exe
    2010-12-07 13:10:47 1033728 ----a-w- c:\windows\explorer.exe
    2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-12 00:43:45 2838 ----a-w- c:\windows\abiduxotoyeful.dll
    2010-09-12 00:25:39 2838 ----a-w- c:\windows\equyetasoyu.dll
    2010-09-12 00:13:31 2838 ----a-w- c:\windows\onayiqop.dll
    2010-09-11 01:01:22 2838 ----a-w- c:\windows\ivaquvacaxoj.dll
    2010-09-10 22:59:23 2838 ----a-w- c:\windows\okicoden.dll
    2010-09-10 22:27:01 281104 ----a-w- c:\windows\system32\wpcap.dll
    2010-09-10 22:27:01 100880 ----a-w- c:\windows\system32\Packet.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD16 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x88A99EC5]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86c53872; SUB DWORD [EBP-0x4], 0x86c5312e; PUSH EDI; CALL 0xffffffffffffdf33; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A371030]
    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007b[0x8A3749E0]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A382030]
    [0x895FDF38] -> IRP_MJ_CREATE -> 0x88A99EC5
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#4&6047958&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\iaStor DriverStartIo -> 0x88A99AEA
    user & kernel MBR OK
    sectors 312581806 (+255): user != kernel
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 10:39:03.25 ===============
     
    Cliffhanger,
    #5
  7. 2010/12/08
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    DDS Attach.txt Log

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/29/2008 11:26:25 AM
    System Uptime: 12/8/2010 10:09:46 AM (0 hours ago)

    Motherboard: Dell Inc. | | 0F804H
    Processor: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1795/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 100.99 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Akamai NetSession Interface
    Assassin's Creed
    AVSDK5
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Support Center
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card Utility
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ijji - Gunz
    Internet Explorer (Enable DEP)
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 7
    Laptop Integrated Webcam Driver (1.01.01.0529)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes' Anti-Malware
    Mercenaries 2: World in Flames(tm)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Essentials
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.9)
    MSXML 6.0 Parser (KB927977)
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Pando Media Booster
    PowerDVD
    QuickSet
    Raptr
    REACTOR
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Sonic CinePlayer Decoder Pack
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Presentation Foundation
    Xfire (remove only)
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    12/8/2010 10:07:51 AM, error: Service Control Manager [7034] - The vseqrts service terminated unexpectedly. It has done this 1 time(s).
    12/8/2010 10:07:51 AM, error: Service Control Manager [7034] - The vsedsps service terminated unexpectedly. It has done this 1 time(s).
    12/8/2010 10:07:51 AM, error: Service Control Manager [7034] - The vseamps service terminated unexpectedly. It has done this 1 time(s).
    12/8/2010 10:07:51 AM, error: Service Control Manager [7034] - The O2FLASH service terminated unexpectedly. It has done this 1 time(s).
    12/8/2010 10:07:51 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    12/8/2010 10:07:51 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    12/8/2010 10:07:49 AM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).
    12/8/2010 10:07:49 AM, error: Service Control Manager [7034] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s).
    12/8/2010 10:07:49 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
    12/8/2010 10:07:49 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    12/7/2010 8:43:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 APPDRV aswSP Fips intelppm SAVRT SAVRTPEL SBRE SYMTDI
    12/7/2010 8:42:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    12/7/2010 8:42:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/7/2010 7:48:40 AM, error: Service Control Manager [7000] - The Process creation detector. service failed to start due to the following error: The system cannot find the file specified.
    12/7/2010 7:47:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRT SAVRTPEL SBRE SYMTDI
    12/7/2010 7:47:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TCP/IP NetBIOS Helper service to connect.
    12/7/2010 7:47:31 AM, error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/7/2010 7:47:31 AM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The system cannot find the path specified.
    12/7/2010 4:57:55 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2009-3867.MZ&threatid=2147639445 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2009-3867.MZ ID: 2147639445 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.1325.0, AS: 1.95.1325.0 Engine Version: 1.1.6402.0
    12/7/2010 4:57:55 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2009-3867.IF&threatid=2147637227 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2009-3867.IF ID: 2147637227 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.1325.0, AS: 1.95.1325.0 Engine Version: 1.1.6402.0
    12/7/2010 4:57:55 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.RP&threatid=2147639242 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.RP ID: 2147639242 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.1325.0, AS: 1.95.1325.0 Engine Version: 1.1.6402.0
    12/7/2010 4:57:55 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.RN&threatid=2147639240 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.RN ID: 2147639240 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.1325.0, AS: 1.95.1325.0 Engine Version: 1.1.6402.0
    12/7/2010 4:00:11 PM, error: System Error [1003] - Error code 100000d1, parameter1 ba652000, parameter2 00000002, parameter3 00000000, parameter4 b9ea89f5.
    12/7/2010 4:00:06 PM, error: System Error [1003] - Error code 100000d1, parameter1 b20f7000, parameter2 00000002, parameter3 00000000, parameter4 b9ea89f5.
    12/7/2010 3:59:02 PM, error: System Error [1003] - Error code 100000d1, parameter1 b20d1000, parameter2 00000002, parameter3 00000000, parameter4 b9ea89f5.
    12/7/2010 2:20:18 PM, error: System Error [1003] - Error code 100000d1, parameter1 ba5e8000, parameter2 00000002, parameter3 00000000, parameter4 b9ea89f5.
    12/7/2010 2:03:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
    12/7/2010 2:03:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
    12/7/2010 2:03:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
    12/7/2010 2:03:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
    12/7/2010 12:59:09 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    12/7/2010 12:58:49 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    12/7/2010 12:58:49 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
    12/7/2010 12:43:41 PM, error: System Error [1003] - Error code 100000d1, parameter1 ba60a000, parameter2 00000002, parameter3 00000000, parameter4 b9ea89f5.
    12/7/2010 10:22:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/7/2010 1:58:32 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    12/7/2010 1:58:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    12/7/2010 1:53:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 APPDRV aswSP Fips intelppm MpFilter SAVRT SAVRTPEL SBRE SYMTDI
    12/7/2010 1:53:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
    12/7/2010 1:53:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
    12/7/2010 1:53:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
    12/7/2010 1:53:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
    12/7/2010 1:52:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    12/7/2010 1:00:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

    ==== End Of File ===========================
     
    Cliffhanger,
    #6
  8. 2010/12/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #7
  9. 2010/12/09
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    TDSSKiller Log

    It appears to have found and removed a rootkit. Google is behaving correctly and Windows Update started working again after the reboot.

    Log below:

    2010/12/08 11:24:52.0796 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
    2010/12/08 11:24:52.0796 ================================================================================
    2010/12/08 11:24:52.0796 SystemInfo:
    2010/12/08 11:24:52.0796
    2010/12/08 11:24:52.0796 OS Version: 5.1.2600 ServicePack: 3.0
    2010/12/08 11:24:52.0796 Product type: Workstation
    2010/12/08 11:24:52.0796 ComputerName: D32K5JC1
    2010/12/08 11:24:52.0796 UserName: The Computer People
    2010/12/08 11:24:52.0796 Windows directory: C:\WINDOWS
    2010/12/08 11:24:52.0796 System windows directory: C:\WINDOWS
    2010/12/08 11:24:52.0796 Processor architecture: Intel x86
    2010/12/08 11:24:52.0796 Number of processors: 2
    2010/12/08 11:24:52.0796 Page size: 0x1000
    2010/12/08 11:24:52.0796 Boot type: Normal boot
    2010/12/08 11:24:52.0796 ================================================================================
    2010/12/08 11:24:53.0218 Initialize success
    2010/12/08 11:24:55.0750 ================================================================================
    2010/12/08 11:24:55.0750 Scan started
    2010/12/08 11:24:55.0750 Mode: Manual;
    2010/12/08 11:24:55.0750 ================================================================================
    2010/12/08 11:24:56.0203 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2010/12/08 11:24:56.0265 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2010/12/08 11:24:56.0281 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/08 11:24:56.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2010/12/08 11:24:56.0328 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/12/08 11:24:56.0359 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/08 11:24:56.0390 AFD (11477f947a1a5766e6fdd61cd5f3023e) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/08 11:24:56.0390 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 11477f947a1a5766e6fdd61cd5f3023e, Fake md5: 7e775010ef291da96ad17ca4b17137d7
    2010/12/08 11:24:56.0406 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/12/08 11:24:56.0437 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/12/08 11:24:56.0437 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2010/12/08 11:24:56.0453 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2010/12/08 11:24:56.0468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/12/08 11:24:56.0484 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/12/08 11:24:56.0515 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2010/12/08 11:24:56.0546 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2010/12/08 11:24:56.0578 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2010/12/08 11:24:56.0609 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2010/12/08 11:24:56.0656 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    2010/12/08 11:24:56.0703 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    2010/12/08 11:24:56.0750 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/12/08 11:24:56.0765 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2010/12/08 11:24:56.0781 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2010/12/08 11:24:56.0796 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2010/12/08 11:24:56.0843 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
    2010/12/08 11:24:56.0859 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
    2010/12/08 11:24:56.0890 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
    2010/12/08 11:24:56.0921 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
    2010/12/08 11:24:56.0937 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
    2010/12/08 11:24:56.0953 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/08 11:24:57.0000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/08 11:24:57.0031 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/08 11:24:57.0062 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/08 11:24:57.0156 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2010/12/08 11:24:57.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/08 11:24:57.0250 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2010/12/08 11:24:57.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/08 11:24:57.0312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/12/08 11:24:57.0328 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2010/12/08 11:24:57.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/08 11:24:57.0359 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/08 11:24:57.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/08 11:24:57.0437 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/12/08 11:24:57.0453 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2010/12/08 11:24:57.0468 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/12/08 11:24:57.0484 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2010/12/08 11:24:57.0515 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2010/12/08 11:24:57.0515 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2010/12/08 11:24:57.0562 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/08 11:24:57.0593 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
    2010/12/08 11:24:57.0609 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
    2010/12/08 11:24:57.0625 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2010/12/08 11:24:57.0640 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
    2010/12/08 11:24:57.0656 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
    2010/12/08 11:24:57.0671 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
    2010/12/08 11:24:57.0671 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
    2010/12/08 11:24:57.0687 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    2010/12/08 11:24:57.0703 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
    2010/12/08 11:24:57.0718 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
    2010/12/08 11:24:57.0781 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/08 11:24:57.0812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/08 11:24:57.0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/08 11:24:57.0875 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/08 11:24:57.0890 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/12/08 11:24:57.0906 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/08 11:24:57.0921 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2010/12/08 11:24:57.0937 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2010/12/08 11:24:57.0984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/08 11:24:58.0015 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/12/08 11:24:58.0031 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/08 11:24:58.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/12/08 11:24:58.0062 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/12/08 11:24:58.0078 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/08 11:24:58.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/08 11:24:58.0156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/08 11:24:58.0203 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/12/08 11:24:58.0234 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/12/08 11:24:58.0281 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2010/12/08 11:24:58.0328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/08 11:24:58.0343 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/12/08 11:24:58.0375 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2010/12/08 11:24:58.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/08 11:24:58.0453 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
    2010/12/08 11:24:58.0484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/08 11:24:58.0515 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2010/12/08 11:24:58.0687 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/12/08 11:24:58.0734 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/12/08 11:24:58.0765 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/12/08 11:24:58.0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/12/08 11:24:58.0812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/08 11:24:58.0828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/08 11:24:58.0859 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/08 11:24:58.0890 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/08 11:24:58.0906 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/08 11:24:58.0953 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/08 11:24:59.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/08 11:24:59.0015 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/12/08 11:24:59.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/08 11:24:59.0093 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/08 11:24:59.0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/08 11:24:59.0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/08 11:24:59.0187 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/08 11:24:59.0218 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/12/08 11:24:59.0234 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/08 11:24:59.0265 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2010/12/08 11:24:59.0296 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2010/12/08 11:24:59.0312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/08 11:24:59.0343 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/08 11:24:59.0375 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/08 11:24:59.0421 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/08 11:24:59.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/08 11:24:59.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/08 11:24:59.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/08 11:24:59.0515 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/12/08 11:24:59.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/08 11:24:59.0546 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/12/08 11:24:59.0671 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/08 11:24:59.0703 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/12/08 11:24:59.0734 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/08 11:24:59.0750 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/08 11:24:59.0765 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/08 11:24:59.0781 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/08 11:24:59.0796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/08 11:24:59.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/08 11:24:59.0890 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/12/08 11:24:59.0937 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
    2010/12/08 11:24:59.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/08 11:25:00.0000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/08 11:25:00.0031 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/08 11:25:00.0234 nv (c116d2b008a1640c4484a1dcd1abe12c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/12/08 11:25:00.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/08 11:25:00.0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/08 11:25:00.0359 O2MDRDR (305e0ec480ebc7a24d4b691da76e008c) C:\WINDOWS\system32\DRIVERS\o2media.sys
    2010/12/08 11:25:00.0375 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\WINDOWS\system32\DRIVERS\o2sd.sys
    2010/12/08 11:25:00.0406 OEM13Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM13Afx.sys
    2010/12/08 11:25:00.0453 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
    2010/12/08 11:25:00.0500 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
    2010/12/08 11:25:00.0546 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/12/08 11:25:00.0578 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2010/12/08 11:25:00.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/08 11:25:00.0609 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/08 11:25:00.0640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/08 11:25:00.0671 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/08 11:25:00.0687 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/12/08 11:25:00.0765 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2010/12/08 11:25:00.0781 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2010/12/08 11:25:00.0828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/08 11:25:00.0843 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/08 11:25:00.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/08 11:25:00.0890 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/12/08 11:25:00.0906 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2010/12/08 11:25:00.0921 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2010/12/08 11:25:00.0937 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2010/12/08 11:25:00.0953 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2010/12/08 11:25:00.0968 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2010/12/08 11:25:01.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/08 11:25:01.0031 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/08 11:25:01.0046 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/08 11:25:01.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/08 11:25:01.0078 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/08 11:25:01.0109 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/08 11:25:01.0125 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/12/08 11:25:01.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/08 11:25:01.0187 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/08 11:25:01.0250 RTLE8023xp (fab826c3263328983165f09549ea9b13) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2010/12/08 11:25:01.0359 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2010/12/08 11:25:01.0375 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/08 11:25:01.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2010/12/08 11:25:01.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/08 11:25:01.0484 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2010/12/08 11:25:01.0515 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/12/08 11:25:01.0546 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2010/12/08 11:25:01.0609 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2010/12/08 11:25:01.0656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/08 11:25:01.0687 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/08 11:25:01.0734 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/08 11:25:01.0765 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/12/08 11:25:01.0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/08 11:25:01.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/08 11:25:01.0859 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/12/08 11:25:01.0890 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/12/08 11:25:01.0968 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    2010/12/08 11:25:02.0015 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    2010/12/08 11:25:02.0015 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/12/08 11:25:02.0031 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/12/08 11:25:02.0078 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2010/12/08 11:25:02.0109 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/08 11:25:02.0156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/08 11:25:02.0203 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/08 11:25:02.0234 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/08 11:25:02.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/08 11:25:02.0281 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2010/12/08 11:25:02.0312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/08 11:25:02.0328 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2010/12/08 11:25:02.0343 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/12/08 11:25:02.0390 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/12/08 11:25:02.0421 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/12/08 11:25:02.0453 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/08 11:25:02.0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/08 11:25:02.0500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/12/08 11:25:02.0546 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/08 11:25:02.0562 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/12/08 11:25:02.0625 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2010/12/08 11:25:02.0625 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/08 11:25:02.0687 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2010/12/08 11:25:02.0703 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/12/08 11:25:02.0750 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/08 11:25:02.0812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/08 11:25:02.0875 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/12/08 11:25:02.0937 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/08 11:25:03.0015 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2010/12/08 11:25:03.0062 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/12/08 11:25:03.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/12/08 11:25:03.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/12/08 11:25:03.0187 ================================================================================
    2010/12/08 11:25:03.0187 Scan finished
    2010/12/08 11:25:03.0187 ================================================================================
    2010/12/08 11:25:03.0187 Detected object count: 1
    2010/12/08 11:25:15.0937 AFD (11477f947a1a5766e6fdd61cd5f3023e) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/08 11:25:15.0937 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 11477f947a1a5766e6fdd61cd5f3023e, Fake md5: 7e775010ef291da96ad17ca4b17137d7
    2010/12/08 11:25:16.0109 Backup copy found, using it..
    2010/12/08 11:25:16.0125 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot
    2010/12/08 11:25:16.0125 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure
    2010/12/08 11:25:18.0656 Deinitialize success
     
    Cliffhanger,
    #8
  10. 2010/12/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #9
  11. 2010/12/09
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    ComboFix Log Part 1

