1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infected with XP Antispyware 2012

Discussion in 'Virus & Other Malware Removal' started by chrisd84, Dec 27, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Hello

    I am running Windows XP and recently got infected with XP Antispyware 2012. After searching on the internet on a seperate machine i found a fix to disable it (a registry file to replace the parts that it changes and then use rkill to disable it's process), which seemed to do the trick.

    I was then able to scan with Malwarebytes (which i couldn't do before as it was being blocked) and it removed a number of items.

    The program now seems to have been removed and i have had no more signs of infection (a second scan with Malwarebytes after a reboot came up clean), however i have now noticed that Windows Security Centre refuses to acknowledge that Automatic Updatess are enabled and when i ask it to enable them it gives me an error message.

    I also cannot update MSE since this has happened and i was wondering if this means that the infection is still there in some way?

    Here is my Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:19:46, on 27/12/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    E:\Program Files\mIRC\mirc.exe
    C:\Documents and Settings\Chris D\Desktop\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O1 - Hosts: ::1 localhost
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1219497467249
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1219501125062
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 6030 bytes


    Here is my DDS file:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
    Run by Chris D at 13:58:11 on 2011-12-27
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1184 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    E:\Program Files\mIRC\mirc.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Page =
    uSearch Bar =
    mSearchAssistant =
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219497467249
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219501125062
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{B3C919E5-78E6-4409-A192-1179F607064D} : DhcpNameServer = 194.168.4.100 194.168.8.100
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\chris d\application data\mozilla\firefox\profiles\c5sq3hhr.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - plugin: c:\documents and settings\chris d\application data\mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: e:\program files\veetle\player\npvlc.dll
    FF - plugin: e:\program files\veetle\plugins\npVeetle.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKslc16f16f7;MpKslc16f16f7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{35910e17-a417-4bdd-9411-20724d8c8c20}\MpKslc16f16f7.sys [2011-12-27 29904]
    R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2001-8-18 14336]
    R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2008-9-7 15840]
    R3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2001-10-17 25434]
    S1 MpKsl036c2565;MpKsl036c2565;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b52b9af-1fa4-407c-ab1b-b818fd458fcf}\mpksl036c2565.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b52b9af-1fa4-407c-ab1b-b818fd458fcf}\MpKsl036c2565.sys [?]
    S1 MpKsl05b076a2;MpKsl05b076a2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85f99cdd-41ee-4ff2-8e2b-eefaebdbfb08}\mpksl05b076a2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85f99cdd-41ee-4ff2-8e2b-eefaebdbfb08}\MpKsl05b076a2.sys [?]
    S1 MpKsl0d8299f6;MpKsl0d8299f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7178e862-02c5-4809-b18c-3c03df864e0d}\mpksl0d8299f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7178e862-02c5-4809-b18c-3c03df864e0d}\MpKsl0d8299f6.sys [?]
    S1 MpKsl16badeac;MpKsl16badeac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b728e6a-ac1b-43df-9510-e6e6ad07803b}\mpksl16badeac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b728e6a-ac1b-43df-9510-e6e6ad07803b}\MpKsl16badeac.sys [?]
    S1 MpKsl1e709664;MpKsl1e709664;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd6b9d7b-0dd8-40e3-a3f7-765ebcb39be4}\mpksl1e709664.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd6b9d7b-0dd8-40e3-a3f7-765ebcb39be4}\MpKsl1e709664.sys [?]
    S1 MpKsl1f9017e8;MpKsl1f9017e8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0cfc333-9704-4fe6-ab05-8a51753b2e3e}\mpksl1f9017e8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0cfc333-9704-4fe6-ab05-8a51753b2e3e}\MpKsl1f9017e8.sys [?]
    S1 MpKsl24942348;MpKsl24942348;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aaeb47ec-45ea-4ac1-b9d1-d40da994b16d}\mpksl24942348.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aaeb47ec-45ea-4ac1-b9d1-d40da994b16d}\MpKsl24942348.sys [?]
    S1 MpKsl258bd036;MpKsl258bd036;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43b7bdb3-ee63-4427-a1d0-4e85cae93b25}\mpksl258bd036.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43b7bdb3-ee63-4427-a1d0-4e85cae93b25}\MpKsl258bd036.sys [?]