    ComboFix 10-12-08.04 - The Computer People 12/09/2010 20:28:39.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1400 [GMT -5:00]
    Running from: c:\documents and settings\The Computer People\Desktop\Clean\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 100123-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\The Computer People\.COMMgr
    c:\documents and settings\The Computer People\Local Settings\Application Data\{B0EEDD10-67DB-4B85-A418-B126450F4F2B}
    c:\documents and settings\The Computer People\Local Settings\Application Data\{B0EEDD10-67DB-4B85-A418-B126450F4F2B}\chrome.manifest
    c:\documents and settings\The Computer People\Local Settings\Application Data\{B0EEDD10-67DB-4B85-A418-B126450F4F2B}\chrome\content\_cfg.js
    c:\documents and settings\The Computer People\Local Settings\Application Data\{B0EEDD10-67DB-4B85-A418-B126450F4F2B}\chrome\content\overlay.xul
    c:\documents and settings\The Computer People\Local Settings\Application Data\{B0EEDD10-67DB-4B85-A418-B126450F4F2B}\install.rdf
    c:\documents and settings\The Computer People\Recent\ANTIGEN.dll
    c:\documents and settings\The Computer People\Recent\ANTIGEN.tmp
    c:\documents and settings\The Computer People\Recent\cb.dll
    c:\documents and settings\The Computer People\Recent\cb.drv
    c:\documents and settings\The Computer People\Recent\cb.sys
    c:\documents and settings\The Computer People\Recent\cb.tmp
    c:\documents and settings\The Computer People\Recent\cid.exe
    c:\documents and settings\The Computer People\Recent\cid.tmp
    c:\documents and settings\The Computer People\Recent\CLSV.dll
    c:\documents and settings\The Computer People\Recent\CLSV.drv
    c:\documents and settings\The Computer People\Recent\CLSV.exe
    c:\documents and settings\The Computer People\Recent\CLSV.sys
    c:\documents and settings\The Computer People\Recent\CLSV.tmp
    c:\documents and settings\The Computer People\Recent\DBOLE.dll
    c:\documents and settings\The Computer People\Recent\DBOLE.drv
    c:\documents and settings\The Computer People\Recent\DBOLE.sys
    c:\documents and settings\The Computer People\Recent\DBOLE.tmp
    c:\documents and settings\The Computer People\Recent\ddv.drv
    c:\documents and settings\The Computer People\Recent\ddv.tmp
    c:\documents and settings\The Computer People\Recent\delfile.sys
    c:\documents and settings\The Computer People\Recent\dudl.dll
    c:\documents and settings\The Computer People\Recent\dudl.drv
    c:\documents and settings\The Computer People\Recent\dudl.tmp
    c:\documents and settings\The Computer People\Recent\eb.drv
    c:\documents and settings\The Computer People\Recent\eb.sys
    c:\documents and settings\The Computer People\Recent\eb.tmp
    c:\documents and settings\The Computer People\Recent\energy.dll
    c:\documents and settings\The Computer People\Recent\energy.drv
    c:\documents and settings\The Computer People\Recent\energy.exe
    c:\documents and settings\The Computer People\Recent\energy.sys
    c:\documents and settings\The Computer People\Recent\energy.tmp
    c:\documents and settings\The Computer People\Recent\exec.drv
    c:\documents and settings\The Computer People\Recent\exec.exe
    c:\documents and settings\The Computer People\Recent\exec.sys
    c:\documents and settings\The Computer People\Recent\exec.tmp
    c:\documents and settings\The Computer People\Recent\fan.dll
    c:\documents and settings\The Computer People\Recent\fan.drv
    c:\documents and settings\The Computer People\Recent\fan.sys
    c:\documents and settings\The Computer People\Recent\fix.sys
    c:\documents and settings\The Computer People\Recent\FS.dll
    c:\documents and settings\The Computer People\Recent\FS.drv
    c:\documents and settings\The Computer People\Recent\FS.tmp
    c:\documents and settings\The Computer People\Recent\FW.drv
    c:\documents and settings\The Computer People\Recent\FW.exe
    c:\documents and settings\The Computer People\Recent\gid.dll
    c:\documents and settings\The Computer People\Recent\gid.sys
    c:\documents and settings\The Computer People\Recent\gid.tmp
    c:\documents and settings\The Computer People\Recent\grid.dll
    c:\documents and settings\The Computer People\Recent\grid.sys
    c:\documents and settings\The Computer People\Recent\grid.tmp
    c:\documents and settings\The Computer People\Recent\hymt.drv
    c:\documents and settings\The Computer People\Recent\hymt.exe
    c:\documents and settings\The Computer People\Recent\hymt.sys
    c:\documents and settings\The Computer People\Recent\hymt.tmp
    c:\documents and settings\The Computer People\Recent\kernel32.dll
    c:\documents and settings\The Computer People\Recent\kernel32.drv
    c:\documents and settings\The Computer People\Recent\kernel32.exe
    c:\documents and settings\The Computer People\Recent\kernel32.sys
    c:\documents and settings\The Computer People\Recent\kernel32.tmp
    c:\documents and settings\The Computer People\Recent\pal.dll
    c:\documents and settings\The Computer People\Recent\pal.exe
    c:\documents and settings\The Computer People\Recent\pal.sys
    c:\documents and settings\The Computer People\Recent\PE.dll
    c:\documents and settings\The Computer People\Recent\PE.drv
    c:\documents and settings\The Computer People\Recent\PE.exe
    c:\documents and settings\The Computer People\Recent\PE.sys
    c:\documents and settings\The Computer People\Recent\PE.tmp
    c:\documents and settings\The Computer People\Recent\ppal.dll
    c:\documents and settings\The Computer People\Recent\ppal.exe
    c:\documents and settings\The Computer People\Recent\ppal.sys
    c:\documents and settings\The Computer People\Recent\runddl.dll
    c:\documents and settings\The Computer People\Recent\runddl.tmp
    c:\documents and settings\The Computer People\Recent\runddlkey.drv
    c:\documents and settings\The Computer People\Recent\runddlkey.sys
    c:\documents and settings\The Computer People\Recent\runddlkey.tmp
    c:\documents and settings\The Computer People\Recent\SICKBOY.dll
    c:\documents and settings\The Computer People\Recent\SICKBOY.tmp
    c:\documents and settings\The Computer People\Recent\sld.drv
    c:\documents and settings\The Computer People\Recent\sld.exe
    c:\documents and settings\The Computer People\Recent\sld.sys
    c:\documents and settings\The Computer People\Recent\sld.tmp
    c:\documents and settings\The Computer People\Recent\SM.dll
    c:\documents and settings\The Computer People\Recent\SM.drv
    c:\documents and settings\The Computer People\Recent\SM.exe
    c:\documents and settings\The Computer People\Recent\SM.sys
    c:\documents and settings\The Computer People\Recent\SM.tmp
    c:\documents and settings\The Computer People\Recent\snl2w.drv
    c:\documents and settings\The Computer People\Recent\snl2w.sys
    c:\documents and settings\The Computer People\Recent\snl2w.tmp
    c:\documents and settings\The Computer People\Recent\std.drv
    c:\documents and settings\The Computer People\Recent\std.exe
    c:\documents and settings\The Computer People\Recent\tempdoc.drv
    c:\documents and settings\The Computer People\Recent\tempdoc.exe
    c:\documents and settings\The Computer People\Recent\tempdoc.tmp
    c:\documents and settings\The Computer People\Recent\tjd.drv
    c:\documents and settings\The Computer People\Recent\tjd.exe
    c:\documents and settings\The Computer People\Recent\tjd.sys
    c:\documents and settings\The Computer People\Recent\tjd.tmp
    c:\program files\ScreensCorner\Common\msUDt.dll
    c:\windows\abiduxotoyeful.dll
    c:\windows\equyetasoyu.dll
    c:\windows\ivaquvacaxoj.dll
    c:\windows\okicoden.dll
    c:\windows\onayiqop.dll
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\service
    c:\windows\system32\service\01062010_TIS17_SfFniAU.log
    c:\windows\system32\service\10062010_TIS17_SfFniAU.log
    c:\windows\system32\service\11062010_TIS17_SfFniAU.log
    c:\windows\system32\service\17062010_TIS17_SfFniAU.log
    c:\windows\system32\service\20062010_TIS17_SfFniAU.log
    c:\windows\system32\service\24052010_TIS17_SfFniAU.log
    c:\windows\system32\service\26052010_TIS17_SfFniAU.log
    c:\windows\system32\service\26062010_TIS17_SfFniAU.log
    c:\windows\system32\service\27052010_TIS17_SfFniAU.log
    c:\windows\system32\service\28052010_TIS17_SfFniAU.log
    c:\windows\system32\wpcap.dll

    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\winlogon.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\explorer.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4
    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
    .

    2010-12-09 17:51 . 2010-11-16 17:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A2F91FC-593B-4D8D-BB91-865E705E1F72}\mpengine.dll
    2010-12-08 17:32 . 2010-11-16 17:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-08 17:27 . 2010-12-08 17:27 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-12-08 17:27 . 2010-12-08 17:27 -------- d-----w- c:\windows\system32\winrm
    2010-12-08 17:27 . 2010-12-08 17:27 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2010-12-08 17:25 . 2010-12-08 17:25 -------- d-----w- c:\program files\Common Files\Windows Live
    2010-12-08 17:24 . 2010-12-08 17:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-12-08 17:24 . 2010-12-08 17:27 -------- d-----w- c:\program files\Windows Desktop Search
    2010-12-08 17:24 . 2010-12-08 17:24 -------- d-----w- c:\windows\system32\GroupPolicy
    2010-12-08 17:23 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2010-12-08 17:23 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2010-12-08 17:23 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2010-12-08 16:37 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-12-08 16:33 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
    2010-12-08 16:33 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-12-08 16:33 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-12-08 16:32 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-12-08 16:32 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-12-08 16:32 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-12-08 16:32 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-12-08 14:40 . 2010-12-08 14:40 -------- d-sh--w- c:\documents and settings\The Computer People\IECompatCache
    2010-12-08 14:40 . 2010-12-08 14:40 -------- d-sh--w- c:\documents and settings\The Computer People\PrivacIE
    2010-12-08 14:37 . 2010-12-08 14:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-12-08 14:37 . 2010-12-08 14:37 -------- d-sh--w- c:\documents and settings\The Computer People\IETldCache
    2010-12-08 14:34 . 2010-12-08 14:35 -------- dc-h--w- c:\windows\ie8
    2010-12-08 12:46 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-08 12:46 . 2010-12-08 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-08 12:46 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-07 19:32 . 2010-12-07 19:32 -------- d-----w- c:\program files\Common Files\Adobe
    2010-12-07 19:30 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-07 19:30 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-07 19:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-07 19:04 . 2010-12-07 19:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
    2010-12-07 17:57 . 2010-12-07 17:58 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-12-07 14:51 . 2010-12-07 14:51 -------- d-----w- c:\windows\system32\%APPDATA%
    2010-12-07 12:55 . 2010-12-07 21:09 -------- d-----w- c:\program files\Windows Live Safety Center

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-08 16:26 . 2008-04-25 16:16 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2010-09-18 17:23 . 2008-04-25 16:16 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2008-04-25 16:16 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2008-04-25 16:16 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2008-04-25 16:16 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-15 07:29 . 2008-12-10 23:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-12-16_19.46.35 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-10 01:15 . 2010-12-10 01:15 16384 c:\windows\Temp\Perflib_Perfdata_f0c.dat
    + 2010-12-10 01:15 . 2010-12-10 01:15 16384 c:\windows\Temp\Perflib_Perfdata_e28.dat
    + 2010-12-10 01:33 . 2010-12-10 01:33 16384 c:\windows\Temp\Perflib_Perfdata_adc.dat
    + 2010-12-10 01:33 . 2010-12-10 01:33 16384 c:\windows\Temp\Perflib_Perfdata_974.dat
    + 2008-05-27 03:18 . 2008-05-27 03:18 56320 c:\windows\system32\xmlfilter.dll
    + 2010-07-09 19:04 . 2010-07-09 19:04 41872 c:\windows\system32\xfcodec.dll
    + 2010-06-05 02:57 . 2010-02-04 14:01 74072 c:\windows\system32\XAPOFX1_4.dll
    + 2010-06-05 02:57 . 2009-09-04 21:44 69464 c:\windows\system32\XAPOFX1_3.dll
    + 2010-06-05 02:56 . 2008-10-27 14:04 70992 c:\windows\system32\XAPOFX1_2.dll
    + 2010-06-05 02:56 . 2008-07-31 14:41 68616 c:\windows\system32\XAPOFX1_1.dll
    + 2010-06-05 02:56 . 2008-05-30 18:17 65032 c:\windows\system32\XAPOFX1_0.dll
    + 2010-06-05 02:57 . 2010-02-04 14:01 22360 c:\windows\system32\X3DAudio1_7.dll
    + 2010-06-05 02:56 . 2009-03-16 18:18 22360 c:\windows\system32\X3DAudio1_6.dll
    + 2010-06-05 02:56 . 2008-10-27 14:04 23376 c:\windows\system32\X3DAudio1_5.dll
    + 2010-06-05 02:56 . 2008-05-30 18:17 25608 c:\windows\system32\X3DAudio1_4.dll
    + 2010-06-05 02:56 . 2008-03-05 20:00 25608 c:\windows\system32\X3DAudio1_3.dll
    + 2009-10-09 19:56 . 2009-10-09 19:56 14848 c:\windows\system32\wsmprovhost.exe
    + 2009-10-09 19:56 . 2009-10-09 19:56 12288 c:\windows\system32\wsmplpxy.dll
    + 2009-10-09 19:56 . 2009-10-09 19:56 12288 c:\windows\system32\winrssrv.dll
    + 2009-10-09 19:56 . 2009-10-09 19:56 22528 c:\windows\system32\winrshost.exe
    + 2009-10-09 21:22 . 2009-10-09 21:22 69632 c:\windows\system32\winrs.exe
    + 2009-10-09 19:56 . 2009-10-09 19:56 25088 c:\windows\system32\winrmprov.dll
    + 2010-12-07 19:02 . 2009-10-09 19:56 24064 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
    + 2008-05-27 03:19 . 2008-05-27 03:19 97792 c:\windows\system32\UncCplExt.dll
    - 2008-04-25 16:16 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
    + 2008-04-25 16:16 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
    + 2008-05-27 02:59 . 2008-05-27 02:59 18904 c:\windows\system32\structuredqueryschematrivial.bin
    + 2008-04-25 16:16 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
    + 2008-04-25 21:38 . 2009-05-12 20:12 26144 c:\windows\system32\spupdsvc.exe
    + 2008-04-25 16:16 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
    + 2009-04-25 06:48 . 2009-05-12 20:12 16928 c:\windows\system32\spmsg.dll
    + 2008-05-27 03:17 . 2008-05-27 03:17 87552 c:\windows\system32\searchfilterhost.exe
    + 2009-03-03 17:18 . 2010-01-12 10:35 80416 c:\windows\system32\RtNicProp32.dll
    + 2008-05-27 03:18 . 2008-05-27 03:18 38400 c:\windows\system32\rtffilt.dll
    + 2010-12-08 17:28 . 2009-05-26 16:30 73728 c:\windows\system32\ReinstallBackups\0021\DriverFiles\RTNUninst32.dll
    + 2010-12-08 17:28 . 2009-03-03 17:18 73728 c:\windows\system32\ReinstallBackups\0021\DriverFiles\RtNicProp32.dll
    + 2009-10-09 21:22 . 2009-10-09 21:22 42496 c:\windows\system32\pwrshplugin.dll
    + 2008-05-27 03:18 . 2008-05-27 03:18 71680 c:\windows\system32\propdefs.dll
    + 2010-03-31 04:16 . 2010-03-31 04:16 99176 c:\windows\system32\PresentationHostProxy.dll
    + 2008-04-25 16:16 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll
    + 2008-04-25 16:16 . 2010-12-08 17:50 87202 c:\windows\system32\perfc009.dat
    + 2008-05-27 03:19 . 2008-05-27 03:19 11264 c:\windows\system32\oephRes.dll
    + 2008-12-10 23:12 . 2010-12-08 13:49 58817 c:\windows\system32\nvModes.dat
    - 2008-12-10 23:12 . 2009-05-18 20:52 58817 c:\windows\system32\nvModes.dat
    + 2006-06-29 13:05 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
    - 2006-06-29 13:05 . 2006-06-29 13:05 23552 c:\windows\system32\normaliz.dll
    - 2006-06-28 22:59 . 2006-06-28 22:59 24576 c:\windows\system32\nlsdl.dll
    + 2006-06-28 22:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
    - 2008-04-25 16:16 . 2008-04-14 12:00 98304 c:\windows\system32\nlhtml.dll
    + 2008-04-25 16:16 . 2008-03-07 17:02 98304 c:\windows\system32\nlhtml.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 49488 c:\windows\system32\netfxperf.dll
    + 2009-11-06 02:17 . 2009-11-06 02:17 11600 c:\windows\system32\mui\0409\mscorees.dll
    + 2008-04-14 05:42 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
    + 2008-04-25 16:16 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
    + 2008-05-27 03:18 . 2008-05-27 03:18 44032 c:\windows\system32\msstrc.dll
    + 2008-05-27 03:17 . 2008-05-27 03:17 32768 c:\windows\system32\mssprxy.dll
    + 2008-05-27 03:17 . 2008-05-27 03:17 87552 c:\windows\system32\mssitlb.dll
    + 2008-05-27 03:17 . 2008-05-27 03:17 11776 c:\windows\system32\msshooks.dll
    + 2008-05-27 03:17 . 2008-05-27 03:17 60416 c:\windows\system32\msscntrs.dll
    + 2008-05-27 03:17 . 2008-05-27 03:17 34816 c:\windows\system32\msscb.dll
    - 2008-04-25 16:16 . 2008-04-14 12:00 11264 c:\windows\system32\msrle32.dll
    + 2008-04-25 16:16 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
    - 2008-04-25 16:16 . 2007-08-13 23:01 48128 c:\windows\system32\mshtmler.dll
    + 2008-04-25 16:16 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
    + 2008-04-25 16:16 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
    + 2008-04-25 16:16 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
    - 2008-04-25 16:16 . 2007-08-13 23:32 45568 c:\windows\system32\mshta.exe
    + 2007-08-13 23:36 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
    + 2007-08-13 23:54 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
    - 2008-04-25 16:16 . 2008-04-14 12:00 29696 c:\windows\system32\mimefilt.dll
    + 2008-04-25 16:16 . 2008-03-07 17:02 29696 c:\windows\system32\mimefilt.dll
    + 2010-04-29 10:11 . 2010-04-29 10:11 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
    + 2010-04-29 10:11 . 2010-04-29 10:11 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll
    + 2010-04-29 10:11 . 2010-04-29 10:11 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
    + 2010-04-29 10:10 . 2010-04-29 10:10 79488 c:\windows\system32\Macromed\Shockwave 10\gtapi.dll
    + 2010-04-29 10:11 . 2010-04-29 10:11 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
    + 2010-04-29 10:10 . 2010-04-29 10:10 49152 c:\windows\system32\Macromed\Shockwave 10\BCInstallPinger.dll
    + 2008-04-25 16:16 . 2010-09-10 05:58 43520 c:\windows\system32\licmgr10.dll
    + 2008-04-25 16:16 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
    + 2008-04-14 05:41 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
    + 2008-04-25 16:16 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll
    + 2008-04-25 16:16 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll
    + 2010-08-15 19:45 . 2010-03-24 20:56 62048 c:\windows\system32\ijjiProcessRestarter.exe
    + 2007-08-13 23:39 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
    + 2008-04-25 16:16 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll
    + 2008-04-25 16:16 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll
    - 2006-06-29 13:05 . 2006-06-29 13:05 26112 c:\windows\system32\idndl.dll
    + 2006-06-29 13:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
    + 2008-04-25 16:16 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
    - 2008-04-25 16:16 . 2008-04-14 12:00 80384 c:\windows\system32\iccvid.dll
    + 2007-08-13 23:36 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
    - 2008-04-25 16:16 . 2009-07-29 04:37 81920 c:\windows\system32\fontsub.dll
    + 2008-04-25 16:16 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 70472 c:\windows\system32\dxva2.dll
    + 2010-06-20 18:32 . 2008-04-14 04:15 60032 c:\windows\system32\drivers\USBAUDIO.sys
    + 2010-06-27 23:48 . 2010-06-27 23:47 96200 c:\windows\system32\drivers\CDAVFS.sys
    + 2010-06-20 18:32 . 2008-04-14 04:15 60032 c:\windows\system32\dllcache\usbaudio.sys
    + 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
    + 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
    + 2007-08-13 23:36 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
    + 2008-04-14 05:42 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
    - 2007-08-13 23:01 . 2007-08-13 23:01 48128 c:\windows\system32\dllcache\mshtmler.dll
    + 2007-08-13 23:01 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
    + 2007-08-13 23:54 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2007-08-13 23:32 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
    - 2007-08-13 23:32 . 2007-08-13 23:32 45568 c:\windows\system32\dllcache\mshta.exe
    + 2009-01-07 21:08 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2007-08-13 23:44 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2007-08-13 23:54 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2008-04-14 05:41 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
    + 2007-08-13 23:39 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
    + 2007-08-13 23:36 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
    - 2009-01-07 21:08 . 2009-10-28 14:36 13824 c:\windows\system32\dllcache\ieudinit.exe
    + 2009-01-07 21:08 . 2010-06-23 12:06 13824 c:\windows\system32\dllcache\ieudinit.exe
    + 2007-08-13 23:39 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
    + 2007-08-13 23:39 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
    + 2009-01-07 21:08 . 2009-03-08 09:31 59904 c:\windows\system32\dllcache\icardie.dll
    + 2007-08-13 23:18 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
    + 2009-07-29 04:37 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
    - 2009-07-29 04:37 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
    + 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2007-08-13 23:42 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
    + 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
    - 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
    + 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
    + 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
    + 2007-08-13 23:39 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
    + 2008-04-25 16:16 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
    + 2008-04-25 16:16 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll
    + 2008-12-29 16:06 . 2010-09-10 22:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-12-29 16:06 . 2008-12-29 19:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-12-29 16:06 . 2008-12-29 19:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2010-09-10 22:26 . 2010-09-10 22:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-04-25 16:16 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
    - 2008-04-25 16:16 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
    + 2008-04-25 16:16 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
    + 2008-04-25 16:16 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
    + 2008-04-25 16:16 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
    + 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
    + 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
    + 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
    + 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    - 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2010-09-22 14:43 . 2010-09-22 14:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2010-09-23 20:55 . 2010-09-23 20:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    - 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2010-09-23 07:26 . 2010-09-23 07:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2010-09-23 07:26 . 2010-09-23 07:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2010-09-23 07:26 . 2010-09-23 07:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2010-09-23 08:17 . 2010-09-23 08:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2003-03-05 16:57 . 2003-03-05 16:57 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2010-09-23 08:17 . 2010-09-23 08:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
     
    Cliffhanger,
    #10
  12. 2010/12/09
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    ComboFix Log Part 2

    + 2010-12-08 17:30 . 2010-12-08 17:30 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 24576 c:\windows\Installer\nlsdl.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 57856 c:\windows\Installer\mfcm80u.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 69632 c:\windows\Installer\mfcm80.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 96256 c:\windows\Installer\atl80.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 38400 c:\windows\Installer\62bb9.msi
    + 2010-12-08 18:28 . 2010-12-08 18:28 21504 c:\windows\Installer\26ffa8.msi
    + 2009-01-07 21:39 . 2010-12-08 16:45 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    - 2009-01-07 21:39 . 2009-12-15 23:01 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    - 2009-01-07 21:39 . 2009-12-15 23:01 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    + 2009-01-07 21:39 . 2010-12-08 16:45 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    - 2009-01-07 21:39 . 2009-12-15 23:01 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    + 2009-01-07 21:39 . 2010-12-08 16:45 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    + 2010-12-08 17:28 . 2010-12-08 17:28 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2008-10-25 13:18 . 2008-10-25 13:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL
    + 2008-10-25 13:18 . 2008-10-25 13:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
    + 2010-12-08 16:39 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
    + 2010-12-08 16:39 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
    + 2010-12-08 16:39 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
    + 2010-12-08 16:39 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
    + 2010-12-08 16:39 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
    + 2010-12-08 14:34 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 44544 c:\windows\ie8\pngfilt.dll
    + 2010-12-08 14:34 . 2007-08-13 23:01 48128 c:\windows\ie8\mshtmler.dll
    + 2010-12-08 14:34 . 2007-08-13 23:32 45568 c:\windows\ie8\mshta.exe
    + 2010-12-08 14:34 . 2007-08-13 23:36 12288 c:\windows\ie8\msfeedssync.exe
    + 2010-12-08 14:34 . 2010-06-24 12:15 52224 c:\windows\ie8\msfeedsbs.dll
    + 2010-12-08 14:34 . 2007-08-13 23:44 40960 c:\windows\ie8\licmgr10.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 27648 c:\windows\ie8\jsproxy.dll
    + 2010-12-08 14:34 . 2007-08-13 23:39 92672 c:\windows\ie8\inseng.dll
    + 2010-12-08 14:34 . 2007-08-13 23:36 36352 c:\windows\ie8\imgutil.dll
    + 2010-12-08 14:34 . 2007-08-13 23:39 55296 c:\windows\ie8\iesetup.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 44544 c:\windows\ie8\iernonce.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 78336 c:\windows\ie8\ieencode.dll
    + 2010-12-08 14:34 . 2010-06-23 12:06 70656 c:\windows\ie8\ie4uinit.exe
    + 2010-12-08 14:34 . 2010-06-24 12:15 63488 c:\windows\ie8\icardie.dll
    + 2010-12-08 14:34 . 2007-08-13 23:18 60416 c:\windows\ie8\hmmapi.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 17408 c:\windows\ie8\corpol.dll
    + 2010-12-08 14:34 . 2007-08-13 23:39 71680 c:\windows\ie8\admparse.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
    + 2010-06-08 20:12 . 2010-03-10 13:18 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
    + 2010-06-08 20:12 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
    + 2010-06-08 20:12 . 2010-03-10 13:18 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
    + 2010-06-08 20:12 . 2010-03-11 12:38 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 44544 c:\windows\ie7updates\KB980182-IE7\pngfilt.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 52224 c:\windows\ie7updates\KB980182-IE7\msfeedsbs.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 27648 c:\windows\ie7updates\KB980182-IE7\jsproxy.dll
    + 2010-05-13 04:31 . 2009-12-31 15:33 13824 c:\windows\ie7updates\KB980182-IE7\ieudinit.exe
    + 2010-05-13 04:31 . 2010-01-05 10:00 44544 c:\windows\ie7updates\KB980182-IE7\iernonce.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 78336 c:\windows\ie7updates\KB980182-IE7\ieencode.dll
    + 2010-05-13 04:31 . 2009-12-31 15:33 70656 c:\windows\ie7updates\KB980182-IE7\ie4uinit.exe
    + 2010-05-13 04:31 . 2010-01-05 10:00 63488 c:\windows\ie7updates\KB980182-IE7\icardie.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 17408 c:\windows\ie7updates\KB980182-IE7\corpol.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
    + 2010-01-21 20:00 . 2009-10-28 14:36 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
    + 2010-01-21 20:00 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
    + 2010-01-21 20:00 . 2009-10-28 14:36 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
    + 2010-01-21 20:00 . 2009-10-29 07:46 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2183461-IE7\pngfilt.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 52224 c:\windows\ie7updates\KB2183461-IE7\msfeedsbs.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 27648 c:\windows\ie7updates\KB2183461-IE7\jsproxy.dll
    + 2010-08-11 14:56 . 2010-05-04 12:39 13824 c:\windows\ie7updates\KB2183461-IE7\ieudinit.exe
    + 2010-08-11 14:56 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2183461-IE7\iernonce.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 78336 c:\windows\ie7updates\KB2183461-IE7\ieencode.dll
    + 2010-08-11 14:56 . 2010-05-04 12:39 70656 c:\windows\ie7updates\KB2183461-IE7\ie4uinit.exe
    + 2010-08-11 14:56 . 2010-05-04 17:20 63488 c:\windows\ie7updates\KB2183461-IE7\icardie.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 17408 c:\windows\ie7updates\KB2183461-IE7\corpol.dll
    + 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_474bf2fc\System.Drawing.Design.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3b79fc47\CustomMarshalers.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
    + 2010-12-08 17:35 . 2010-12-08 17:35 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\5c87f21925d5a61059ee68cef72841f4\System.AddIn.Contract.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\552a460a8bcf608aecc6418db0d40216\Microsoft.VisualC.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\Accessibility.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
    + 2010-08-11 15:17 . 2010-08-11 15:17 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
    + 2010-08-11 14:56 . 2010-08-11 14:56 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
    + 2010-12-08 17:32 . 2010-12-08 17:32 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\34fe99136a2a52306499615d9d0d0e74\Microsoft.WSMan.Runtime.ni.dll
    + 2010-08-11 15:17 . 2010-08-11 15:17 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
    + 2010-08-11 14:56 . 2010-08-11 14:56 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
    + 2010-12-08 17:28 . 2010-12-08 17:28 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\86190801f195b014ec18234ad4816432\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
    + 2010-08-11 14:57 . 2010-08-11 14:57 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2010-06-08 20:18 . 2010-06-08 20:18 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    - 2009-12-15 22:28 . 2009-12-15 22:28 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.resources.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.resources.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.resources.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-08-11 14:51 . 2008-04-14 12:00 80384 c:\windows\$NtUninstallKB982665$\iccvid.dll
    + 2010-05-26 19:29 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
    + 2010-05-26 19:29 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
    + 2010-06-08 20:18 . 2008-04-14 12:00 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
    + 2010-05-13 04:31 . 2008-04-14 12:00 84480 c:\windows\$NtUninstallKB979309$\cabview.dll
    + 2010-03-06 17:00 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
    + 2010-03-06 17:00 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
    + 2010-03-06 17:00 . 2008-04-14 12:00 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll
    + 2010-03-06 17:00 . 2008-04-14 12:00 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll
    + 2010-03-06 17:00 . 2008-04-14 12:00 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll
    + 2010-03-06 17:00 . 2008-04-14 17:41 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll
    + 2010-03-06 17:00 . 2009-06-10 14:13 84992 c:\windows\$NtUninstallKB977914$\avifil32.dll
    + 2010-03-06 17:00 . 2008-04-14 17:42 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll
    + 2010-01-13 18:58 . 2009-07-29 04:37 81920 c:\windows\$NtUninstallKB972270$\fontsub.dll
    + 2010-08-11 14:51 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll
    + 2010-08-11 14:51 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982665\spmsg.dll
    + 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll
    + 2010-06-08 20:12 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB982381-IE7\update\spcustom.dll
    + 2010-06-08 20:12 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB982381-IE7\spmsg.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\pngfilt.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 52224 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeedsbs.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 27648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\jsproxy.dll
    + 2010-05-04 13:19 . 2010-05-04 13:19 13824 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieudinit.exe
    + 2010-05-04 17:20 . 2010-05-04 17:20 44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iernonce.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 78336 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieencode.dll
    + 2010-05-04 13:19 . 2010-05-04 13:19 70656 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ie4uinit.exe
    + 2010-05-04 17:20 . 2010-05-04 17:20 63488 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\icardie.dll
    + 2010-05-04 17:19 . 2010-05-04 17:19 17408 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\corpol.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982214\update\spcustom.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982214\spmsg.dll
    + 2010-08-11 14:52 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981997\update\spcustom.dll
    + 2010-08-11 14:52 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981997\spmsg.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981852\update\spcustom.dll
    + 2010-08-10 22:05 . 2010-06-18 06:28 16896 c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981852\spmsg.dll
    + 2010-05-13 04:33 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981349\update\spcustom.dll
    + 2010-05-13 04:33 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981349\spmsg.dll
    + 2010-08-11 14:53 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll
    + 2010-08-11 14:53 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980436\spmsg.dll
    + 2010-05-13 04:33 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll
    + 2010-05-13 04:33 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB980232\spmsg.dll
    + 2010-06-08 20:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
    + 2010-06-08 20:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980218\spmsg.dll
    + 2010-06-08 20:22 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
    + 2010-06-08 20:22 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB980195\spmsg.dll
    + 2010-05-13 04:31 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980182-IE7\update\spcustom.dll
    + 2010-05-13 04:31 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980182-IE7\spmsg.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 44544 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\pngfilt.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 52224 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\msfeedsbs.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 27648 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\jsproxy.dll
    + 2010-03-10 14:05 . 2010-03-10 14:05 13824 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieudinit.exe
    + 2010-03-11 11:49 . 2010-03-11 11:49 44544 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iernonce.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 78336 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieencode.dll
    + 2010-03-10 14:05 . 2010-03-10 14:05 70656 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ie4uinit.exe
    + 2010-03-11 11:49 . 2010-03-11 11:49 63488 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\icardie.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 17408 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\corpol.dll
    + 2010-05-13 04:33 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll
    + 2010-05-13 03:38 . 2010-03-05 14:54 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
    + 2010-05-13 04:33 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979683\spmsg.dll
    + 2010-06-08 20:20 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
    + 2010-06-08 20:20 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979559\spmsg.dll
    + 2010-06-08 20:18 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
    + 2010-06-08 20:18 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979482\spmsg.dll
    + 2010-03-05 14:52 . 2010-03-05 14:52 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
    + 2010-05-13 04:31 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
    + 2010-05-13 04:31 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll
    + 2010-01-13 13:48 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978706\spmsg.dll
    + 2010-05-13 04:32 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
    + 2010-05-13 04:32 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978262\update\spcustom.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978262\spmsg.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978251\update\spcustom.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978251\spmsg.dll
    + 2010-01-21 20:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978207-IE7\update\spcustom.dll
    + 2010-01-21 20:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978207-IE7\spmsg.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 44544 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\pngfilt.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 52224 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msfeedsbs.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 27648 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\jsproxy.dll
    + 2010-01-01 06:55 . 2010-01-01 06:55 13824 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieudinit.exe
    + 2010-01-05 09:57 . 2010-01-05 09:57 44544 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iernonce.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 78336 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieencode.dll
    + 2010-01-01 06:55 . 2010-01-01 06:55 70656 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ie4uinit.exe
    + 2010-01-05 09:57 . 2010-01-05 09:57 63488 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\icardie.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 17408 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\corpol.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978037\spmsg.dll
    + 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977914\spmsg.dll
    + 2009-11-27 16:28 . 2009-11-27 16:28 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll
    + 2009-11-27 16:28 . 2009-11-27 16:28 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll
    + 2009-11-27 16:28 . 2009-11-27 16:28 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll
    + 2009-11-27 16:28 . 2009-11-27 16:28 84992 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975713\spmsg.dll
    + 2010-06-08 20:18 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
    + 2010-06-08 20:18 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975562\spmsg.dll
    + 2010-05-13 04:32 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll
    + 2010-05-13 04:32 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975561\spmsg.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975560\spmsg.dll
    + 2009-11-27 17:23 . 2009-11-27 17:23 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll
    + 2010-01-13 18:58 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972270\update\spcustom.dll
    + 2010-01-13 18:58 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972270\spmsg.dll
    + 2010-01-13 18:47 . 2009-10-15 16:39 81920 c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll
    + 2010-03-06 16:59 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971468\update\spcustom.dll
    + 2010-03-06 16:59 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971468\spmsg.dll
    + 2010-08-02 19:19 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
    + 2010-08-02 19:19 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2286198\spmsg.dll
    + 2010-07-15 13:44 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
    + 2010-07-15 13:44 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2183461-IE7\update\spcustom.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2183461-IE7\spmsg.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 44544 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\pngfilt.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 52224 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\msfeedsbs.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 27648 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\jsproxy.dll
    + 2010-06-23 11:28 . 2010-06-23 11:28 13824 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieudinit.exe
    + 2010-06-24 12:16 . 2010-06-24 12:16 44544 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iernonce.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 78336 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieencode.dll
    + 2010-06-23 11:28 . 2010-06-23 11:28 70656 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ie4uinit.exe
    + 2010-06-24 12:16 . 2010-06-24 12:16 63488 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\icardie.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 17408 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\corpol.dll
    + 2010-08-11 14:54 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2160329\update\spcustom.dll
    + 2010-08-11 14:54 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2160329\spmsg.dll
    + 2010-08-11 14:56 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll
    + 2010-08-11 14:56 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2115168\spmsg.dll
    + 2010-08-11 14:55 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll
    + 2010-08-11 14:55 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2079403\spmsg.dll
    + 2010-12-08 17:27 . 2007-11-01 04:48 20992 c:\windows\$968930Uinstall_KB968930$\pwrshsip.dll
    + 2009-10-09 19:57 . 2009-10-09 19:57 20480 c:\windows\$968930Uinstall_KB968930$\PSCustomSetupUtil.exe
    + 2010-12-08 17:27 . 2010-12-07 19:03 65536 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.security.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2009-04-17 20:51 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
    + 2009-10-09 19:56 . 2009-10-09 19:56 2048 c:\windows\system32\winrsmgr.dll
    + 2010-12-07 19:02 . 2009-10-09 21:23 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
    + 2009-10-09 21:23 . 2009-10-09 21:23 4096 c:\windows\system32\windowspowershell\v1.0\powershell_ise.resources.dll
    + 2008-05-27 03:19 . 2008-05-27 03:19 2048 c:\windows\system32\UncRes.dll
    + 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
    + 2010-06-05 03:06 . 2005-01-02 03:43 4682 c:\windows\system32\npptNT2.sys
    + 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
    + 2010-12-08 16:46 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
    + 2010-12-08 16:42 . 2010-12-08 16:42 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2010-03-06 17:00 . 2001-08-18 10:36 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll
    + 2009-11-27 16:28 . 2009-11-27 16:28 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll
    + 2010-12-08 17:27 . 2007-06-30 18:49 4608 c:\windows\$968930Uinstall_KB968930$\pwrshmsg.dll
    + 2009-10-09 19:56 . 2009-10-09 19:56 9216 c:\windows\$968930Uinstall_KB968930$\PSSetupNativeUtils.exe
    + 2010-12-08 17:29 . 2010-12-08 17:29 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2008-04-25 16:16 . 2008-04-14 12:00 121856 c:\windows\system32\xmllite.dll
    + 2008-04-25 16:16 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
    + 2010-06-05 02:57 . 2010-02-04 14:01 528216 c:\windows\system32\XAudio2_6.dll
    + 2010-06-05 02:57 . 2009-09-04 21:44 515416 c:\windows\system32\XAudio2_5.dll
    + 2010-06-05 02:57 . 2009-03-16 18:18 517448 c:\windows\system32\XAudio2_4.dll
    + 2010-06-05 02:56 . 2008-10-27 14:04 514384 c:\windows\system32\XAudio2_3.dll
    + 2010-06-05 02:56 . 2008-07-31 14:40 509448 c:\windows\system32\XAudio2_2.dll
    + 2010-06-05 02:56 . 2008-05-30 18:19 507400 c:\windows\system32\XAudio2_1.dll
    + 2010-06-05 02:56 . 2008-03-05 20:03 479752 c:\windows\system32\XAudio2_0.dll
    + 2010-06-05 02:57 . 2010-02-04 14:01 238936 c:\windows\system32\xactengine3_6.dll
    + 2010-06-05 02:57 . 2009-09-04 21:44 238936 c:\windows\system32\xactengine3_5.dll
    + 2010-06-05 02:57 . 2009-03-16 18:18 235352 c:\windows\system32\xactengine3_4.dll
    + 2010-06-05 02:56 . 2008-10-27 14:04 235856 c:\windows\system32\xactengine3_3.dll
    + 2010-06-05 02:56 . 2008-07-31 14:41 238088 c:\windows\system32\xactengine3_2.dll
    + 2010-06-05 02:56 . 2008-05-30 18:18 238088 c:\windows\system32\xactengine3_1.dll
    + 2010-06-05 02:56 . 2008-03-05 20:03 238088 c:\windows\system32\xactengine3_0.dll
    + 2009-10-09 19:56 . 2009-10-09 19:56 209408 c:\windows\system32\WsmWmiPl.dll
    + 2009-10-09 21:22 . 2009-10-09 21:22 368640 c:\windows\system32\WsmRes.dll
    + 2009-10-09 19:56 . 2009-10-09 19:56 139776 c:\windows\system32\WsmAuto.dll
    + 2009-10-09 19:56 . 2009-10-09 19:56 225280 c:\windows\system32\wsmanhttpconfig.exe
    + 2008-04-25 16:16 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
    + 2008-04-25 16:16 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
    - 2008-04-25 16:16 . 2008-04-14 12:00 293376 c:\windows\system32\winsrv.dll
    + 2009-10-09 19:56 . 2009-10-09 19:56 233984 c:\windows\system32\winrscmd.dll
    + 2009-08-01 04:27 . 2009-08-01 04:27 201184 c:\windows\system32\winrm.vbs
    + 2008-04-25 16:16 . 2010-09-10 05:58 916480 c:\windows\system32\wininet.dll
    + 2007-08-13 23:45 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
    + 2009-10-09 21:23 . 2009-10-09 21:23 148480 c:\windows\system32\windowspowershell\v1.0\pspluginwkr.dll
    + 2009-10-09 19:57 . 2009-10-09 19:57 204800 c:\windows\system32\windowspowershell\v1.0\powershell_ise.exe
    + 2010-12-07 19:02 . 2009-10-09 19:56 448000 c:\windows\system32\windowspowershell\v1.0\powershell.exe
    + 2009-10-09 19:57 . 2009-10-09 19:57 112640 c:\windows\system32\windowspowershell\v1.0\Modules\BitsTransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
    + 2009-07-16 15:22 . 2009-07-16 15:22 126976 c:\windows\system32\windowspowershell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
    + 2009-10-09 21:23 . 2009-10-09 21:23 178176 c:\windows\system32\wevtfwd.dll
    + 2008-04-25 16:16 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll
    + 2008-04-25 16:16 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
    - 2008-04-25 16:16 . 2008-04-14 12:00 406016 c:\windows\system32\usp10.dll
    + 2008-04-25 16:16 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
    + 2008-04-25 16:16 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
    - 2008-04-25 16:16 . 2009-10-29 07:46 105984 c:\windows\system32\url.dll
    + 2010-07-17 22:10 . 2010-07-17 22:09 258352 c:\windows\system32\unicows.dll
    + 2008-05-27 03:19 . 2008-05-27 03:19 131072 c:\windows\system32\UncPH.dll
    + 2008-05-27 03:19 . 2008-05-27 03:19 108032 c:\windows\system32\UncNE.dll
    + 2008-05-27 03:19 . 2008-05-27 03:19 143872 c:\windows\system32\UncDMS.dll
    + 2008-04-25 16:16 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
    - 2008-04-25 16:16 . 2009-07-29 04:37 119808 c:\windows\system32\t2embed.dll
    + 2008-05-27 02:59 . 2008-05-27 02:59 106605 c:\windows\system32\structuredqueryschema.bin
    + 2008-05-27 03:17 . 2008-05-27 03:17 301568 c:\windows\system32\srchadmin.dll
    + 2008-04-25 16:16 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
    - 2008-04-25 16:16 . 2008-04-14 12:00 474112 c:\windows\system32\shlwapi.dll
    + 2008-05-27 03:18 . 2008-05-27 03:18 184832 c:\windows\system32\searchprotocolhost.exe
    + 2008-05-27 03:18 . 2008-05-27 03:18 439808 c:\windows\system32\searchindexer.exe
    + 2008-04-25 16:16 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
    + 2008-04-25 16:16 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
    + 2010-12-08 17:28 . 2009-11-06 15:55 177024 c:\windows\system32\ReinstallBackups\0021\DriverFiles\Rtenicxp.sys
    + 2008-05-27 03:17 . 2008-05-27 03:17 754176 c:\windows\system32\propsys.dll
    + 2010-03-31 04:10 . 2010-03-31 04:10 295264 c:\windows\system32\PresentationHost.exe
    + 2008-04-25 16:16 . 2010-12-08 17:50 503954 c:\windows\system32\perfh009.dat
    + 2008-04-25 16:16 . 2008-03-07 17:02 192000 c:\windows\system32\offfilt.dll
    - 2008-04-25 16:16 . 2008-04-14 12:00 192000 c:\windows\system32\offfilt.dll
    + 2008-05-27 03:19 . 2008-05-27 03:19 273408 c:\windows\system32\oeph.dll
    + 2008-04-25 16:16 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 771424 c:\windows\system32\msvcr100_clr0400.dll
    + 2008-04-25 16:16 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
    + 2008-05-27 03:18 . 2008-05-27 03:18 203776 c:\windows\system32\mssphtb.dll
    + 2008-05-27 03:18 . 2009-05-25 05:24 350208 c:\windows\system32\mssph.dll
    + 2008-05-27 03:18 . 2008-05-27 03:18 231936 c:\windows\system32\msshsq.dll
    + 2008-04-25 16:16 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll
    + 2008-04-25 21:26 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
    - 2008-04-25 21:26 . 2008-04-14 12:00 343040 c:\windows\system32\mspaint.exe
    - 2008-04-25 16:16 . 2007-08-13 23:54 156160 c:\windows\system32\msls31.dll
    + 2008-04-25 16:16 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
    + 2007-08-13 23:54 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
    + 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
    + 2009-09-24 05:30 . 2009-09-24 05:30 156488 c:\windows\system32\mscorier.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 297808 c:\windows\system32\mscoree.dll
    - 2006-10-19 01:47 . 2006-10-19 01:47 317440 c:\windows\system32\MP4SDECD.dll
    + 2006-10-19 01:47 . 2010-03-30 17:24 317440 c:\windows\system32\mp4sdecd.dll
    + 2010-04-29 10:11 . 2010-04-29 10:11 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll
    + 2010-04-29 10:11 . 2010-04-29 10:11 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
    + 2010-04-29 10:11 . 2010-04-29 10:11 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
    + 2010-04-29 10:11 . 2010-04-29 10:11 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll
    + 2010-04-29 10:10 . 2010-04-29 10:10 753152 c:\windows\system32\Macromed\Shockwave 10\gi.dll
    + 2010-04-29 10:11 . 2010-04-29 10:11 471040 c:\windows\system32\Macromed\Shockwave 10\Control.dll
    + 2010-12-09 13:10 . 2010-12-09 13:10 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
    + 2010-12-08 14:40 . 2010-12-08 14:40 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    + 2010-12-08 14:40 . 2010-12-08 14:40 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
    + 2008-04-25 16:16 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
     
    Cliffhanger,
    #11
  13. 2010/12/09
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    ComboFix Log Part 3