    S1 MpKsl27835042;MpKsl27835042;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5a77e819-0ca3-4931-ba0a-8cbad246fe24}\mpksl27835042.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5a77e819-0ca3-4931-ba0a-8cbad246fe24}\MpKsl27835042.sys [?]
    S1 MpKsl28372e9f;MpKsl28372e9f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5a77e819-0ca3-4931-ba0a-8cbad246fe24}\mpksl28372e9f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5a77e819-0ca3-4931-ba0a-8cbad246fe24}\MpKsl28372e9f.sys [?]
    S1 MpKsl2899d2fa;MpKsl2899d2fa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69ff1c1f-1f46-4678-b7f7-bb0e66c06c15}\mpksl2899d2fa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69ff1c1f-1f46-4678-b7f7-bb0e66c06c15}\MpKsl2899d2fa.sys [?]
    S1 MpKsl2db3c03f;MpKsl2db3c03f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b52b9af-1fa4-407c-ab1b-b818fd458fcf}\mpksl2db3c03f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b52b9af-1fa4-407c-ab1b-b818fd458fcf}\MpKsl2db3c03f.sys [?]
    S1 MpKsl34645a55;MpKsl34645a55;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{354defed-4d51-4f72-b690-87d7de7f43fb}\mpksl34645a55.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{354defed-4d51-4f72-b690-87d7de7f43fb}\MpKsl34645a55.sys [?]
    S1 MpKsl36f44a04;MpKsl36f44a04;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f1ac3b84-f07e-4591-b539-ce9322c238d3}\mpksl36f44a04.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f1ac3b84-f07e-4591-b539-ce9322c238d3}\MpKsl36f44a04.sys [?]
    S1 MpKsl373fccdd;MpKsl373fccdd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{792ab78c-693b-466d-9702-7c3a4b8b343a}\mpksl373fccdd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{792ab78c-693b-466d-9702-7c3a4b8b343a}\MpKsl373fccdd.sys [?]
    S1 MpKsl38c78964;MpKsl38c78964;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97d3c096-0e80-4e21-b37a-51abad2c5738}\mpksl38c78964.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97d3c096-0e80-4e21-b37a-51abad2c5738}\MpKsl38c78964.sys [?]
    S1 MpKsl49762b82;MpKsl49762b82;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca8a9f7a-fb6f-425f-a0ff-c40abb5ea83f}\mpksl49762b82.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca8a9f7a-fb6f-425f-a0ff-c40abb5ea83f}\MpKsl49762b82.sys [?]
    S1 MpKsl4b4e59df;MpKsl4b4e59df;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f29e3938-41b3-43d8-b927-47c43a3de6a2}\mpksl4b4e59df.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f29e3938-41b3-43d8-b927-47c43a3de6a2}\MpKsl4b4e59df.sys [?]
    S1 MpKsl58b77e92;MpKsl58b77e92;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{792ab78c-693b-466d-9702-7c3a4b8b343a}\mpksl58b77e92.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{792ab78c-693b-466d-9702-7c3a4b8b343a}\MpKsl58b77e92.sys [?]
    S1 MpKsl63a08653;MpKsl63a08653;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{de82be43-93a4-4bd9-9e57-d33c5e2553c1}\mpksl63a08653.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{de82be43-93a4-4bd9-9e57-d33c5e2553c1}\MpKsl63a08653.sys [?]
    S1 MpKsl63cd9e10;MpKsl63cd9e10;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34d80b00-dc4d-4868-aaa8-15f1094fcfb0}\mpksl63cd9e10.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34d80b00-dc4d-4868-aaa8-15f1094fcfb0}\MpKsl63cd9e10.sys [?]
    S1 MpKsl63cfaae6;MpKsl63cfaae6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34d80b00-dc4d-4868-aaa8-15f1094fcfb0}\mpksl63cfaae6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34d80b00-dc4d-4868-aaa8-15f1094fcfb0}\MpKsl63cfaae6.sys [?]
    S1 MpKsl6b9df2e1;MpKsl6b9df2e1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8d666066-6d45-4c3c-99ca-03cb72c6ee04}\mpksl6b9df2e1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8d666066-6d45-4c3c-99ca-03cb72c6ee04}\MpKsl6b9df2e1.sys [?]
    S1 MpKsl6c429d7c;MpKsl6c429d7c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9777e190-8324-48b7-9053-b87e14ec1458}\mpksl6c429d7c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9777e190-8324-48b7-9053-b87e14ec1458}\MpKsl6c429d7c.sys [?]
    S1 MpKsl732cd9d4;MpKsl732cd9d4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{01bc2730-7f1d-4815-92f5-9f3700cfe19d}\mpksl732cd9d4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{01bc2730-7f1d-4815-92f5-9f3700cfe19d}\MpKsl732cd9d4.sys [?]
    S1 MpKsl77c3f789;MpKsl77c3f789;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{258b8d65-e378-447d-b5de-f325a984b73a}\mpksl77c3f789.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{258b8d65-e378-447d-b5de-f325a984b73a}\MpKsl77c3f789.sys [?]
    S1 MpKsl7beb759a;MpKsl7beb759a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b728e6a-ac1b-43df-9510-e6e6ad07803b}\mpksl7beb759a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b728e6a-ac1b-43df-9510-e6e6ad07803b}\MpKsl7beb759a.sys [?]