    + 2010-12-07 19:30 . 2010-09-15 09:50 153376 c:\windows\system32\javaws.exe
    - 2009-12-15 18:47 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe
    + 2010-12-07 19:30 . 2010-09-15 09:50 145184 c:\windows\system32\javaw.exe
    - 2009-12-15 18:47 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe
    + 2010-12-07 19:30 . 2010-09-15 09:50 145184 c:\windows\system32\java.exe
    + 2008-04-25 21:27 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
    + 2010-08-15 19:45 . 2010-03-24 20:57 713312 c:\windows\system32\ijjiSetup.exe
    + 2007-08-13 23:54 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
    + 2008-04-25 16:16 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
    + 2008-04-25 16:16 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
    + 2007-07-11 17:27 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
    + 2008-04-25 16:16 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll
    + 2008-04-25 16:16 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll
    + 2008-04-25 16:16 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll
    + 2008-04-25 16:16 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
    + 2008-04-25 09:21 . 2010-12-08 17:17 146808 c:\windows\system32\FNTCACHE.DAT
    - 2008-04-25 09:21 . 2009-12-15 23:06 146808 c:\windows\system32\FNTCACHE.DAT
    - 2008-04-25 16:16 . 2009-10-29 07:46 133120 c:\windows\system32\extmgr.dll
    + 2008-04-25 16:16 . 2010-06-24 12:15 133120 c:\windows\system32\extmgr.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 486216 c:\windows\system32\evr.dll
    + 2008-04-25 16:16 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll
    + 2008-04-25 16:16 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll
    + 2008-04-25 16:16 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
    + 2008-04-25 16:16 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
    + 2008-12-11 01:06 . 2010-07-06 08:13 234392 c:\windows\system32\drivers\Rtenicxp.sys
    + 2008-04-25 16:16 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
    + 2010-03-26 02:30 . 2010-03-26 02:30 151216 c:\windows\system32\drivers\MpFilter.sys
    + 2009-04-17 20:51 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
    + 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
    + 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2008-12-10 23:13 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
    + 2007-08-13 23:54 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
    + 2007-08-13 23:54 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll
    + 2008-12-10 23:14 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
    + 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
    + 2007-08-13 23:44 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
    - 2007-08-13 23:44 . 2009-10-29 07:46 105984 c:\windows\system32\dllcache\url.dll
    + 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
    + 2009-07-29 04:37 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
    - 2009-07-29 04:37 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
    + 2008-12-29 18:16 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
    + 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
    + 2006-09-23 18:12 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
    - 2006-09-23 18:12 . 2006-09-23 18:12 474112 c:\windows\system32\dllcache\shlwapi.dll
    + 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
    + 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
    + 2007-08-13 23:44 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
    + 2007-08-13 23:54 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
    + 2007-08-13 23:44 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
    + 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
    + 2007-08-13 23:54 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
    - 2007-08-13 23:54 . 2007-08-13 23:54 156160 c:\windows\system32\dllcache\msls31.dll
    + 2009-01-07 21:08 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2008-12-29 18:09 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
    + 2010-03-30 17:24 . 2010-03-30 17:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
    + 2010-09-18 17:23 . 2010-09-18 17:23 974848 c:\windows\system32\dllcache\mfc42u.dll
    + 2008-12-10 23:14 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
    + 2008-12-10 23:14 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2007-08-13 23:43 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe
    + 2007-08-13 23:54 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2007-08-13 23:39 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2009-01-07 21:08 . 2009-03-08 09:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
    + 2007-08-13 22:56 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll
    + 2007-08-13 23:39 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll
    + 2007-08-13 23:39 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll
    + 2007-08-13 23:39 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
    + 2010-07-15 05:07 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
    - 2007-08-13 23:54 . 2009-10-29 07:46 133120 c:\windows\system32\dllcache\extmgr.dll
    + 2007-08-13 23:54 . 2010-06-24 12:15 133120 c:\windows\system32\dllcache\extmgr.dll
    + 2007-08-13 23:35 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll
    + 2007-08-13 23:35 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
    + 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
    + 2007-08-13 23:39 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
    + 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
    + 2010-06-05 02:57 . 2009-09-04 21:29 235344 c:\windows\system32\d3dx11_42.dll
    + 2010-06-05 02:57 . 2009-09-04 21:29 453456 c:\windows\system32\d3dx10_42.dll
    + 2010-06-05 02:57 . 2009-03-09 19:27 453456 c:\windows\system32\d3dx10_41.dll
    + 2010-06-05 02:56 . 2008-10-10 08:52 452440 c:\windows\system32\d3dx10_40.dll
    + 2010-06-05 02:56 . 2008-07-10 15:01 467984 c:\windows\system32\d3dx10_39.dll
    + 2010-06-05 02:56 . 2008-05-30 18:11 467984 c:\windows\system32\d3dx10_38.dll
    + 2010-06-05 02:56 . 2008-02-06 03:07 462864 c:\windows\system32\d3dx10_37.dll
    + 2008-04-25 16:16 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
    - 2008-04-25 16:16 . 2008-04-14 12:00 617472 c:\windows\system32\comctl32.dll
    + 2008-04-25 16:16 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll
    + 2008-04-25 16:16 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll
    + 2008-04-25 16:16 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
    + 2010-12-07 14:51 . 2010-07-07 09:45 807744 c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.exe
    + 2010-12-07 14:51 . 2010-07-07 09:45 581440 c:\windows\system32\%APPDATA%\WhiteSmokeSetup\ISSetup.dll
    + 2010-09-12 00:55 . 2009-05-19 19:14 171264 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
    - 2008-04-25 21:27 . 2008-04-14 12:00 744448 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
    + 2008-04-25 21:27 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 915800 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
    + 2010-03-18 05:51 . 2010-03-18 05:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    + 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
    + 2010-03-31 04:16 . 2010-03-31 04:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
    + 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    + 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    - 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2010-09-22 14:43 . 2010-09-22 14:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2010-09-23 07:26 . 2010-09-23 07:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2010-09-23 07:25 . 2010-09-23 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2010-09-23 08:17 . 2010-09-23 08:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 126208 c:\windows\Installer\tmdbg32.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 626688 c:\windows\Installer\msvcr80.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 548864 c:\windows\Installer\msvcp80.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 479232 c:\windows\Installer\msvcm80.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 159168 c:\windows\Installer\libexpat.dll
    + 2010-12-07 17:58 . 2010-12-07 17:58 272384 c:\windows\Installer\df440.msi
    + 2010-12-07 17:58 . 2010-12-07 17:58 264192 c:\windows\Installer\df43b.msi
    + 2010-12-07 17:57 . 2010-12-07 17:57 301056 c:\windows\Installer\df436.msi
    + 2010-09-24 02:02 . 2010-09-24 02:02 798208 c:\windows\Installer\ba097.msp
    + 2010-08-04 20:13 . 2010-08-04 20:13 686080 c:\windows\Installer\ba041.msp
    + 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\b1c61c.msp
    + 2010-12-07 19:30 . 2010-12-07 19:30 180224 c:\windows\Installer\a8e24.msi
    - 2009-01-07 21:39 . 2009-12-15 23:01 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-01-07 21:39 . 2010-12-08 16:45 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-01-07 21:39 . 2010-12-08 16:45 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    - 2009-01-07 21:39 . 2009-12-15 23:01 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    - 2009-01-07 21:39 . 2009-12-15 23:01 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    + 2009-01-07 21:39 . 2010-12-08 16:45 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    - 2009-01-07 21:39 . 2009-12-15 23:01 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    + 2009-01-07 21:39 . 2010-12-08 16:45 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    + 2010-12-08 17:24 . 2010-12-08 17:24 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    - 2009-12-15 22:59 . 2009-12-15 22:59 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    + 2010-09-22 23:10 . 2010-09-22 23:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
    + 2008-10-25 12:52 . 2008-10-25 12:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
    + 2008-10-25 12:52 . 2008-10-25 12:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
    + 2010-12-08 16:38 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
    + 2010-12-08 16:38 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
    + 2010-12-08 16:38 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
    + 2010-12-08 16:38 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
    + 2010-12-08 16:38 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
    + 2010-12-08 16:38 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
    + 2010-12-08 16:38 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
    + 2010-12-08 16:38 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
    + 2010-12-08 16:38 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
    + 2010-12-08 16:46 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
    + 2010-12-08 16:46 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
    + 2010-12-08 16:39 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
    + 2010-12-08 16:39 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
    + 2010-12-08 16:39 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
    + 2010-12-08 16:39 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB2360131-IE8\occache.dll
    + 2010-12-08 16:39 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
    + 2010-12-08 16:39 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
    + 2010-12-08 16:39 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
    + 2010-12-08 16:39 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
    + 2010-12-08 16:39 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
    + 2010-12-08 16:39 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
    + 2010-12-08 16:39 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
    + 2010-12-08 14:34 . 2010-06-24 12:15 832512 c:\windows\ie8\wininet.dll
    + 2010-12-08 14:34 . 2007-08-13 23:45 206336 c:\windows\ie8\winfxdocobj.exe
    + 2010-12-08 14:34 . 2010-06-24 12:15 233472 c:\windows\ie8\webcheck.dll
    + 2010-12-08 14:34 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
    + 2010-12-08 14:34 . 2010-03-09 11:09 430080 c:\windows\ie8\vbscript.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 105984 c:\windows\ie8\url.dll
    + 2010-12-08 14:34 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
    + 2010-12-08 14:34 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
    + 2010-12-08 14:34 . 2006-09-06 22:43 213216 c:\windows\ie8\spuninst.exe
    + 2010-12-08 14:34 . 2010-06-24 12:15 102912 c:\windows\ie8\occache.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 671232 c:\windows\ie8\mstime.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 193024 c:\windows\ie8\msrating.dll
    + 2010-12-08 14:34 . 2007-08-13 23:54 156160 c:\windows\ie8\msls31.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 477696 c:\windows\ie8\mshtmled.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 459264 c:\windows\ie8\msfeeds.dll
    + 2010-12-08 14:34 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
    + 2010-12-08 14:34 . 2010-06-17 15:12 634656 c:\windows\ie8\iexplore.exe
    + 2010-12-08 14:34 . 2007-08-13 23:54 180736 c:\windows\ie8\ieui.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 268288 c:\windows\ie8\iertutil.dll
    + 2010-12-08 14:34 . 2007-08-13 23:54 287744 c:\windows\ie8\ieproxy.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 192512 c:\windows\ie8\iepeers.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 385024 c:\windows\ie8\iedkcs32.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 380928 c:\windows\ie8\ieapfltr.dll
    + 2010-12-08 14:34 . 2010-06-17 15:11 161792 c:\windows\ie8\ieakui.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 230400 c:\windows\ie8\ieaksie.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 153088 c:\windows\ie8\ieakeng.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 214528 c:\windows\ie8\dxtrans.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 347136 c:\windows\ie8\dxtmsft.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 124928 c:\windows\ie8\advpack.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
    + 2010-06-08 20:12 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
    + 2010-06-08 20:12 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
    + 2010-06-08 20:12 . 2010-03-11 12:38 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
    + 2010-06-08 20:12 . 2010-02-23 05:20 634648 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
    + 2010-06-08 20:12 . 2010-03-11 12:38 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 192512 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
    + 2010-06-08 20:12 . 2010-02-23 05:18 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 832512 c:\windows\ie7updates\KB980182-IE7\wininet.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 233472 c:\windows\ie7updates\KB980182-IE7\webcheck.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 105984 c:\windows\ie7updates\KB980182-IE7\url.dll
    + 2010-05-13 04:31 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB980182-IE7\spuninst\updspapi.dll
    + 2010-05-13 04:31 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB980182-IE7\spuninst\spuninst.exe
    + 2010-05-13 04:31 . 2010-01-05 10:00 102912 c:\windows\ie7updates\KB980182-IE7\occache.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 671232 c:\windows\ie7updates\KB980182-IE7\mstime.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 193024 c:\windows\ie7updates\KB980182-IE7\msrating.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 477696 c:\windows\ie7updates\KB980182-IE7\mshtmled.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 459264 c:\windows\ie7updates\KB980182-IE7\msfeeds.dll
    + 2010-05-13 04:31 . 2009-12-18 13:05 634648 c:\windows\ie7updates\KB980182-IE7\iexplore.exe
    + 2010-05-13 04:31 . 2010-01-05 10:00 268288 c:\windows\ie7updates\KB980182-IE7\iertutil.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 192512 c:\windows\ie7updates\KB980182-IE7\iepeers.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 385024 c:\windows\ie7updates\KB980182-IE7\iedkcs32.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 380928 c:\windows\ie7updates\KB980182-IE7\ieapfltr.dll
    + 2010-05-13 04:31 . 2009-12-18 13:04 161792 c:\windows\ie7updates\KB980182-IE7\ieakui.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 230400 c:\windows\ie7updates\KB980182-IE7\ieaksie.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 153088 c:\windows\ie7updates\KB980182-IE7\ieakeng.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 133120 c:\windows\ie7updates\KB980182-IE7\extmgr.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 214528 c:\windows\ie7updates\KB980182-IE7\dxtrans.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 347136 c:\windows\ie7updates\KB980182-IE7\dxtmsft.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 124928 c:\windows\ie7updates\KB980182-IE7\advpack.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 832512 c:\windows\ie7updates\KB978207-IE7\wininet.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
    + 2010-01-21 20:00 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
    + 2010-01-21 20:00 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
    + 2010-01-21 20:00 . 2009-10-29 07:46 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
    + 2010-01-21 20:00 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
    + 2010-01-21 20:00 . 2009-10-29 07:46 268288 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
    + 2010-01-21 20:00 . 2007-08-13 23:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 385024 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 380928 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
    + 2010-01-21 20:00 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 832512 c:\windows\ie7updates\KB2183461-IE7\wininet.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 233472 c:\windows\ie7updates\KB2183461-IE7\webcheck.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 105984 c:\windows\ie7updates\KB2183461-IE7\url.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2183461-IE7\spuninst\updspapi.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2183461-IE7\spuninst\spuninst.exe
    + 2010-08-11 14:56 . 2010-05-04 17:20 102912 c:\windows\ie7updates\KB2183461-IE7\occache.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 671232 c:\windows\ie7updates\KB2183461-IE7\mstime.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 193024 c:\windows\ie7updates\KB2183461-IE7\msrating.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 477696 c:\windows\ie7updates\KB2183461-IE7\mshtmled.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 459264 c:\windows\ie7updates\KB2183461-IE7\msfeeds.dll
    + 2010-08-11 14:56 . 2010-04-16 11:43 634656 c:\windows\ie7updates\KB2183461-IE7\iexplore.exe
    + 2010-08-11 14:56 . 2010-05-04 17:20 268288 c:\windows\ie7updates\KB2183461-IE7\iertutil.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 192512 c:\windows\ie7updates\KB2183461-IE7\iepeers.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 385024 c:\windows\ie7updates\KB2183461-IE7\iedkcs32.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 380928 c:\windows\ie7updates\KB2183461-IE7\ieapfltr.dll
    + 2010-08-11 14:56 . 2010-04-16 11:43 161792 c:\windows\ie7updates\KB2183461-IE7\ieakui.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 230400 c:\windows\ie7updates\KB2183461-IE7\ieaksie.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 153088 c:\windows\ie7updates\KB2183461-IE7\ieakeng.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 133120 c:\windows\ie7updates\KB2183461-IE7\extmgr.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 214528 c:\windows\ie7updates\KB2183461-IE7\dxtrans.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 347136 c:\windows\ie7updates\KB2183461-IE7\dxtmsft.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 124928 c:\windows\ie7updates\KB2183461-IE7\advpack.dll
    + 2008-12-29 18:09 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2010-08-05 23:28 . 2010-08-05 23:28 464272 c:\windows\Downloaded Program Files\wlscBase.dll
    + 2010-08-15 19:45 . 2010-05-11 21:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
    + 2010-12-07 19:03 . 2010-11-16 02:36 560544 c:\windows\Downloaded Program Files\MSDCode.DLL
    + 2010-08-15 19:45 . 2010-03-24 20:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
     
    Cliffhanger,
    #12
  14. 2010/12/09
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    ComboFix Log Part 4