    S1 MpKsl802482d3;MpKsl802482d3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e228c357-46ad-4d22-acd4-26cccf711c67}\mpksl802482d3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e228c357-46ad-4d22-acd4-26cccf711c67}\MpKsl802482d3.sys [?]
    S1 MpKsl8b7dff6e;MpKsl8b7dff6e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca3509e9-fc96-435b-9793-62ebec62a26f}\mpksl8b7dff6e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca3509e9-fc96-435b-9793-62ebec62a26f}\MpKsl8b7dff6e.sys [?]
    S1 MpKsl94792380;MpKsl94792380;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe7ccf6f-0c99-4580-ab02-b569bf0ce8c7}\mpksl94792380.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe7ccf6f-0c99-4580-ab02-b569bf0ce8c7}\MpKsl94792380.sys [?]
    S1 MpKsl9802dca1;MpKsl9802dca1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38c95720-cd8e-421d-9c09-3138ca51d389}\mpksl9802dca1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38c95720-cd8e-421d-9c09-3138ca51d389}\MpKsl9802dca1.sys [?]
    S1 MpKsl9c2238d1;MpKsl9c2238d1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d3ccb93d-e909-42e4-bd84-3d2af4da05b1}\mpksl9c2238d1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d3ccb93d-e909-42e4-bd84-3d2af4da05b1}\MpKsl9c2238d1.sys [?]
    S1 MpKsl9d613a86;MpKsl9d613a86;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d0841f7-751d-4b40-8764-f8ab11bdd964}\mpksl9d613a86.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d0841f7-751d-4b40-8764-f8ab11bdd964}\MpKsl9d613a86.sys [?]
    S1 MpKsla02d5336;MpKsla02d5336;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a713489-a6fa-48e4-9532-24d51b8d0a70}\mpksla02d5336.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a713489-a6fa-48e4-9532-24d51b8d0a70}\MpKsla02d5336.sys [?]
    S1 MpKslacaa21b2;MpKslacaa21b2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5fba860-0f28-40b4-938e-2f3fa211f505}\mpkslacaa21b2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5fba860-0f28-40b4-938e-2f3fa211f505}\MpKslacaa21b2.sys [?]
    S1 MpKslb1ea6c1a;MpKslb1ea6c1a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{889da881-d341-4ff1-a979-357a130fc56b}\mpkslb1ea6c1a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{889da881-d341-4ff1-a979-357a130fc56b}\MpKslb1ea6c1a.sys [?]
    S1 MpKslb2b76e91;MpKslb2b76e91;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b672fb5-11db-4563-920c-04f6286bf204}\mpkslb2b76e91.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b672fb5-11db-4563-920c-04f6286bf204}\MpKslb2b76e91.sys [?]
    S1 MpKslb633aa31;MpKslb633aa31;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e583f16f-1c7d-41b3-88dd-b02b947a809a}\mpkslb633aa31.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e583f16f-1c7d-41b3-88dd-b02b947a809a}\MpKslb633aa31.sys [?]
    S1 MpKslcd47f99f;MpKslcd47f99f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7178e862-02c5-4809-b18c-3c03df864e0d}\mpkslcd47f99f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7178e862-02c5-4809-b18c-3c03df864e0d}\MpKslcd47f99f.sys [?]
    S1 MpKsld54c0514;MpKsld54c0514;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9e5b5ad5-dc0c-42de-8056-31e90f498731}\mpksld54c0514.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9e5b5ad5-dc0c-42de-8056-31e90f498731}\MpKsld54c0514.sys [?]
    S1 MpKsld925b148;MpKsld925b148;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd6b9d7b-0dd8-40e3-a3f7-765ebcb39be4}\mpksld925b148.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd6b9d7b-0dd8-40e3-a3f7-765ebcb39be4}\MpKsld925b148.sys [?]
    S1 MpKslf7f80324;MpKslf7f80324;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7bf27fe7-eaec-4023-98e0-9cb931391ecd}\mpkslf7f80324.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7bf27fe7-eaec-4023-98e0-9cb931391ecd}\MpKslf7f80324.sys [?]
    S1 MpKslfc3ca6a1;MpKslfc3ca6a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5edc8aad-c2a1-4055-ae4d-f56a71082987}\mpkslfc3ca6a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5edc8aad-c2a1-4055-ae4d-f56a71082987}\MpKslfc3ca6a1.sys [?]
    S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-27 11:43:01 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{35910e17-a417-4bdd-9411-20724d8c8c20}\MpKslc16f16f7.sys
    2011-12-27 11:42:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{35910e17-a417-4bdd-9411-20724d8c8c20}\offreg.dll
    2011-12-26 14:55:37 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{35910e17-a417-4bdd-9411-20724d8c8c20}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2011-12-25 01:28:55 233880 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-12-25 01:28:55 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-12-24 01:45:28 233880 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-11-27 11:35:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-10 05:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 03:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22 186880 ------w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    ============= FINISH: 13:59:05.59 ===============