    + 2010-12-08 16:44 . 2010-12-08 16:44 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_10f108ad\System.Drawing.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_349443ff\System.Drawing.Design.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_fda834ed\CustomMarshalers.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5786f917a7b62d63ca8dd5b47aaf9610\UIAutomationTypes.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ece129234f9ba9ad856d0e77e4849137\UIAutomationClient.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\18419dd13ced512c5f8dc15a79a601eb\System.Windows.Input.Manipulations.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 758784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e30ded9b9c19a264a974b1cc40d7d2cc\System.Runtime.Remoting.ni.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd5c866d2462dd913ed0a0287396aa50\System.Net.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\3ab3e80af8e5e95a5a62092cc9293c91\System.Messaging.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\8b5fe7aff54a7aed07287257a9b8e420\System.Management.Instrumentation.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\150da10324f2811a48da58d3496bbe10\System.IO.Log.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\386f41f744eedacd1517c8a15750a48b\System.IdentityModel.Selectors.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.Wrapper.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1331ee3a7146218388537aa7e41303af\System.Dynamic.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\7f4419b6f829a2485d83b3c3e7b26a97\System.DirectoryServices.Protocols.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\46a7f51ef1a9d917598b96f7a758a459\System.DirectoryServices.AccountManagement.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\36342e6024e2844502d0bdaa9d30971a\System.Device.ni.dll
    + 2010-12-08 17:35 . 2010-12-08 17:35 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\caecc65b5c0ede0fe0d55b9f48ada80f\System.Data.DataSetExtensions.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
    + 2010-12-08 17:35 . 2010-12-08 17:35 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\aea1d325200e1a7b1ee7ec86fba33db4\System.Configuration.Install.ni.dll
    + 2010-12-08 17:35 . 2010-12-08 17:35 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7d8e51e92fede804332703770695afdb\System.ComponentModel.DataAnnotations.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4a518b841f06ee4f07320159cf918a2c\System.ComponentModel.Composition.ni.dll
    + 2010-12-08 17:35 . 2010-12-08 17:35 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\767e70aec1ffb52f95c2b07c08fa0781\System.AddIn.ni.dll
    + 2010-12-08 17:35 . 2010-12-08 17:35 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8594d07d18330843968d649ed6ef6166\System.Activities.DurableInstancing.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
    + 2010-12-08 17:34 . 2010-12-08 17:34 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f5e029e2215c95ab38a1eefef7b32ac9\PresentationFramework.Classic.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\040571d65dc822e5df020d5e084f4b45\PresentationFramework.Royale.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\95d92a700a1fba76f89a30ab46864f10\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5f595338c63c2fdb5a171760c29d5bcf\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
    + 2010-08-11 14:58 . 2010-08-11 14:58 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 497152 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EC.tmp\Microsoft.WSMan.Management.dll
    + 2010-08-11 15:18 . 2010-08-11 15:18 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
    + 2010-08-11 14:56 . 2010-08-11 14:56 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2010-12-08 16:43 . 2010-12-08 16:43 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
    + 2010-08-11 15:17 . 2010-08-11 15:17 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
    + 2010-08-11 15:18 . 2010-08-11 15:18 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
    + 2010-08-11 15:17 . 2010-08-11 15:17 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
    + 2010-08-11 15:17 . 2010-08-11 15:17 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
    + 2010-08-11 15:17 . 2010-08-11 15:17 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
    + 2010-08-11 15:17 . 2010-08-11 15:17 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
    + 2010-08-11 15:17 . 2010-08-11 15:17 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
    + 2010-08-11 14:56 . 2010-08-11 14:56 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\a055d54c458b7557d957c714551873c3\sysglobl.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
    + 2010-08-11 15:16 . 2010-08-11 15:16 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
    + 2010-08-11 14:58 . 2010-08-11 14:58 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
    + 2010-12-08 17:32 . 2010-12-08 17:32 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a90fef2e90e3c1c1de3bf24a835dcfa0\Microsoft.WSMan.Management.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2010-12-08 17:28 . 2010-12-08 17:28 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ff9583e53a4bec6da6aae423a613ba6c\Microsoft.PowerShell.Commands.Management.ni.dll
    + 2010-12-08 17:28 . 2010-12-08 17:28 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f449b2674e5198e37ce8642b27a94823\Microsoft.PowerShell.ConsoleHost.ni.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8aece00b9a77cc2d75a921465abcce57\Microsoft.PowerShell.GraphicalHost.ni.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\715cee741bcf47ecaf75a856c156f3cb\Microsoft.PowerShell.Security.ni.dll
    + 2010-12-08 17:28 . 2010-12-08 17:28 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3d7d5070c97ef550f64bc835a8959341\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
    + 2010-08-11 14:56 . 2010-08-11 14:56 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
    + 2010-12-08 16:46 . 2010-12-08 16:46 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-06-08 20:17 . 2010-06-08 20:17 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 253952 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
    + 2010-06-08 20:17 . 2010-06-08 20:17 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2010-06-08 20:17 . 2010-06-08 20:17 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    - 2009-12-15 22:28 . 2009-12-15 22:28 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 274432 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 278528 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 651264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 991232 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 618496 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 262144 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 102400 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2010-08-11 14:51 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll
    + 2010-08-11 14:51 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
    + 2010-08-11 14:56 . 2009-12-31 16:50 353792 c:\windows\$NtUninstallKB982214$\srv.sys
    + 2010-08-11 14:56 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
    + 2010-08-11 14:52 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll
    + 2010-08-11 14:52 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe
    + 2010-08-11 14:56 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe
    + 2010-05-26 19:29 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
    + 2010-05-26 19:29 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
    + 2010-05-13 04:33 . 2008-05-09 10:53 430080 c:\windows\$NtUninstallKB981349$\vbscript.dll
    + 2010-05-13 04:33 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981349$\spuninst\updspapi.dll
    + 2010-05-13 04:33 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981349$\spuninst\spuninst.exe
    + 2010-08-11 14:53 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll
    + 2010-08-11 14:53 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
    + 2010-08-11 14:53 . 2009-06-25 08:25 147456 c:\windows\$NtUninstallKB980436$\schannel.dll
    + 2010-05-13 04:33 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
    + 2010-05-13 04:33 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
    + 2010-05-13 04:33 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys
    + 2010-06-08 20:22 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
    + 2010-06-08 20:22 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
    + 2010-06-08 20:22 . 2008-04-14 12:00 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
    + 2010-06-08 20:22 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
    + 2010-06-08 20:22 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
    + 2010-05-13 04:33 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
    + 2010-05-13 04:33 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
    + 2010-06-08 20:20 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
    + 2010-06-08 20:20 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
    + 2010-06-08 20:18 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
    + 2010-06-08 20:18 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
    + 2010-05-13 04:31 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
    + 2010-05-13 04:31 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978706$\spuninst\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe
    + 2010-03-06 17:00 . 2008-04-14 12:00 343040 c:\windows\$NtUninstallKB978706$\mspaint.exe
    + 2010-06-08 20:18 . 2007-07-28 03:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
    + 2010-06-08 20:18 . 2007-07-28 03:11 231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
    + 2010-05-13 04:32 . 2008-04-14 12:00 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
    + 2010-05-13 04:32 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
    + 2010-05-13 04:32 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
    + 2010-05-13 04:32 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
    + 2010-05-13 04:32 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys
    + 2010-05-13 04:32 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
    + 2010-05-13 04:32 . 2008-04-14 12:00 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978262$\spuninst\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978251$\spuninst\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe
    + 2010-03-06 17:00 . 2008-10-24 11:21 455296 c:\windows\$NtUninstallKB978251$\mrxsmb.sys
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
    + 2010-05-13 04:32 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
    + 2010-03-06 17:00 . 2008-04-14 12:00 474112 c:\windows\$NtUninstallKB975713$\shlwapi.dll
    + 2010-06-08 20:18 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
    + 2010-06-08 20:18 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
    + 2010-05-13 04:32 . 2009-05-26 21:10 382840 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
    + 2010-05-13 04:32 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
    + 2010-01-13 18:58 . 2009-07-29 04:37 119808 c:\windows\$NtUninstallKB972270$\t2embed.dll
    + 2010-01-13 18:58 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll
    + 2010-01-13 18:58 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
    + 2010-03-06 16:59 . 2008-12-11 10:57 333952 c:\windows\$NtUninstallKB971468$\srv.sys
    + 2010-03-06 16:59 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB971468$\spuninst\updspapi.dll
    + 2010-03-06 16:59 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe
    + 2010-08-02 19:19 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
    + 2010-08-02 19:19 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
    + 2010-07-15 13:44 . 2010-02-22 23:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
    + 2010-07-15 13:44 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
    + 2010-07-15 13:44 . 2008-04-14 12:00 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
    + 2010-08-11 14:54 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2160329$\spuninst\updspapi.dll
    + 2010-08-11 14:54 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe
    + 2010-08-11 14:56 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll
    + 2010-08-11 14:56 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe
    + 2010-08-11 14:55 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll
    + 2010-08-11 14:55 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe
    + 2010-08-11 14:51 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982665\update\updspapi.dll
    + 2010-08-11 14:51 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982665\update\update.exe
    + 2010-08-11 14:51 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982665\spuninst.exe
    + 2010-06-08 20:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB982381-IE7\update\updspapi.dll
    + 2010-06-08 20:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB982381-IE7\update\update.exe
    + 2010-06-08 20:12 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB982381-IE7\spuninst.exe
    + 2010-05-04 17:20 . 2010-05-04 17:20 841216 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 233472 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\webcheck.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 105984 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\url.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 102912 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\occache.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 671232 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mstime.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 193024 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msrating.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 477696 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtmled.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 459264 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeeds.dll
    + 2010-04-16 11:08 . 2010-04-16 11:08 634648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
    + 2010-05-04 17:20 . 2010-05-04 17:20 268288 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iertutil.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 193024 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iepeers.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 388608 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iedkcs32.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 380928 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dll
    + 2010-04-16 11:06 . 2010-04-16 11:06 161792 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakui.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 230400 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieaksie.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 153088 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakeng.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 132608 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\extmgr.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 214528 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtrans.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 347136 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtmsft.dll
    + 2010-05-04 17:19 . 2010-05-04 17:19 124928 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\advpack.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982214\update\updspapi.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982214\update\update.exe
    + 2010-08-11 14:56 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982214\spuninst.exe
    + 2010-08-10 22:06 . 2010-06-21 14:18 354304 c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys
    + 2010-08-11 14:52 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981997\update\updspapi.dll
    + 2010-08-11 14:52 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981997\update\update.exe
    + 2010-08-11 14:52 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981997\spuninst.exe
    + 2010-08-11 14:56 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981852\update\updspapi.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981852\update\update.exe
    + 2010-08-11 14:56 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981852\spuninst.exe
    + 2010-05-13 04:33 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981349\update\updspapi.dll
    + 2010-05-13 04:33 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981349\update\update.exe
    + 2010-05-13 04:33 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981349\spuninst.exe
    + 2010-03-09 11:06 . 2010-03-09 11:06 430080 c:\windows\$hf_mig$\KB981349\SP3QFE\vbscript.dll
    + 2010-08-11 14:53 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980436\update\updspapi.dll
    + 2010-08-11 14:53 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980436\update\update.exe
    + 2010-08-11 14:53 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980436\spuninst.exe
    + 2010-06-30 12:23 . 2010-06-30 12:23 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
    + 2010-05-13 04:33 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll
    + 2010-05-13 04:33 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB980232\update\update.exe
    + 2010-05-13 04:33 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB980232\spuninst.exe
    + 2010-05-13 03:38 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
    + 2010-06-08 20:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
    + 2010-06-08 20:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980218\update\update.exe
    + 2010-06-08 20:22 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980218\spuninst.exe
    + 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
    + 2010-06-08 20:22 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
    + 2010-06-08 20:22 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB980195\update\update.exe
    + 2010-06-08 20:22 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB980195\spuninst.exe
    + 2010-05-13 04:31 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980182-IE7\update\updspapi.dll
    + 2010-05-13 04:31 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980182-IE7\update\update.exe
    + 2010-05-13 04:31 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980182-IE7\spuninst.exe
    + 2010-03-11 11:49 . 2010-03-11 11:49 841216 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 233472 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\webcheck.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 105984 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\url.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 102912 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\occache.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 671232 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mstime.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 193024 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\msrating.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 477696 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtmled.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 459264 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\msfeeds.dll
    + 2010-02-23 05:19 . 2010-02-23 05:19 634648 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
    + 2010-03-11 11:49 . 2010-03-11 11:49 268288 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iertutil.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 193024 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iepeers.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 388608 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iedkcs32.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 380928 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieapfltr.dll
    + 2010-02-23 05:18 . 2010-02-23 05:18 161792 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieakui.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 230400 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieaksie.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 153088 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieakeng.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 132608 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\extmgr.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 214528 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\dxtrans.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 347136 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\dxtmsft.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 124928 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\advpack.dll
    + 2010-05-13 04:33 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979683\update\updspapi.dll
    + 2010-05-13 04:33 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979683\update\update.exe
    + 2010-05-13 04:33 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979683\spuninst.exe
    + 2010-06-08 20:20 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
    + 2010-06-08 20:20 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979559\update\update.exe
    + 2010-06-08 20:20 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979559\spuninst.exe
    + 2010-06-08 20:18 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
    + 2010-06-08 20:18 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979482\update\update.exe
    + 2010-06-08 20:18 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979482\spuninst.exe
    + 2010-05-13 04:31 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll
    + 2010-05-13 04:31 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979309\update\update.exe
    + 2010-05-13 04:31 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB979309\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978706\update\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978706\update\update.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978706\spuninst.exe
    + 2009-12-16 18:27 . 2009-12-16 18:27 343040 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe
    + 2010-05-13 04:32 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978601\update\update.exe
    + 2010-05-13 04:32 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB978601\spuninst.exe
    + 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978542\update\update.exe
    + 2010-05-13 04:32 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
    + 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe
    + 2010-05-13 04:32 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe
    + 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
    + 2010-02-12 04:27 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978262\update\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978262\update\update.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978262\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978251\update\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978251\update\update.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978251\spuninst.exe
    + 2010-03-06 16:56 . 2009-12-04 17:25 456832 c:\windows\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
    + 2010-01-21 20:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978207-IE7\update\updspapi.dll
    + 2010-01-21 20:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978207-IE7\update\update.exe
    + 2010-01-21 20:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978207-IE7\spuninst.exe
    + 2010-01-05 09:57 . 2010-01-05 09:57 841216 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 233472 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\webcheck.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 105984 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\url.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 102912 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\occache.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 671232 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mstime.dll
     
    Cliffhanger,
    #13
  15. 2010/12/09
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    ComboFix Log Part 5