    I have attached my attach.txt file to this post.

    Below is my ark.txt file:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-27 14:02:43
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDT722516DLAT80 rev.V43OA96A
    Running: vn3p8qm7.exe; Driver: C:\DOCUME~1\CHRISD~1\LOCALS~1\Temp\kxtdqpod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    I hope that is everything that is required.

    Any help you can offer would be greatly appreciated :)
     

    Attached Files:

  2. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Just wanted to bump this back up.

    I haven't noticed any further issues since posting but i still cannot enable automatic updates or update MSE.

    Thanks for any help :)
     
  3. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Bump

    Does anyone have any idea why this may be happening?

    Thanks :)
     
  4. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Sorry to bump this up again but if anyone has an idea about this then the help would be appreciated.

    Thanks :)
     
  5. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Hello again, is anyone able to offer any advice on this?

    I am still currently unable to enable automatic updates or update MSE (my virus definitions are now more than a month out of date).

    Thanks :)
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Disable teatimer and leave off for now.
    1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident
    2. Run Spybot S&D
    3. Go to the Mode menu, and make sure Advanced Mode is selected.
    4. On the left hand side, choose Tools > Resident
    uncheck Resident TeaTimer and OK any prompt and Restart your computer.

    Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    Next,

    You have two AV programs, AVG and MSE, that is not good. Uninstall AVG at earliest convenience. Use this tool:

    Download AppRemover and save to your Desktop.

    Double click the [​IMG] icon to run the application. Vista or Windows 7 user right click and select “Run as Administrator”

    Click Next >>

    [​IMG]

    Ensure "Remove Security Application" is selected and click Next >>

    [​IMG]

    AppRemover will scan all the security applications on your PC

    [​IMG]

    Select Any AVG entries from the applications offered and click Next >> twice.

    [​IMG]

    Follow any further on-screen instructions. If asked to reboot, please do so.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  7. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Hello, thanks a lot for your reply.

    I looked at the options in Spybot S&D and the Teatimer was not enabled (i don't think i've ever used it).

    I did used to have AVG installed but i removed it in favour of using MSE (i used the AVG removal tool to uninstall it). AppRemover didn't find AVG installed.

    I ran combofix as you asked and here is the log it created:

    ComboFix 12-02-19.02 - Chris D 19/02/2012 19:07:05.6.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1559 [GMT 0:00]
    Running from: c:\documents and settings\Chris D\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Chris D\Application Data\Toolbar4
    c:\documents and settings\Gemma\Application Data\.#
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@3841E8.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384218.###
    c:\documents and settings\Gemma\Application Data\.#\[email protected]@384248.###
    c:\windows\system32\SET139.tmp
    c:\windows\system32\SET22.tmp
    c:\windows\system32\SET23.tmp
    c:\windows\system32\SET25.tmp
    c:\windows\system32\SET26.tmp
    c:\windows\system32\SET27.tmp
    c:\windows\system32\SET2A.tmp
    c:\windows\system32\SET2C.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-19 18:38 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12D502B5-42EC-4915-9E13-FB4EB9D0BA12}\mpengine.dll
    2012-02-18 23:36 . 2012-02-18 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-06 04:19 . 2011-01-30 10:01 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-27 11:35 . 2011-05-18 16:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25 . 2001-08-18 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
    "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\Gemma\Start Menu\Programs\Startup\
    Wallpapers from MSN.lnk - c:\documents and settings\Gemma\Application Data\Microsoft\Installer\{5C1178ED-7A1D-4EA6-A78D-FE526091DC4B}\_AD40422860A612C0AA07CA.exe [2008-10-27 134278]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
    2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
    2008-07-11 17:51 423200 -c--a-w- e:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2004-05-12 15:18 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2004-02-12 13:38 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2004-04-06 10:28 172032 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
    2004-06-07 04:42 659456 -c--a-w- c:\windows\system32\hphmon06.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
    2004-06-07 04:53 49152 -c--a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 11:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
    2009-01-08 13:44 70936 ----a-w- c:\documents and settings\Chris D\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "e:\\Program Files\\mIRC\\mirc.exe"=
    "e:\\Program Files\\Azureus2\\Azureus.exe"=
    "e:\\Program Files\\SopCast\\SopCast.exe"=
    "e:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
    "e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Documents and Settings\\Chris D\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "e:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "e:\\Program Files\\Opera 11\\opera.exe"=
    "e:\\Program Files\\Azureus2011\\Azureus.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:*:Disabled:peer Name Resolution Protocol (PNRP)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [18/08/2001 12:00 14336]
    R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [07/09/2008 00:57 15840]
    R3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;c:\windows\system32\drivers\DLKRTS.SYS [17/10/2001 19:59 25434]
    S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-19 c:\windows\Tasks\HP Usg Daily.job
    - c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 04:53]
    .
    2012-02-19 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    FF - ProfilePath - c:\documents and settings\Chris D\Application Data\Mozilla\Firefox\Profiles\c5sq3hhr.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-19 19:13
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,d9,98,9f,c1,61,1c,42,bf,a5,e5,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,d9,98,9f,c1,61,1c,42,bf,a5,e5,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\09\05\10\13($O"
    .
    Completion time: 2012-02-19 19:19:27
    ComboFix-quarantined-files.txt 2012-02-19 19:19
    ComboFix2.txt 2011-02-02 13:03
    .
    Pre-Run: 1,151,090,688 bytes free
    Post-Run: 1,616,277,504 bytes free
    .
    - - End Of File - - 1B5BA59C2D1797E7F4B2F997C0A68EB1

    Thanks again for your help :)

    Edit: I should also say that after running combofix, MSE has updated and automatic updates have been enabled, so unless you see anything else, i think the problem may be sorted.
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Thanks for the log, do the foloowing:

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    ClearJavaCache::
    SecCenter::
    AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
    "AllowInboundEchoRequest"=-
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,d9,98,9f,c1,61,1c,42,bf,a5,e5, \
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,d9,98,9f,c1,61,1c,42,bf,a5,e5, \
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\09\05\10\13($O"
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 3

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Let me see the following :-

    • Log from Combofix
    • Log from Malwarebytes
    • Log from Security Check
    • Update on current issues/concerns

    Kevin
     
  9. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Hello, sorry for the late reply.

    Here is the ComboFix log you asked for:

    ComboFix 12-02-19.02 - Chris D 21/02/2012 18:42:34.7.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1543 [GMT 0:00]
    Running from: c:\documents and settings\Chris D\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Chris D\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-21 18:30 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{233D382F-CEA2-4BD0-BFC3-8DDA6F958CDC}\mpengine.dll
    2012-02-19 19:28 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-19 19:28 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-18 23:36 . 2012-02-18 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-31 12:44 . 2011-01-30 01:04 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-12 16:53 . 2001-08-18 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
    2012-01-06 04:19 . 2011-01-30 10:01 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-12-17 19:46 . 2001-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46 . 2001-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46 . 2001-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-27 11:35 . 2011-05-18 16:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-25 21:57 . 2001-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_19.13.33 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-21 18:49 . 2012-02-21 18:49 16384 c:\windows\temp\Perflib_Perfdata_e8.dat
    + 2012-02-21 18:49 . 2012-02-21 18:49 16384 c:\windows\temp\Perflib_Perfdata_7dc.dat
    + 2001-08-18 12:00 . 2012-02-20 00:00 79214 c:\windows\system32\perfc009.dat
    + 2001-08-18 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
    - 2001-08-18 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
    + 2001-08-18 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
    - 2007-08-13 17:54 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
    + 2007-08-13 17:54 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
    - 2001-08-18 12:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
    + 2001-08-18 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
    - 2001-08-18 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
    + 2001-08-18 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
    - 2009-06-09 17:45 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2009-06-09 17:45 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2001-08-18 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
    + 2007-08-13 17:54 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2007-08-13 17:54 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2008-08-23 15:04 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-08-23 15:04 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2001-08-18 12:00 . 2008-04-14 00:11 23040 c:\windows\system32\dllcache\mciseq.dll
    + 2001-08-18 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
    - 2001-08-18 12:00 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2001-08-18 12:00 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2007-08-13 17:54 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2007-08-13 17:54 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2011-12-25 03:49 . 2011-12-25 03:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    - 2011-07-08 13:00 . 2011-07-08 13:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2011-12-25 11:07 . 2011-12-25 11:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    - 2011-07-07 11:04 . 2011-07-07 11:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2011-12-24 22:55 . 2011-12-24 22:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2011-07-07 11:04 . 2011-07-07 11:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2011-12-24 22:55 . 2011-12-24 22:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2011-12-24 22:55 . 2011-12-24 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2011-07-07 11:03 . 2011-07-07 11:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2011-07-07 12:09 . 2011-07-07 12:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2011-12-24 23:49 . 2011-12-24 23:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2011-12-24 23:49 . 2011-12-24 23:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    - 2011-07-07 12:09 . 2011-07-07 12:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6c64c8d3\System.Drawing.Design.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_317011f5\CustomMarshalers.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-02-20 18:02 . 2012-02-20 18:02 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 59904 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.QTOContro#\bd7163ff491dd3bb17c18b1d4e969619\AxInterop.QTOControlLib.ni.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-10-13 22:15 . 2011-10-13 22:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-02-19 23:49 . 2012-02-19 23:49 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-10-13 22:08 . 2011-10-13 22:08 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-10-13 22:15 . 2011-10-13 22:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2001-08-18 12:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
    - 2001-08-18 12:00 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
    + 2008-08-23 13:20 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
    - 2008-08-23 13:20 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
    + 2001-08-18 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
    - 2001-08-18 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
    + 2001-08-18 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
    + 2001-08-18 12:00 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
    - 2001-08-18 12:00 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
    + 2001-08-18 12:00 . 2012-02-20 00:00 463938 c:\windows\system32\perfh009.dat
    - 2001-08-18 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
    + 2001-08-18 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
    - 2001-08-18 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
    + 2001-08-18 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
    + 2007-08-13 17:54 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
    - 2007-08-13 17:54 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
    + 2001-08-18 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
    - 2001-08-18 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
    + 2001-08-18 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
    - 2001-08-18 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
    + 2001-08-18 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
    - 2001-08-18 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
    + 2008-08-23 12:45 . 2012-02-20 18:00 116560 c:\windows\system32\FNTCACHE.DAT