    + 2010-01-05 09:57 . 2010-01-05 09:57 193024 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msrating.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 477696 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtmled.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 459264 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msfeeds.dll
    + 2009-12-18 07:00 . 2009-12-18 07:00 634632 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
    + 2010-01-05 09:57 . 2010-01-05 09:57 268288 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iertutil.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 193024 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iepeers.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 388608 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iedkcs32.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 380928 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieapfltr.dll
    + 2009-12-18 06:58 . 2009-12-18 06:58 161792 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieakui.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 230400 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieaksie.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 153088 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieakeng.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 132608 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\extmgr.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 214528 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\dxtrans.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 347136 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\dxtmsft.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 124928 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\advpack.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978037\update\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978037\update\update.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978037\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977914\update\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977914\update\update.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977914\spuninst.exe
    + 2010-05-13 04:32 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
    + 2010-05-13 04:32 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe
    + 2010-05-13 04:32 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975713\update\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975713\update\update.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975713\spuninst.exe
    + 2009-12-08 09:01 . 2009-12-08 09:01 474112 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll
    + 2010-06-08 20:18 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
    + 2010-06-08 20:18 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975562\update\update.exe
    + 2010-06-08 20:18 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975562\spuninst.exe
    + 2010-05-13 04:32 . 2009-05-26 21:10 382840 c:\windows\$hf_mig$\KB975561\update\updspapi.dll
    + 2010-05-13 04:32 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB975561\update\update.exe
    + 2010-05-13 04:32 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975561\spuninst.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975560\update\updspapi.dll
    + 2010-03-06 17:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975560\update\update.exe
    + 2010-03-06 17:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975560\spuninst.exe
    + 2010-01-13 18:58 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB972270\update\updspapi.dll
    + 2010-01-13 18:58 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB972270\update\update.exe
    + 2010-01-13 18:58 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB972270\spuninst.exe
    + 2010-01-13 18:47 . 2009-10-15 16:39 119808 c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll
    + 2010-03-06 16:59 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971468\update\updspapi.dll
    + 2010-03-06 16:59 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971468\update\update.exe
    + 2010-03-06 16:59 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971468\spuninst.exe
    + 2010-03-06 16:56 . 2010-01-01 07:58 353792 c:\windows\$hf_mig$\KB971468\SP3QFE\srv.sys
    + 2010-08-02 19:19 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
    + 2010-08-02 19:19 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2286198\update\update.exe
    + 2010-08-02 19:19 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2286198\spuninst.exe
    + 2010-07-15 13:44 . 2010-02-22 23:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
    + 2010-07-15 13:44 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe
    + 2010-07-15 13:44 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe
    + 2010-07-15 05:07 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
    + 2010-08-11 14:56 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2183461-IE7\update\updspapi.dll
    + 2010-08-11 14:56 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2183461-IE7\update\update.exe
    + 2010-08-11 14:56 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2183461-IE7\spuninst.exe
    + 2010-06-24 12:16 . 2010-06-24 12:16 841216 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\wininet.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 233472 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\webcheck.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 105984 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\url.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 102912 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\occache.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 671232 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mstime.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 193024 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\msrating.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 477696 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mshtmled.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 459264 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\msfeeds.dll
    + 2010-06-17 14:45 . 2010-06-17 14:45 634648 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe
    + 2010-06-24 12:16 . 2010-06-24 12:16 268288 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iertutil.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 193024 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iepeers.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 388608 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iedkcs32.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 380928 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieapfltr.dll
    + 2010-06-17 14:43 . 2010-06-17 14:43 161792 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieakui.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 230400 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieaksie.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 153088 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieakeng.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 132608 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\extmgr.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 214528 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\dxtrans.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 347136 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\dxtmsft.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 124928 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\advpack.dll
    + 2010-08-11 14:54 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2160329\update\updspapi.dll
    + 2010-08-11 14:54 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2160329\update\update.exe
    + 2010-08-11 14:54 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2160329\spuninst.exe
    + 2010-08-11 14:56 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
    + 2010-08-11 14:56 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2115168\update\update.exe
    + 2010-08-11 14:56 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2115168\spuninst.exe
    + 2010-08-11 14:55 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
    + 2010-08-11 14:55 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2079403\update\update.exe
    + 2010-08-11 14:55 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2079403\spuninst.exe
    + 2010-12-08 17:27 . 2009-06-17 23:59 379184 c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
    + 2010-12-08 17:27 . 2009-06-17 23:59 221488 c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
    + 2010-12-08 17:27 . 2007-10-30 09:15 330240 c:\windows\$968930Uinstall_KB968930$\powershell.exe
    + 2010-12-08 17:27 . 2010-12-07 19:03 200704 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.consolehost.dll
    + 2010-12-08 17:27 . 2010-12-07 19:03 294912 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.commands.utility.dll
    + 2010-12-08 17:27 . 2010-12-07 19:03 139264 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.commands.management.dll
    + 2010-12-08 16:32 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    + 2009-10-09 21:23 . 2009-10-09 21:23 1107456 c:\windows\system32\WsmSvc.dll
    + 2008-04-25 16:16 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
    + 2008-04-25 16:16 . 2010-08-31 13:42 1852800 c:\windows\system32\win32k.sys
    + 2008-04-25 16:16 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
    + 2008-05-27 03:21 . 2008-05-27 03:21 1582592 c:\windows\system32\tquery.dll
    + 2008-04-25 16:16 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
    + 2008-04-25 16:16 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
    + 2008-04-25 16:16 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
    + 2008-04-25 16:16 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
    + 2008-04-14 00:01 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
    + 2008-04-25 16:16 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
    - 2008-04-25 16:16 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
    + 2008-05-27 03:21 . 2008-05-27 03:21 1418240 c:\windows\system32\mssrch.dll
    + 2008-04-25 16:16 . 2010-09-10 05:58 5957120 c:\windows\system32\mshtml.dll
    + 2010-04-29 10:10 . 2010-04-29 10:10 1975408 c:\windows\system32\Macromed\Shockwave 10\gt.exe
    + 2010-04-29 10:11 . 2010-04-29 10:11 1490944 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll
    + 2010-01-27 01:07 . 2010-12-09 13:10 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2007-08-13 23:34 . 2010-09-10 05:58 1986560 c:\windows\system32\iertutil.dll
    + 2007-02-12 21:10 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
    + 2008-11-07 21:45 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
    + 2008-12-10 23:14 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
    + 2008-12-10 23:13 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
    + 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
    + 2008-12-10 23:14 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
    + 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
    + 2008-12-29 18:12 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-12-29 18:12 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-12-29 18:12 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2008-12-29 18:12 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
    - 2008-12-29 18:09 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
    + 2008-12-29 18:09 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
    - 2009-12-15 18:33 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
    + 2009-12-15 18:33 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
    + 2008-12-10 23:13 . 2010-09-10 05:58 5957120 c:\windows\system32\dllcache\mshtml.dll
    + 2010-05-13 03:37 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
    + 2009-01-07 21:08 . 2010-09-10 05:58 1986560 c:\windows\system32\dllcache\iertutil.dll
    + 2009-01-07 21:08 . 2009-02-07 02:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
    + 2009-11-07 05:06 . 2009-11-07 05:06 1130824 c:\windows\system32\dfshim.dll
    + 2010-06-05 02:57 . 2009-09-04 21:29 1892184 c:\windows\system32\D3DX9_42.dll
    + 2010-06-05 02:57 . 2009-03-09 19:27 4178264 c:\windows\system32\D3DX9_41.dll
    + 2010-06-05 02:56 . 2008-10-10 08:52 4379984 c:\windows\system32\D3DX9_40.dll
    + 2010-06-05 02:56 . 2008-07-10 15:00 3851784 c:\windows\system32\D3DX9_39.dll
    + 2010-06-05 02:56 . 2008-05-30 18:11 3850760 c:\windows\system32\D3DX9_38.dll
    + 2010-06-05 02:56 . 2008-03-05 19:56 3786760 c:\windows\system32\D3DX9_37.dll
    + 2010-06-05 02:57 . 2009-09-04 21:29 5501792 c:\windows\system32\d3dcsx_42.dll
    + 2010-06-05 02:57 . 2009-09-04 21:29 1974616 c:\windows\system32\D3DCompiler_42.dll
    + 2010-06-05 02:57 . 2009-03-09 19:27 1846632 c:\windows\system32\D3DCompiler_41.dll
    + 2010-06-05 02:56 . 2008-10-10 08:52 2036576 c:\windows\system32\D3DCompiler_40.dll
    + 2010-06-05 02:56 . 2008-07-10 15:00 1493528 c:\windows\system32\D3DCompiler_39.dll
    + 2010-06-05 02:56 . 2008-05-30 18:11 1491992 c:\windows\system32\D3DCompiler_38.dll
    + 2010-06-05 02:56 . 2008-03-05 19:56 1420824 c:\windows\system32\D3DCompiler_37.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
    + 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
    + 2010-03-18 18:16 . 2010-03-18 18:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 1141592 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2010-03-18 18:16 . 2010-03-18 18:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
    + 2010-03-18 18:16 . 2010-03-18 18:16 6730056 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
    + 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    - 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2010-09-22 14:44 . 2010-09-22 14:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    - 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2010-05-11 10:40 . 2010-05-11 10:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2010-09-23 20:55 . 2010-09-23 20:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2010-09-23 20:55 . 2010-09-23 20:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2010-09-23 07:26 . 2010-09-23 07:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2010-09-23 07:25 . 2010-09-23 07:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2010-09-23 20:55 . 2010-09-23 20:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    - 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2010-12-08 17:29 . 2010-12-08 17:29 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 1093120 c:\windows\Installer\mfc80u.dll
    + 2010-05-25 02:10 . 2010-05-25 02:10 1101824 c:\windows\Installer\mfc80.dll
    + 2010-10-07 23:43 . 2010-10-07 23:43 1980416 c:\windows\Installer\ba0cf.msp
    + 2010-09-17 11:04 . 2010-09-17 11:04 9401856 c:\windows\Installer\ba0be.msp
    + 2010-09-23 12:39 . 2010-09-23 12:39 4265472 c:\windows\Installer\ba090.msp
    + 2010-08-13 23:00 . 2010-08-13 23:00 9404928 c:\windows\Installer\ba086.msp
    + 2010-08-13 22:59 . 2010-08-13 22:59 8182272 c:\windows\Installer\ba074.msp
    + 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\ba063.msp
    + 2010-08-13 23:01 . 2010-08-13 23:01 8993280 c:\windows\Installer\ba052.msp
    + 2010-04-24 21:08 . 2010-04-24 21:08 9129984 c:\windows\Installer\b1c67b.msp
    + 2010-03-24 22:54 . 2010-03-24 22:54 2516992 c:\windows\Installer\b1c66a.msp
    + 2010-04-24 21:07 . 2010-04-24 21:07 4667392 c:\windows\Installer\b1c659.msp
    + 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\b1c63a.msp
    + 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\b1c639.msp
    + 2010-04-24 21:10 . 2010-04-24 21:10 8486400 c:\windows\Installer\b1c611.msp
    + 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\a8f70.msp
    + 2010-12-07 19:32 . 2010-12-07 19:32 3940864 c:\windows\Installer\a8f5d.msi
    + 2010-12-08 17:30 . 2010-12-08 17:30 1160192 c:\windows\Installer\62bd0.msi
    + 2009-04-14 09:50 . 2009-04-14 09:50 5191680 c:\windows\Installer\62b9b.msp
    + 2009-04-14 09:49 . 2009-04-14 09:49 1922560 c:\windows\Installer\62b94.msp
    + 2009-04-14 09:51 . 2009-04-14 09:51 1303040 c:\windows\Installer\62b8d.msp
    + 2010-06-27 23:48 . 2010-06-27 23:48 1554432 c:\windows\Installer\51a98.msi
    + 2010-07-11 00:14 . 2010-07-11 00:14 2850816 c:\windows\Installer\43a2230.msp
    + 2009-11-09 04:25 . 2009-11-09 04:25 1935360 c:\windows\Installer\3b20fd.msp
    + 2010-02-21 05:03 . 2010-02-21 05:03 4472832 c:\windows\Installer\38169e.msp
    + 2010-02-04 21:24 . 2010-02-04 21:24 9122304 c:\windows\Installer\381687.msp
    + 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\381676.msp
    + 2010-02-21 05:00 . 2010-02-21 05:00 8480768 c:\windows\Installer\381665.msp
    - 2009-01-07 21:39 . 2009-12-15 23:01 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-01-07 21:39 . 2010-12-08 16:45 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    + 2010-09-16 08:08 . 2010-09-16 08:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
    + 2008-08-26 03:50 . 2008-08-26 03:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
    + 2008-11-10 07:41 . 2008-11-10 07:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
    + 2009-03-06 09:00 . 2009-03-06 09:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL
    + 2008-11-10 15:49 . 2008-11-10 15:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL
    + 2008-11-25 03:16 . 2008-11-25 03:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE
    + 2010-12-08 16:39 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
    + 2010-12-08 16:39 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
    + 2010-12-08 16:39 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 1168384 c:\windows\ie8\urlmon.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 3600896 c:\windows\ie8\mshtml.dll
    + 2010-12-08 14:34 . 2010-06-24 12:15 6067200 c:\windows\ie8\ieframe.dll
    + 2010-12-08 14:34 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