    - 2008-08-23 12:45 . 2011-12-17 21:00 116560 c:\windows\system32\FNTCACHE.DAT
    - 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
    - 2007-08-13 17:54 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
    + 2007-08-13 17:54 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
    - 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2007-08-13 17:44 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
    - 2007-08-13 17:44 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
    + 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
    + 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
    - 2007-08-13 17:44 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
    + 2007-08-13 17:44 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
    + 2007-08-13 17:54 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
    - 2007-08-13 17:54 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
    + 2008-08-23 15:04 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
    - 2008-08-23 15:04 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
    - 2009-06-09 17:45 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2009-06-09 17:45 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2007-08-13 17:54 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2007-08-13 17:54 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2010-06-11 16:35 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2010-06-11 16:35 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2007-08-13 17:39 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2007-08-13 17:39 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2007-08-13 17:39 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
    - 2007-08-13 17:39 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2011-12-25 03:49 . 2011-12-25 03:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2011-12-24 22:55 . 2011-12-24 22:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2011-07-07 11:04 . 2011-07-07 11:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2011-12-24 22:53 . 2011-12-24 22:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2011-07-07 11:01 . 2011-07-07 11:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2011-12-24 23:49 . 2011-12-24 23:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2011-07-07 12:09 . 2011-07-07 12:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2011-12-25 05:40 . 2011-12-25 05:40 819200 c:\windows\Installer\eea2a1.msp
    + 2012-02-19 23:45 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
    + 2012-02-19 23:45 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
    + 2012-02-19 23:45 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
    + 2012-02-19 23:45 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
    + 2012-02-19 23:45 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
    + 2012-02-19 23:50 . 2012-02-19 23:50 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f0ab4a05\System.Drawing.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9e947023\System.Drawing.Design.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e752fb23\CustomMarshalers.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
    + 2012-02-20 18:14 . 2012-02-20 18:14 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
    + 2012-02-20 18:10 . 2012-02-20 18:10 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
    + 2012-02-20 18:10 . 2012-02-20 18:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
    + 2012-02-20 18:04 . 2012-02-20 18:04 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
    + 2012-02-20 18:13 . 2012-02-20 18:13 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-02-20 18:13 . 2012-02-20 18:13 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
    + 2012-02-20 18:13 . 2012-02-20 18:13 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
    + 2012-02-20 18:13 . 2012-02-20 18:13 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
    + 2012-02-20 18:12 . 2012-02-20 18:12 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
    + 2012-02-20 18:11 . 2012-02-20 18:11 601088 c:\windows\assembly\NativeImages_v2.0.50727_32\PerstNET\eb87fa96721652c7999532ce1ea95df2\PerstNET.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
    + 2012-02-20 18:12 . 2012-02-20 18:12 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 264192 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Utils\83b7ecec3314f98487f20175960661f0\MediaManager.Utils.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 272384 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Splash#\32dabf7f3ca724494a8f51a1cb056f92\MediaManager.SplashScreen.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 948736 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.GUI\f1819e3806ec7bcebc57298d916c5819\MediaManager.GUI.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 856576 c:\windows\assembly\NativeImages_v2.0.50727_32\Lucene.Net\bd85a52fda2bf57613be171c06739ca5\Lucene.Net.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 657920 c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\3ffebb7e9b658a19c8ae5d9c14186c9b\log4net.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 210432 c:\windows\assembly\NativeImages_v2.0.50727_32\GCPlayer\9c7f40109a31a1ded3ef99f1f3629329\GCPlayer.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
    + 2012-02-20 18:12 . 2012-02-20 18:12 151552 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.WMPLib\84382ffbb7cca9525d9eaa636720d9bf\AxInterop.WMPLib.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\68ccca21cbe74787ed9f155749b2f72f\AxInterop.SHDocVw.ni.dll
    + 2012-02-20 18:10 . 2012-02-20 18:10 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2011-10-13 22:15 . 2011-10-13 22:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-10-13 22:15 . 2011-10-13 22:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-10-13 22:15 . 2011-10-13 22:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-10-13 22:15 . 2011-10-13 22:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-10-13 22:15 . 2011-10-13 22:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2001-08-18 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
    + 2001-08-18 12:00 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
    + 2001-08-18 12:00 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
    + 2001-08-18 12:00 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
    + 2007-08-13 17:34 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
    - 2007-08-13 17:34 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
    + 2008-10-14 23:47 . 2012-01-12 16:53 1859968 c:\windows\system32\dllcache\win32k.sys
    - 2007-08-13 17:54 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2007-08-13 17:54 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2008-05-07 05:12 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
    + 2007-08-13 17:54 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
    + 2008-08-23 15:04 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
    - 2008-08-23 15:04 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
    + 2011-12-25 03:50 . 2011-12-25 03:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2011-10-26 03:39 . 2011-10-26 03:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2011-12-25 11:07 . 2011-12-25 11:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
    + 2011-12-25 11:06 . 2011-12-25 11:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2011-12-25 11:06 . 2011-12-25 11:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2011-07-08 12:59 . 2011-07-08 12:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2011-12-24 22:54 . 2011-12-24 22:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2011-07-07 11:02 . 2011-07-07 11:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2011-07-07 11:02 . 2011-07-07 11:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2011-12-24 22:53 . 2011-12-24 22:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2011-07-08 12:59 . 2011-07-08 12:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2011-12-25 11:06 . 2011-12-25 11:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2011-10-30 22:54 . 2011-10-30 22:54 2748416 c:\windows\Installer\eea2aa.msp
    + 2011-12-26 09:59 . 2011-12-26 09:59 4368896 c:\windows\Installer\eea27e.msp
    + 2012-02-19 23:45 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
    + 2012-02-19 23:45 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b5bf5360\System.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5faffa34\System.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e75fd361\System.Xml.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_adb2f412\System.Xml.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e73db215\System.Windows.Forms.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b57fd252\System.Windows.Forms.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c4404569\System.Drawing.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_eaea68f6\System.Design.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3408b014\System.Design.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1499367b\mscorlib.dll
    + 2012-02-19 23:51 . 2012-02-19 23:51 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1117a921\mscorlib.dll
    + 2012-02-20 18:02 . 2012-02-20 18:02 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
    + 2012-02-20 18:02 . 2012-02-20 18:02 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
    + 2012-02-20 18:04 . 2012-02-20 18:04 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
    + 2012-02-20 18:10 . 2012-02-20 18:10 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
    + 2012-02-20 18:10 . 2012-02-20 18:10 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
    + 2012-02-20 18:04 . 2012-02-20 18:04 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
    + 2012-02-20 18:03 . 2012-02-20 18:03 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
    + 2012-02-20 18:13 . 2012-02-20 18:13 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3f2e74586111fb32d5edc059f709fa94\System.Data.OracleClient.ni.dll
    + 2012-02-20 18:13 . 2012-02-20 18:13 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 1006592 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\f445ed44f10fe980059d6feb420dd669\Sony.MediaSoftware.clrshared.ni.dll
    + 2012-02-20 18:02 . 2012-02-20 18:02 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
    + 2012-02-20 18:14 . 2012-02-20 18:14 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 1786880 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager\2548be65aeeedfba917567803cc0bde2\MediaManager.ni.exe
    + 2012-02-20 18:11 . 2012-02-20 18:11 7511040 c:\windows\assembly\NativeImages_v2.0.50727_32\AppCommon\89311f6574f17dd6f5a01fe76e80c2d8\AppCommon.ni.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-10-13 22:15 . 2011-10-13 22:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2010-10-08 02:09 . 2010-10-08 02:09 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2012-02-19 23:50 . 2012-02-19 23:50 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2011-10-13 22:15 . 2011-10-13 22:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-02-19 23:59 . 2012-02-19 23:59 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2011-10-13 22:14 . 2011-10-13 22:14 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2012-02-19 23:49 . 2012-02-19 23:49 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    - 2011-10-13 22:08 . 2011-10-13 22:08 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2012-02-19 23:49 . 2012-02-19 23:49 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-02-19 23:49 . 2012-02-19 23:49 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-08-23 14:16 . 2012-01-26 23:20 52550552 c:\windows\system32\MRT.exe
    + 2007-08-13 17:54 . 2011-12-18 14:46 11082240 c:\windows\system32\ieframe.dll
    + 2008-08-23 15:04 . 2011-12-18 14:46 11082240 c:\windows\system32\dllcache\ieframe.dll
    + 2011-12-26 17:02 . 2011-12-26 17:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
    + 2011-12-26 09:02 . 2011-12-26 09:02 19677184 c:\windows\Installer\eea299.msp
    + 2012-02-19 23:45 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
    + 2012-02-20 18:04 . 2012-02-20 18:04 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
    + 2012-02-20 18:12 . 2012-02-20 18:12 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
    + 2012-02-20 18:11 . 2012-02-20 18:11 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
    + 2012-02-20 18:03 . 2012-02-20 18:03 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
    + 2012-02-20 18:03 . 2012-02-20 18:03 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
    + 2012-02-20 18:02 . 2012-02-20 18:02 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
    "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\Gemma\Start Menu\Programs\Startup\
    Wallpapers from MSN.lnk - c:\documents and settings\Gemma\Application Data\Microsoft\Installer\{5C1178ED-7A1D-4EA6-A78D-FE526091DC4B}\_AD40422860A612C0AA07CA.exe [2008-10-27 134278]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
    2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
    2008-07-11 17:51 423200 -c--a-w- e:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2004-05-12 15:18 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2004-02-12 13:38 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2004-04-06 10:28 172032 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
    2004-06-07 04:42 659456 -c--a-w- c:\windows\system32\hphmon06.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
    2004-06-07 04:53 49152 -c--a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 11:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
    2009-01-08 13:44 70936 ----a-w- c:\documents and settings\Chris D\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "e:\\Program Files\\mIRC\\mirc.exe"=
    "e:\\Program Files\\Azureus2\\Azureus.exe"=
    "e:\\Program Files\\SopCast\\SopCast.exe"=
    "e:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
    "e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Documents and Settings\\Chris D\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "e:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "e:\\Program Files\\Opera 11\\opera.exe"=
    "e:\\Program Files\\Azureus2011\\Azureus.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:*:Disabled:peer Name Resolution Protocol (PNRP)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [18/08/2001 12:00 14336]
    R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [07/09/2008 00:57 15840]
    R3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;c:\windows\system32\drivers\DLKRTS.SYS [17/10/2001 19:59 25434]
    S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-21 c:\windows\Tasks\HP Usg Daily.job
    - c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 04:53]
    .
    2012-02-21 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    FF - ProfilePath - c:\documents and settings\Chris D\Application Data\Mozilla\Firefox\Profiles\c5sq3hhr.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-21 18:52
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3704)
    c:\windows\system32\WININET.dll
    c:\program files\NVIDIA Corporation\nView\nview.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\System32\tcpsvcs.exe
    c:\windows\System32\snmp.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-21 18:55:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-21 18:55
    ComboFix2.txt 2012-02-19 19:19
    ComboFix3.txt 2011-02-02 13:03
    .
    Pre-Run: 1,929,314,304 bytes free
    Post-Run: 1,948,315,648 bytes free
    .
    - - End Of File - - 6F7199CD8BF1CF1932107F132BDB867D