    + 2010-06-08 20:12 . 2010-03-11 12:38 1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 3599872 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
    + 2010-06-08 20:12 . 2010-03-11 12:38 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 1168384 c:\windows\ie7updates\KB980182-IE7\urlmon.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 3599360 c:\windows\ie7updates\KB980182-IE7\mshtml.dll
    + 2010-05-13 04:31 . 2010-01-05 10:00 6067200 c:\windows\ie7updates\KB980182-IE7\ieframe.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
    + 2010-01-21 20:00 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 1168384 c:\windows\ie7updates\KB2183461-IE7\urlmon.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 3600384 c:\windows\ie7updates\KB2183461-IE7\mshtml.dll
    + 2010-08-11 14:56 . 2010-05-04 17:20 6067200 c:\windows\ie7updates\KB2183461-IE7\ieframe.dll
    + 2008-12-29 18:12 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-12-29 18:12 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-12-29 18:12 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-12-29 18:12 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2010-12-08 16:44 . 2010-12-08 16:44 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_cda49320\System.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1dde0b76\System.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_81baca23\System.Xml.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_10e27831\System.Xml.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6a110c28\System.Windows.Forms.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_1d6081e0\System.Windows.Forms.dll
    + 2010-12-08 16:45 . 2010-12-08 16:45 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8539e4c3\System.Drawing.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f3c16af3\System.Design.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_187a97a5\System.Design.dll
    + 2010-12-08 16:45 . 2010-12-08 16:45 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bb8fc341\mscorlib.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_69529450\mscorlib.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\5904383f7c86f1374a14198872dfa7d8\UIAutomationClientsideProviders.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\9cf13572472dc2efe8f3b7c2ab6198d3\System.Windows.Forms.DataVisualization.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 1828352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\87e09dfbe3a44d6b00d3a5895f5a21a6\System.Web.Services.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\61a931da70f8078539a51cef3888d02d\System.Speech.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\eb9369fc9393d29afe51e45cb49aa4be\System.Printing.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5166bf93ac5239837c9c92b58d183ea6\System.DirectoryServices.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\90fd7fc9fbf5f4eed9135996b515a38a\System.Deployment.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1fdd0961d8d07ef4d1fcaf30f0050c0a\System.Data.SqlXml.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\685c7df1332a74aaa899f2bdb3beabc3\System.Data.Services.Client.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\87a713cee613d08ee04ae9483a9d4716\System.Data.Linq.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
    + 2010-12-08 17:35 . 2010-12-08 17:35 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\931ad0783c03deb967760d5c2387274a\System.Activities.ni.dll
    + 2010-12-08 17:35 . 2010-12-08 17:35 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a57e34a36f38a007aa24f1bd07a167ab\System.Activities.Presentation.ni.dll
    + 2010-12-08 17:35 . 2010-12-08 17:35 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\607df7a11c3334146664bc74130bc38f\System.Activities.Core.Presentation.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\42f0e1a4e3081c50503d74ebc0540a60\ReachFramework.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\15578874ee1464dc6a3545d4be842e59\PresentationUI.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 1137664 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e95f51d720705725942dda0017055464\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8ab3b63bade82c3522613f2b1240c0d\Microsoft.VisualBasic.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2eef2f34c0295f1fe5d6d4441f9e790b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2010-12-08 17:34 . 2010-12-08 17:34 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9952f66fc592ffc21b024803c8c955fd\Microsoft.Transactions.Bridge.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\08b2c2639708ab20748653185d6b67be\Microsoft.JScript.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\05503f37aef5261d80ccca19f8078679\Microsoft.CSharp.ni.dll
    + 2010-08-11 14:56 . 2010-08-11 14:56 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
    + 2010-08-11 14:56 . 2010-08-11 14:56 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
    + 2010-08-11 14:56 . 2010-08-11 14:56 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
    + 2010-12-08 16:48 . 2010-12-08 16:48 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
    + 2010-12-08 16:48 . 2010-12-08 16:48 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
    + 2010-12-08 17:32 . 2010-12-08 17:32 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\47a2229038c869951b36a1081a3c8768\System.Management.Automation.ni.dll
    + 2010-12-08 16:46 . 2010-12-08 16:46 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
    + 2010-08-11 14:56 . 2010-08-11 14:56 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
    + 2010-08-11 15:17 . 2010-08-11 15:17 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
    + 2010-08-11 14:58 . 2010-08-11 14:58 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
    + 2010-08-11 14:56 . 2010-08-11 14:56 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
    + 2010-12-08 17:28 . 2010-12-08 17:28 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\adca7827958ca8958a599d82143dce51\Microsoft.PowerShell.Commands.Utility.ni.dll
    + 2010-12-08 17:28 . 2010-12-08 17:28 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6408339c6991217900316808e44f5158\Microsoft.PowerShell.Editor.ni.dll
    + 2010-12-08 17:28 . 2010-12-08 17:28 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\27894b3ee67930492bb4925dc27c9e6b\Microsoft.PowerShell.GPowerShell.ni.dll
    + 2010-08-11 15:17 . 2010-08-11 15:17 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2010-08-11 15:16 . 2010-08-11 15:16 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
    + 2010-06-24 12:32 . 2010-06-24 12:32 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2010-12-08 16:43 . 2010-12-08 16:43 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
     
    Cliffhanger,
    #14
  16. 2010/12/09
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    ComboFix Log Part 6

    + 2010-12-08 16:43 . 2010-12-08 16:43 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2010-12-08 16:43 . 2010-12-08 16:43 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    - 2009-12-15 22:31 . 2009-12-15 22:31 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2010-06-08 20:18 . 2010-06-08 20:18 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2010-12-08 17:27 . 2010-12-08 17:27 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2010-06-24 12:32 . 2010-06-24 12:32 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2009-12-15 23:03 . 2009-12-15 23:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2010-06-24 12:32 . 2010-06-24 12:32 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2009-12-15 22:28 . 2009-12-15 22:28 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2010-12-08 16:42 . 2010-12-08 16:42 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    - 2009-12-15 20:46 . 2009-12-15 20:46 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    - 2009-12-15 20:46 . 2009-12-15 20:46 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2010-08-11 14:52 . 2009-10-23 15:28 3558912 c:\windows\$NtUninstallKB981997$\moviemk.exe
    + 2010-08-11 14:56 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
    + 2010-08-11 14:56 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrpamp.exe
    + 2010-08-11 14:56 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
    + 2010-08-11 14:56 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe
    + 2010-05-13 04:33 . 2009-08-04 15:13 2145280 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
    + 2010-05-13 04:33 . 2009-08-04 14:20 2023936 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
    + 2010-05-13 04:33 . 2009-08-04 14:20 2023936 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
    + 2010-05-13 04:33 . 2009-08-04 15:13 2145280 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
    + 2010-06-08 20:20 . 2009-08-14 13:21 1850624 c:\windows\$NtUninstallKB979559$\win32k.sys
    + 2010-06-08 20:18 . 2009-05-20 09:56 2458112 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
    + 2010-05-13 04:32 . 2009-07-10 13:27 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
    + 2010-06-08 20:18 . 2009-11-27 17:11 1291776 c:\windows\$NtUninstallKB975562$\quartz.dll
    + 2010-05-13 04:32 . 2008-04-14 12:00 3558912 c:\windows\$NtUninstallKB975561$\moviemk.exe
    + 2010-03-06 17:00 . 2009-06-03 19:09 1291264 c:\windows\$NtUninstallKB975560$\quartz.dll
    + 2010-08-02 19:19 . 2008-06-17 19:02 8461312 c:\windows\$NtUninstallKB2286198$\shell32.dll
    + 2010-08-11 14:54 . 2010-05-02 05:22 1851264 c:\windows\$NtUninstallKB2160329$\win32k.sys
    + 2010-08-11 14:55 . 2009-07-31 04:35 1172480 c:\windows\$NtUninstallKB2079403$\msxml3.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 1171968 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\urlmon.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 3603456 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
    + 2010-05-04 17:20 . 2010-05-04 17:20 6071296 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieframe.dll
    + 2010-06-08 17:10 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dat
    + 2010-08-10 22:00 . 2010-06-18 13:43 3558912 c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe
    + 2010-08-10 22:05 . 2010-04-27 13:50 2190080 c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
    + 2010-08-10 22:05 . 2010-04-27 13:14 2024448 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe
    + 2010-04-28 11:14 . 2010-04-28 11:14 2066944 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
    + 2010-08-10 22:05 . 2010-04-27 13:54 2146304 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe
    + 2010-03-11 11:49 . 2010-03-11 11:49 1171968 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\urlmon.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 3602944 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
    + 2010-03-11 11:49 . 2010-03-11 11:49 6070784 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieframe.dll
    + 2010-05-13 03:39 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieapfltr.dat
    + 2010-05-13 03:38 . 2010-02-16 12:52 2190080 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
    + 2010-05-13 03:38 . 2010-02-16 12:12 2024448 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
    + 2010-05-13 03:38 . 2010-02-16 12:12 2066944 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
    + 2010-05-13 03:38 . 2010-02-16 12:50 2146304 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
    + 2010-05-02 06:34 . 2010-05-02 06:34 1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
    + 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 1170944 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\urlmon.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 3602944 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
    + 2010-01-05 09:57 . 2010-01-05 09:57 6071296 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieframe.dll
    + 2010-01-21 19:59 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieapfltr.dat
    + 2010-02-05 18:29 . 2010-02-05 18:29 1291776 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
    + 2010-05-13 03:37 . 2009-10-23 14:53 3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
    + 2009-11-27 17:23 . 2009-11-27 17:23 1291776 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll
    + 2010-07-27 06:28 . 2010-07-27 06:28 8463360 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 1171968 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\urlmon.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 3603968 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mshtml.dll
    + 2010-06-24 12:16 . 2010-06-24 12:16 6071296 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieframe.dll
    + 2010-08-10 22:06 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieapfltr.dat
    + 2010-06-24 02:14 . 2010-06-24 02:14 1861120 c:\windows\$hf_mig$\KB2160329\SP3QFE\win32k.sys
    + 2010-06-14 07:39 . 2010-06-14 07:39 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll
    + 2010-12-08 17:27 . 2010-12-07 19:03 1564672 c:\windows\$968930Uinstall_KB968930$\system.management.automation.dll
    + 2008-04-25 16:16 . 2010-08-26 04:36 10841088 c:\windows\system32\wmp.dll
    - 2008-04-25 16:16 . 2009-07-14 04:43 10841088 c:\windows\system32\wmp.dll
    + 2009-01-07 21:05 . 2010-11-02 21:47 35758536 c:\windows\system32\MRT.exe
    + 2007-08-13 23:54 . 2010-09-10 05:58 11080192 c:\windows\system32\ieframe.dll
    + 2009-07-14 04:43 . 2010-08-26 04:36 10841088 c:\windows\system32\dllcache\wmp.dll
    - 2009-07-14 04:43 . 2009-07-14 04:43 10841088 c:\windows\system32\dllcache\wmp.dll
    + 2009-01-07 21:08 . 2010-09-10 05:58 11080192 c:\windows\system32\dllcache\ieframe.dll
    + 2010-04-02 23:29 . 2010-04-02 23:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
    + 2010-09-24 19:08 . 2010-09-24 19:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
    + 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\ba0ae.msp
    + 2010-04-02 16:30 . 2010-04-02 16:30 17456640 c:\windows\Installer\b1c6a9.msp
    + 2010-04-24 21:09 . 2010-04-24 21:09 11750912 c:\windows\Installer\b1c68c.msp
    + 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\b1c648.msp
    + 2010-04-24 21:07 . 2010-04-24 21:07 10118144 c:\windows\Installer\b1c62e.msp
    + 2010-12-08 17:27 . 2010-12-08 17:27 20303872 c:\windows\Installer\62bbf.msp
    + 2009-04-14 08:46 . 2009-04-14 08:46 15438848 c:\windows\Installer\62bb3.msp
    + 2009-04-14 09:21 . 2009-04-14 09:21 15303168 c:\windows\Installer\62bab.msp
    + 2009-04-14 09:56 . 2009-04-14 09:56 20498944 c:\windows\Installer\62ba3.msp
    + 2010-05-19 17:08 . 2010-05-19 17:08 11408896 c:\windows\Installer\43a223a.msp
    + 2010-07-11 00:06 . 2010-07-11 00:06 10120192 c:\windows\Installer\43a221f.msp
    + 2010-03-31 05:23 . 2010-03-31 05:23 15638528 c:\windows\Installer\3b2109.msp
    + 2010-03-22 20:03 . 2010-03-22 20:03 11732992 c:\windows\Installer\3816af.msp
    + 2009-04-03 23:46 . 2009-04-03 23:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSO.DLL
    + 2010-12-08 16:39 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
    + 2010-12-08 17:37 . 2010-12-08 17:37 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
    + 2010-12-08 17:36 . 2010-12-08 17:36 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\642a7b3d47828fb0070a55cfeb58f42b\System.Data.Entity.ni.dll
    + 2010-12-08 17:32 . 2010-12-08 17:32 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
    + 2010-12-08 17:31 . 2010-12-08 17:31 11057664 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
    + 2010-12-08 17:30 . 2010-12-08 17:30 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
    + 2010-12-08 16:47 . 2010-12-08 16:47 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\52ca772b93f517fc8fe53d0a240642b3\System.ServiceModel.ni.dll
    + 2010-12-08 16:44 . 2010-12-08 16:44 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
    + 2010-08-11 14:57 . 2010-08-11 14:57 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
    + 2010-08-11 14:56 . 2010-08-11 14:56 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-10 39408]
    "Raptr "= "c:\progra~1\Raptr\raptrstub.exe" [2010-11-19 52648]
    "ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "RTHDCPL "= "RTHDCPL.EXE" [2008-07-07 16862720]
    "PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "OEM13Mon.exe "= "c:\windows\OEM13Mon.exe" [2008-07-16 36864]
    "nwiz "= "nwiz.exe" [2008-07-07 1630208]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-07-07 86016]
    "NVHotkey "= "nvHotkey.dll" [2008-07-07 90112]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-07-07 13537280]
    "MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "DELL Webcam Manager "= "c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2008-05-07 1245184]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
    "Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
    "Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    c:\documents and settings\The Computer People\Start Menu\Programs\Startup\
    Kuma_Tray.lnk - c:\program files\History Channel Games\kgsystray\Kuma_tray.exe [2010-9-9 33472]
    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe "=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe "=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe "=
    "c:\\Program Files\\EA Games\\Mercenaries 2 World in Flames\\Mercenaries2.exe "=
    "c:\\Program Files\\Xfire\\Xfire.exe "=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
    "c:\\Documents and Settings\\The Computer People\\My Documents\\Downloads\\ZeroEN_2918_client.exe "=
    "c:\\Program Files\\REACTOR\\REACTOR.exe "=
    "c:\\Program Files\\REACTOR\\ijjiOptimizer.exe "=
    "c:\\Program Files\\Raptr\\raptr.exe "=
    "c:\\Program Files\\Raptr\\raptr_im.exe "=
    "c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57541:TCP "= 57541:TCP:pando Media Booster
    "57541:UDP "= 57541:UDP:pando Media Booster
    "5985:TCP "= 5985:TCP:*:Disabled:Windows Remote Management
    "1035:TCP "= 1035:TCP:Akamai NetSession Interface
    "5000:UDP "= 5000:UDP:Akamai NetSession Interface

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/15/2009 4:06 PM 114768]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/25/2008 11:16 AM 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/15/2009 4:06 PM 20560]
    R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [4/8/2010 3:46 PM 117288]
    R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [4/8/2010 3:46 PM 117288]
    R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [4/8/2010 3:46 PM 154152]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [12/10/2008 8:06 PM 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12/10/2008 8:06 PM 43608]
    R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [12/10/2008 8:06 PM 141376]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [12/10/2008 8:06 PM 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [12/10/2008 8:06 PM 235840]
    S1 bvrtscyj;bvrtscyj;\??\c:\windows\system32\drivers\bvrtscyj.sys --> c:\windows\system32\drivers\bvrtscyj.sys [?]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2010 8:23 PM 136176]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SavRoam;SAVRoam; "c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 01:22]

    2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 01:22]

    2010-12-10 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    FF - ProfilePath - c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\extensions\{D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6}\components\GSearch.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Extension: SC Screen Settings: {D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6} - c:\program files\Mozilla Firefox\extensions\{D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Extension: Multiple Tab Handler: multipletab@piro.sakura.ne.jp - c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\extensions\multipletab@piro.sakura.ne.jp
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: SC Screen Settings: {D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6} - c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\extensions\{D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{DD662A0C-12FE-4B38-BA53-247F7EC82F46} - (no file)
    HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe
    HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9f.exe
    SafeBoot-klmdb.sys



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-09 20:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-764989365-3839560729-1839707272-1005\Software\SecuROM\License information*]
    "datasecu "=hex:cf,81,ca,8f,4c,40,38,e8,d2,62,b0,e4,c1,bf,32,f7,69,de,d1,e5,4d,
    e0,0f,cb,23,34,70,53,e7,bb,be,a3,74,b0,cc,7e,7a,f7,cb,bc,71,5f,09,3f,5c,08,\
    "rkeysecu "=hex:05,32,3e,51,a4,74,5a,96,47,73,e5,9f,6c,86,69,21

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(948)
    c:\windows\System32\BCMLogon.dll

    - - - - - - - > 'explorer.exe'(1680)
    c:\windows\system32\WININET.dll
    c:\progra~1\Raptr\ltc_help.dll
    c:\program files\Xfire\xfire_toucan_43094.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Essentials\MsMpEng.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Synaptics\SynTP\SynToshiba.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\rundll32.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\windows\system32\SearchIndexer.exe
    c:\progra~1\Raptr\raptr.exe
    c:\progra~1\Raptr\raptr_im.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-09 20:38:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-10 01:38
    ComboFix2.txt 2009-12-16 19:49

    Pre-Run: 106,898,882,560 bytes free
    Post-Run: 106,940,198,912 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - BA4CB9FABD250ED50ED9AE88393D50D5
     
    Cliffhanger,
    #15
  17. 2010/12/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I need some clarification.
    I can see sign of FOUR antivirus programs:
    - Authentium AntiVirus5
    - Symantec AntiVirus Corporate Edition
    - Microsoft Security Essentials
    - avast!
    Which one is your current security program?
    You can run only ONE.
     
    broni,
    #16
  18. 2010/12/09
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    Microsoft Security Essentials is the only one that should be on there now. It looks like the friend had been trying multiple programs.
     
    Cliffhanger,
    #17
  19. 2010/12/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\drivers\aswFsBlk.sys
c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe
c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe
c:\windows\system32\drivers\bvrtscyj.sys
c:\windows\system32\drivers\SBREdrv.sys


Folder::
c:\program files\Symantec AntiVirus


Driver::
aswSP
aswFsBlk
vseamps
vsedsps
vseqrts
bvrtscyj
SBRE
SavRoam

DDS::
uInternet Settings,ProxyOverride = <local>


Registry::

SecCenter::
{7591DB91-41F0-48A3-B128-1A293FD8233D}
{FB06448E-52B8-493A-90F3-E43226D3305C}

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #18
  20. 2010/12/09
    Cliffhanger

    Cliffhanger Inactive Thread Starter

    Joined:
    2010/12/08
    Messages:
    26
    Likes Received:
    0
    ComboFix Log

    ComboFix 10-12-08.04 - The Computer People 12/09/2010 23:01:38.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1393 [GMT -5:00]
    Running from: c:\documents and settings\The Computer People\Desktop\Clean\ComboFix.exe
    Command switches used :: c:\documents and settings\The Computer People\Desktop\Clean\CFScript.txt
    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    FILE ::
    "c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe "
    "c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe "
    "c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe "
    "c:\windows\system32\drivers\aswFsBlk.sys "
    "c:\windows\system32\drivers\aswSP.sys "
    "c:\windows\system32\drivers\bvrtscyj.sys "
    "c:\windows\system32\drivers\SBREdrv.sys "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe
    c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ASWFSBLK
    -------\Legacy_ASWSP
    -------\Legacy_SBRE
    -------\Legacy_VSEAMPS
    -------\Legacy_VSEDSPS
    -------\Legacy_VSEQRTS
    -------\Service_bvrtscyj
    -------\Service_SavRoam
    -------\Service_SBRE
    -------\Service_vseamps
    -------\Service_vsedsps
    -------\Service_vseqrts


    ((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
    .

    2010-12-10 04:07 . 2010-12-10 04:07 1893 ----a-w- c:\windows\bcmwltrytmp.reg
    2010-12-10 02:11 . 2010-11-16 17:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1266F187-61E1-4917-B22D-20907CAD2674}\mpengine.dll
    2010-12-08 17:32 . 2010-11-16 17:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-08 17:27 . 2010-12-08 17:27 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-12-08 17:27 . 2010-12-08 17:27 -------- d-----w- c:\windows\system32\winrm
    2010-12-08 17:27 . 2010-12-08 17:27 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2010-12-08 17:25 . 2010-12-08 17:25 -------- d-----w- c:\program files\Common Files\Windows Live
    2010-12-08 17:24 . 2010-12-08 17:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-12-08 17:24 . 2010-12-08 17:27 -------- d-----w- c:\program files\Windows Desktop Search
    2010-12-08 17:24 . 2010-12-08 17:24 -------- d-----w- c:\windows\system32\GroupPolicy
    2010-12-08 17:23 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2010-12-08 17:23 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2010-12-08 17:23 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2010-12-08 16:37 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-12-08 16:33 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
    2010-12-08 16:33 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-12-08 16:33 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-12-08 16:32 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-12-08 16:32 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-12-08 16:32 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-12-08 16:32 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-12-08 14:40 . 2010-12-08 14:40 -------- d-sh--w- c:\documents and settings\The Computer People\IECompatCache
    2010-12-08 14:40 . 2010-12-08 14:40 -------- d-sh--w- c:\documents and settings\The Computer People\PrivacIE
    2010-12-08 14:37 . 2010-12-08 14:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-12-08 14:37 . 2010-12-08 14:37 -------- d-sh--w- c:\documents and settings\The Computer People\IETldCache
    2010-12-08 14:34 . 2010-12-08 14:35 -------- dc-h--w- c:\windows\ie8
    2010-12-08 12:46 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-08 12:46 . 2010-12-08 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-08 12:46 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-07 19:32 . 2010-12-07 19:32 -------- d-----w- c:\program files\Common Files\Adobe
    2010-12-07 19:30 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-07 19:30 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-07 19:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-07 19:04 . 2010-12-07 19:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
    2010-12-07 17:57 . 2010-12-07 17:58 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-12-07 14:51 . 2010-12-07 14:51 -------- d-----w- c:\windows\system32\%APPDATA%
    2010-12-07 12:55 . 2010-12-07 21:09 -------- d-----w- c:\program files\Windows Live Safety Center

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-08 16:26 . 2008-04-25 16:16 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2010-09-18 17:23 . 2008-04-25 16:16 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2008-04-25 16:16 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2008-04-25 16:16 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2008-04-25 16:16 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-15 07:29 . 2008-12-10 23:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .

    ((((((((((((((((((((((((((((( SnapShot_2010-12-10_01.33.47 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-10 04:07 . 2010-12-10 04:07 16384 c:\windows\Temp\Perflib_Perfdata_aec.dat
    + 2010-12-10 04:07 . 2010-12-10 04:07 16384 c:\windows\Temp\Perflib_Perfdata_9c4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-10 39408]
    "Raptr "= "c:\progra~1\Raptr\raptrstub.exe" [2010-11-19 52648]
    "ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "RTHDCPL "= "RTHDCPL.EXE" [2008-07-07 16862720]
    "PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "OEM13Mon.exe "= "c:\windows\OEM13Mon.exe" [2008-07-16 36864]
    "nwiz "= "nwiz.exe" [2008-07-07 1630208]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-07-07 86016]
    "NVHotkey "= "nvHotkey.dll" [2008-07-07 90112]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-07-07 13537280]
    "MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "DELL Webcam Manager "= "c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2008-05-07 1245184]
    "Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
    "Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    c:\documents and settings\The Computer People\Start Menu\Programs\Startup\
    Kuma_Tray.lnk - c:\program files\History Channel Games\kgsystray\Kuma_tray.exe [2010-9-9 33472]
    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe "=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe "=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe "=
    "c:\\Program Files\\EA Games\\Mercenaries 2 World in Flames\\Mercenaries2.exe "=
    "c:\\Program Files\\Xfire\\Xfire.exe "=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
    "c:\\Documents and Settings\\The Computer People\\My Documents\\Downloads\\ZeroEN_2918_client.exe "=
    "c:\\Program Files\\REACTOR\\REACTOR.exe "=
    "c:\\Program Files\\REACTOR\\ijjiOptimizer.exe "=
    "c:\\Program Files\\Raptr\\raptr.exe "=
    "c:\\Program Files\\Raptr\\raptr_im.exe "=
    "c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57541:TCP "= 57541:TCP:pando Media Booster
    "57541:UDP "= 57541:UDP:pando Media Booster
    "5985:TCP "= 5985:TCP:*:Disabled:Windows Remote Management
    "1040:TCP "= 1040:TCP:Akamai NetSession Interface
    "5000:UDP "= 5000:UDP:Akamai NetSession Interface

    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/25/2008 11:16 AM 14336]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [12/10/2008 8:06 PM 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12/10/2008 8:06 PM 43608]
    R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [12/10/2008 8:06 PM 141376]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [12/10/2008 8:06 PM 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [12/10/2008 8:06 PM 235840]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2010 8:23 PM 136176]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 01:22]

    2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 01:22]

    2010-12-10 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    FF - ProfilePath - c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\extensions\{D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6}\components\GSearch.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Extension: SC Screen Settings: {D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6} - c:\program files\Mozilla Firefox\extensions\{D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Extension: Multiple Tab Handler: multipletab@piro.sakura.ne.jp - c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\extensions\multipletab@piro.sakura.ne.jp
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: SC Screen Settings: {D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6} - c:\documents and settings\The Computer People\Application Data\Mozilla\Firefox\Profiles\j1vz90w5.default\extensions\{D1F30069-9E00-468c-8CB6-3FB6C4ECE8C6}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-09 23:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-764989365-3839560729-1839707272-1005\Software\SecuROM\License information*]
    "datasecu "=hex:cf,81,ca,8f,4c,40,38,e8,d2,62,b0,e4,c1,bf,32,f7,69,de,d1,e5,4d,
    e0,0f,cb,23,34,70,53,e7,bb,be,a3,74,b0,cc,7e,7a,f7,cb,bc,71,5f,09,3f,5c,08,\
    "rkeysecu "=hex:05,32,3e,51,a4,74,5a,96,47,73,e5,9f,6c,86,69,21

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(948)
    c:\windows\System32\BCMLogon.dll

    - - - - - - - > 'explorer.exe'(4076)
    c:\windows\system32\WININET.dll
    c:\progra~1\Raptr\ltc_help.dll
    c:\program files\Xfire\xfire_toucan_43094.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Essentials\MsMpEng.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\rundll32.exe
    c:\program files\Synaptics\SynTP\SynToshiba.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\Raptr\raptr.exe
    c:\progra~1\Raptr\raptr_im.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-09 23:10:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-10 04:10
    ComboFix2.txt 2010-12-10 01:38
    ComboFix3.txt 2009-12-16 19:49

    Pre-Run: 106,889,060,352 bytes free
    Post-Run: 106,916,610,048 bytes free

    - - End Of File - - AC5A87FB29FFDE5320354C8A76BA340D
     
    Cliffhanger,
    #19
  21. 2010/12/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    My instructions say to run Combofix from a desktop. Please, move the file to proper location.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\bcmwltrytmp.reg

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...