    Here is the Malwarebytes log you asked for:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.21.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Chris D :: CHRIS [administrator]

    21/02/2012 19:59:21
    mbam-log-2012-02-21 (19-59-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 186808
    Time elapsed: 4 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    Here is the Security Check log you asked for:

    Results of screen317's Security Check version 0.99.31
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SpywareBlaster 4.4
    Spybot - Search & Destroy
    DH Driver Cleaner Professional Edition
    Temp File Cleaner
    Java(TM) 6 Update 30
    Adobe Flash Player 11.1.102.55
    Mozilla Firefox (10.0.2)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````


    Everything seems ok now as far as the automatic updates / MSE updating goes.

    Thanks for your help and just let me know if theres anything else you think i should do :)
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    All looks good from your logs, do this:

    Step 1

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.
    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Step 2

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose run as administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

    Step 3

    You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan* button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... [​IMG]
    ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

    Let me know if those steps complete OK..

    Kevin
     
  11. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Hello, thanks for the reply :)

    I have done each of those now.

    Secunia has recommended a few updates to me so i will make sure to sort those out when i have a bit more free time.
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.

    Here are some tips to reduce the potential for malware infection in the future:

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained Here

    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    Firefox,

    Opera, and

    Chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    If no remaining issues hit the “Mark Solved” tab at the top of the thread,

    Take care,

    Kevin
     
  13. chrisd84

    chrisd84 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    33
    Thanks for all the help Kevin, i have installed WinPatrol as per your suggestion also ;)
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Anytime my friend, glad to have helped....
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1033170

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice