ComboFix 12-01-09.07 - Mateusz Borowiak 2012-01-10 17:07:50.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.662 [GMT 1:00] Running from: c:\documents and settings\Mateusz Borowiak\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Mateusz Borowiak\Application Data\3.tmp c:\documents and settings\Mateusz Borowiak\Application Data\4.tmp c:\documents and settings\Mateusz Borowiak\Application Data\5.tmp c:\documents and settings\Mateusz Borowiak\Application Data\medina0 c:\documents and settings\Mateusz Borowiak\Application Data\medina0\hsbca.exe c:\documents and settings\Mateusz Borowiak\Application Data\medina0\tar.cmd c:\documents and settings\Mateusz Borowiak\Application Data\PickaVamMaterina3 . . ((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 ))))))))))))))))))))))))))))))) . . 2012-01-09 21:23 . 2012-01-09 21:23 -------- d-----w- C:\$AVG 2012-01-09 11:46 . 2012-01-09 11:46 -------- d-----w- c:\documents and settings\Mateusz Borowiak\Application Data\AVG2012 2012-01-09 11:45 . 2012-01-09 11:45 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2012-01-09 11:42 . 2012-01-10 15:32 -------- d-----w- c:\windows\system32\drivers\AVG 2012-01-09 11:42 . 2012-01-09 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2012-01-09 11:42 . 2012-01-09 11:42 -------- d-----w- c:\program files\AVG 2012-01-09 11:20 . 2012-01-10 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2012-01-09 10:48 . 2012-01-09 10:49 -------- d-----w- C:\Downloads 2012-01-09 10:35 . 2012-01-09 10:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2011-12-29 14:45 . 2011-12-29 14:45 -------- d-----w- c:\windows\Sun 2011-12-29 11:55 . 2011-12-29 11:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 13:25 . 2008-04-14 00:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-01 20:35 . 2008-04-14 04:42 667136 ----a-w- c:\windows\system32\wininet.dll 2011-11-01 20:35 . 2008-04-14 04:41 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-11-01 20:35 . 2008-04-14 04:41 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-11-01 16:07 . 2008-04-14 04:42 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-11-01 15:02 . 2008-04-13 23:07 369664 ----a-w- c:\windows\system32\html.iec 2011-10-28 05:31 . 2008-04-14 04:41 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 18:56 . 2011-10-26 18:57 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-10-26 18:56 . 2011-10-26 18:57 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-25 13:33 . 2008-04-13 23:57 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2008-04-14 00:01 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2008-04-14 04:41 186880 ----a-w- c:\windows\system32\encdec.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-23_00.05.11 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2012-01-10 15:25 . 2012-01-10 15:25 16384 c:\windows\Temp\Perflib_Perfdata_384.dat + 2008-04-14 04:42 . 2011-11-01 20:35 37888 c:\windows\system32\url.dll - 2008-04-14 04:42 . 2011-09-05 13:56 37888 c:\windows\system32\url.dll - 2008-04-14 04:42 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe + 2008-04-14 04:42 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe + 2011-12-10 09:56 . 2007-02-18 20:46 12160 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\mouhid.sys + 2011-12-10 09:56 . 2008-04-14 04:51 23040 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\mouclass.sys - 2001-08-23 11:00 . 2011-11-23 00:00 67952 c:\windows\system32\perfc009.dat + 2001-08-23 11:00 . 2012-01-09 23:38 67952 c:\windows\system32\perfc009.dat + 2011-12-10 20:04 . 2008-04-14 04:41 21504 c:\windows\system32\hidserv.dll + 2011-12-10 09:56 . 2010-10-11 19:19 14120 c:\windows\system32\drivers\wacomvhid.sys + 2011-12-10 09:56 . 2010-10-11 19:19 11312 c:\windows\system32\drivers\wacommousefilter.sys + 2011-12-10 09:56 . 2010-10-11 19:19 16240 c:\windows\system32\drivers\wacmoumonitor.sys - 2001-08-17 13:48 . 2007-02-18 20:46 12160 c:\windows\system32\drivers\mouhid.sys + 2001-08-17 13:48 . 2001-08-17 12:48 12160 c:\windows\system32\drivers\mouhid.sys - 2008-04-14 00:09 . 2008-04-14 04:51 23040 c:\windows\system32\drivers\mouclass.sys + 2008-04-14 00:09 . 2008-04-13 23:09 23040 c:\windows\system32\drivers\mouclass.sys + 2011-09-13 05:30 . 2011-09-13 05:30 32592 c:\windows\system32\drivers\avgrkx86.sys + 2011-08-08 05:08 . 2011-08-08 05:08 40016 c:\windows\system32\drivers\avgmfx86.sys + 2011-10-04 05:21 . 2011-10-04 05:21 16720 c:\windows\system32\drivers\AVGIDSShim.sys + 2011-07-11 00:14 . 2011-07-11 00:14 24272 c:\windows\system32\drivers\AVGIDSFilter.sys + 2011-07-11 00:14 . 2011-07-11 00:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys + 2008-04-14 04:42 . 2011-11-01 20:35 37888 c:\windows\system32\dllcache\url.dll - 2008-04-14 04:42 . 2011-09-05 13:56 37888 c:\windows\system32\dllcache\url.dll + 2001-08-17 13:48 . 2001-08-17 12:48 12160 c:\windows\system32\dllcache\mouhid.sys + 2008-04-14 00:09 . 2008-04-13 23:09 23040 c:\windows\system32\dllcache\mouclass.sys - 2008-04-14 04:41 . 2011-09-05 13:56 81920 c:\windows\system32\dllcache\ieencode.dll + 2008-04-14 04:41 . 2011-11-01 20:35 81920 c:\windows\system32\dllcache\ieencode.dll + 2011-12-10 20:04 . 2008-04-14 04:41 21504 c:\windows\system32\dllcache\hidserv.dll - 2008-04-14 04:41 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll + 2008-04-14 04:41 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll + 2011-12-25 02:49 . 2011-12-25 02:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2012-01-09 23:43 . 2012-01-09 23:43 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll + 2012-01-09 23:38 . 2012-01-09 23:38 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2011-10-30 10:19 . 2011-10-30 10:19 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2012-01-09 23:38 . 2012-01-09 23:38 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2011-10-30 10:19 . 2011-10-30 10:19 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2012-01-09 23:38 . 2012-01-09 23:38 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2011-10-30 10:20 . 2011-10-30 10:20 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2012-01-09 23:38 . 2012-01-09 23:38 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2011-10-30 10:19 . 2011-10-30 10:19 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2012-01-09 23:38 . 2012-01-09 23:38 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2011-10-30 10:20 . 2011-10-30 10:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2011-10-30 10:20 . 2011-10-30 10:20 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2012-01-09 23:38 . 2012-01-09 23:38 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2012-01-09 23:38 . 2012-01-09 23:38 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2011-10-30 10:20 . 2011-10-30 10:20 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2012-01-09 23:38 . 2012-01-09 23:38 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2011-10-30 10:20 . 2011-10-30 10:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2012-01-09 23:38 . 2012-01-09 23:38 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2011-10-30 10:19 . 2011-10-30 10:19 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2011-10-30 10:19 . 2011-10-30 10:19 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2012-01-09 23:38 . 2012-01-09 23:38 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2011-10-30 10:19 . 2011-10-30 10:19 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2012-01-09 23:38 . 2012-01-09 23:38 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2011-10-30 10:19 . 2011-10-30 10:19 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-01-09 23:38 . 2012-01-09 23:38 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-01-09 23:38 . 2012-01-09 23:38 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2011-10-30 10:19 . 2011-10-30 10:19 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2011-10-30 10:19 . 2011-10-30 10:19 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2012-01-09 23:38 . 2012-01-09 23:38 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2012-01-09 23:38 . 2012-01-09 23:38 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2011-10-30 10:19 . 2011-10-30 10:19 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2012-01-09 23:38 . 2012-01-09 23:38 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2011-10-30 10:20 . 2011-10-30 10:20 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2012-01-09 23:38 . 2012-01-09 23:38 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2011-10-30 10:19 . 2011-10-30 10:19 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2011-10-30 10:19 . 2011-10-30 10:19 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2012-01-09 23:38 . 2012-01-09 23:38 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2011-10-30 10:20 . 2011-10-30 10:20 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2012-01-09 23:38 . 2012-01-09 23:38 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2011-10-30 10:20 . 2011-10-30 10:20 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2012-01-09 23:38 . 2012-01-09 23:38 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2006-12-01 21:54 . 2006-12-01 21:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-01 21:54 . 2006-12-01 21:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 21:54 . 2006-12-01 21:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2011-12-10 09:56 . 2010-10-26 21:42 506736 c:\windows\system32\Wintab32.dll + 2008-04-14 04:42 . 2011-11-01 20:35 633344 c:\windows\system32\urlmon.dll - 2008-04-14 04:42 . 2011-09-05 13:56 633344 c:\windows\system32\urlmon.dll - 2001-08-23 11:00 . 2011-11-23 00:00 433122 c:\windows\system32\perfh009.dat + 2001-08-23 11:00 . 2012-01-09 23:38 433122 c:\windows\system32\perfh009.dat + 2011-12-10 09:57 . 2010-10-26 21:42 642928 c:\windows\system32\Pen_Touch_Tablet.dll + 2011-12-10 09:56 . 2010-10-26 21:42 650096 c:\windows\system32\Pen_Tablet.dll - 2008-04-14 04:42 . 2011-09-05 13:56 532480 c:\windows\system32\mstime.dll + 2008-04-14 04:42 . 2011-11-01 20:35 532480 c:\windows\system32\mstime.dll + 2008-04-14 04:42 . 2011-11-01 20:35 449536 c:\windows\system32\mshtmled.dll - 2008-04-14 04:42 . 2011-09-05 13:56 449536 c:\windows\system32\mshtmled.dll - 2008-04-14 04:41 . 2011-09-05 13:56 251904 c:\windows\system32\iepeers.dll + 2008-04-14 04:41 . 2011-11-01 20:35 251904 c:\windows\system32\iepeers.dll + 2011-07-11 00:14 . 2011-07-11 00:14 295248 c:\windows\system32\drivers\avgtdix.sys + 2011-10-07 05:23 . 2011-10-07 05:23 230608 c:\windows\system32\drivers\avgldx86.sys + 2011-07-11 00:14 . 2011-07-11 00:14 134608 c:\windows\system32\drivers\AVGIDSDriver.sys + 2008-04-14 04:42 . 2011-11-01 20:35 667136 c:\windows\system32\dllcache\wininet.dll - 2008-04-14 04:42 . 2011-09-05 13:56 667136 c:\windows\system32\dllcache\wininet.dll + 2008-04-14 04:42 . 2011-11-01 20:35 633344 c:\windows\system32\dllcache\urlmon.dll - 2008-04-14 04:42 . 2011-09-05 13:56 633344 c:\windows\system32\dllcache\urlmon.dll - 2008-04-14 04:42 . 2011-09-05 13:56 532480 c:\windows\system32\dllcache\mstime.dll + 2008-04-14 04:42 . 2011-11-01 20:35 532480 c:\windows\system32\dllcache\mstime.dll + 2008-04-14 04:42 . 2011-11-01 20:35 449536 c:\windows\system32\dllcache\mshtmled.dll - 2008-04-14 04:42 . 2011-09-05 13:56 449536 c:\windows\system32\dllcache\mshtmled.dll - 2008-04-14 04:41 . 2011-09-05 13:56 251904 c:\windows\system32\dllcache\iepeers.dll + 2008-04-14 04:41 . 2011-11-01 20:35 251904 c:\windows\system32\dllcache\iepeers.dll - 2008-04-14 04:41 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll + 2008-04-14 04:41 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll + 2011-12-25 02:49 . 2011-12-25 02:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2011-12-25 04:40 . 2011-12-25 04:40 819200 c:\windows\Installer\7b1d2a.msp + 2012-01-09 11:41 . 2012-01-09 11:41 219648 c:\windows\Installer\45d0c4.msi + 2012-01-09 23:43 . 2012-01-09 23:43 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll + 2012-01-09 23:42 . 2012-01-09 23:42 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe + 2012-01-09 23:42 . 2012-01-09 23:42 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll + 2012-01-09 23:38 . 2012-01-09 23:38 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2011-10-30 10:19 . 2011-10-30 10:19 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2012-01-09 23:38 . 2012-01-09 23:38 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2011-10-30 10:19 . 2011-10-30 10:19 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2012-01-09 23:38 . 2012-01-09 23:38 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2011-10-30 10:19 . 2011-10-30 10:19 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2011-10-30 10:20 . 2011-10-30 10:20 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2012-01-09 23:38 . 2012-01-09 23:38 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2012-01-09 23:38 . 2012-01-09 23:38 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2011-10-30 10:20 . 2011-10-30 10:20 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2011-10-30 10:20 . 2011-10-30 10:20 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2012-01-09 23:38 . 2012-01-09 23:38 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2012-01-09 23:38 . 2012-01-09 23:38 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2011-10-30 10:20 . 2011-10-30 10:20 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2012-01-09 23:38 . 2012-01-09 23:38 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2011-10-30 10:20 . 2011-10-30 10:20 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2012-01-09 23:38 . 2012-01-09 23:38 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2011-10-30 10:20 . 2011-10-30 10:20 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2011-10-30 10:20 . 2011-10-30 10:20 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2012-01-09 23:38 . 2012-01-09 23:38 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2011-10-30 10:19 . 2011-10-30 10:19 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2012-01-09 23:38 . 2012-01-09 23:38 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2011-10-30 10:20 . 2011-10-30 10:20 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2012-01-09 23:38 . 2012-01-09 23:38 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2012-01-09 23:38 . 2012-01-09 23:38 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2011-10-30 10:20 . 2011-10-30 10:20 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2012-01-09 23:38 . 2012-01-09 23:38 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2011-10-30 10:20 . 2011-10-30 10:20 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2011-10-30 10:20 . 2011-10-30 10:20 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2012-01-09 23:38 . 2012-01-09 23:38 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2012-01-09 23:38 . 2012-01-09 23:38 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2011-10-30 10:19 . 2011-10-30 10:19 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2012-01-09 23:38 . 2012-01-09 23:38 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2011-10-30 10:19 . 2011-10-30 10:19 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2011-10-30 10:19 . 2011-10-30 10:19 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2012-01-09 23:38 . 2012-01-09 23:38 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2011-10-30 10:19 . 2011-10-30 10:19 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-01-09 23:38 . 2012-01-09 23:38 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-01-09 23:38 . 2012-01-09 23:38 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2011-10-30 10:20 . 2011-10-30 10:20 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2011-10-30 10:20 . 2011-10-30 10:20 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2012-01-09 23:38 . 2012-01-09 23:38 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2011-10-30 10:19 . 2011-10-30 10:19 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2012-01-09 23:38 . 2012-01-09 23:38 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2011-10-30 10:20 . 2011-10-30 10:20 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2012-01-09 23:38 . 2012-01-09 23:38 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2012-01-09 23:38 . 2012-01-09 23:38 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2011-10-30 10:20 . 2011-10-30 10:20 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2011-10-30 10:20 . 2011-10-30 10:20 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2012-01-09 23:38 . 2012-01-09 23:38 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2012-01-09 23:38 . 2012-01-09 23:38 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll - 2011-10-30 10:20 . 2011-10-30 10:20 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll - 2008-04-14 04:42 . 2011-09-05 13:56 1510400 c:\windows\system32\shdocvw.dll + 2008-04-14 04:42 . 2011-11-01 20:35 1510400 c:\windows\system32\shdocvw.dll + 2008-04-14 04:42 . 2011-11-03 15:51 3087360 c:\windows\system32\mshtml.dll - 2011-10-26 17:32 . 2011-11-07 11:16 1485888 c:\windows\system32\FNTCACHE.DAT + 2011-10-26 17:32 . 2012-01-09 10:26 1485888 c:\windows\system32\FNTCACHE.DAT + 2008-04-14 00:00 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys - 2008-04-14 04:42 . 2011-09-05 13:56 1510400 c:\windows\system32\dllcache\shdocvw.dll + 2008-04-14 04:42 . 2011-11-01 20:35 1510400 c:\windows\system32\dllcache\shdocvw.dll + 2008-04-14 04:42 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll - 2011-10-26 16:05 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe + 2011-10-26 16:05 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe + 2011-10-26 16:05 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe - 2011-10-26 16:05 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe + 2011-10-26 16:05 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe - 2011-10-26 16:05 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe - 2011-10-26 16:05 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe + 2011-10-26 16:05 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe + 2008-04-14 04:42 . 2011-11-03 15:51 3087360 c:\windows\system32\dllcache\mshtml.dll + 2008-04-14 04:41 . 2011-11-01 20:35 1025024 c:\windows\system32\dllcache\browseui.dll - 2008-04-14 04:41 . 2011-09-05 13:56 1025024 c:\windows\system32\dllcache\browseui.dll - 2008-04-14 04:41 . 2011-09-05 13:56 1025024 c:\windows\system32\browseui.dll + 2008-04-14 04:41 . 2011-11-01 20:35 1025024 c:\windows\system32\browseui.dll + 2011-12-25 02:50 . 2011-12-25 02:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2012-01-09 10:36 . 2012-01-09 10:36 1001472 c:\windows\Installer\9ce56.msi + 2011-12-26 08:59 . 2011-12-26 08:59 4368896 c:\windows\Installer\7b1d21.msp + 2012-01-09 11:45 . 2012-01-09 11:45 4683264 c:\windows\Installer\45d0cc.msi + 2012-01-09 11:42 . 2012-01-09 11:42 2186240 c:\windows\Installer\45d0c8.msi + 2011-10-26 16:05 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2011-10-26 16:05 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2011-10-26 16:05 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2011-10-26 16:05 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2011-10-26 16:05 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2011-10-26 16:05 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2011-10-26 16:05 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2011-10-26 16:05 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2012-01-09 23:43 . 2012-01-09 23:43 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll + 2012-01-09 23:42 . 2012-01-09 23:42 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll + 2012-01-09 23:43 . 2012-01-09 23:43 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll + 2012-01-09 23:42 . 2012-01-09 23:42 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll - 2011-10-30 10:20 . 2011-10-30 10:20 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2012-01-09 23:38 . 2012-01-09 23:38 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2012-01-09 23:38 . 2012-01-09 23:38 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2011-10-30 10:20 . 2011-10-30 10:20 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2011-10-30 10:19 . 2011-10-30 10:19 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2012-01-09 23:38 . 2012-01-09 23:38 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2011-10-30 10:08 . 2011-10-30 10:08 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll + 2012-01-09 23:40 . 2012-01-09 23:40 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll - 2011-10-30 10:19 . 2011-10-30 10:19 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2012-01-09 23:38 . 2012-01-09 23:38 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2012-01-09 23:37 . 2012-01-09 23:37 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2011-10-30 10:20 . 2011-10-30 10:20 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2012-01-09 23:38 . 2012-01-09 23:38 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2011-10-30 10:20 . 2011-10-30 10:20 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-01-09 23:38 . 2012-01-09 23:38 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2011-10-26 16:27 . 2011-12-29 11:53 52988224 c:\windows\system32\MRT.exe + 2012-01-09 23:43 . 2012-01-09 23:43 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll + 2012-01-09 23:42 . 2012-01-09 23:42 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll + 2012-01-09 23:40 . 2012-01-09 23:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-26 3077528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256] "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360] "Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648] "C-Media Mixer"="Mixer.exe" [2002-10-15 1818624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^Mateusz Borowiak^Start Menu^Programs^Startup^newmoon18.exe] path=c:\documents and settings\Mateusz Borowiak\Start Menu\Programs\Startup\newmoon18.exe backup=c:\windows\pss\newmoon18.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "g:\\QuakeWorld.PL\\ezquake-gl.exe"= "c:\\gry\\OpenTTD\\openttd.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58731:TCP"= 58731:TCP:Pando Media Booster "58731:UDP"= 58731:UDP:Pando Media Booster . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-07-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-09-13 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-07 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-07-11 295248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-26 2253120] R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-12-10 4869488] R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-12-10 416112] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-07-11 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-07-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-04 16720] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-12-10 16240] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2011-10-26 11596] . Contents of the 'Scheduled Tasks' folder . 2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-789336058-682003330-1003Core.job - c:\documents and settings\Mateusz Borowiak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-26 16:03] . 2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-789336058-682003330-1003UA.job - c:\documents and settings\Mateusz Borowiak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-26 16:03] . 2012-01-10 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-26 20:18] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Vwdadv - c:\documents and settings\Mateusz Borowiak\Application Data\Vwdadv.exe HKLM-Run-Windows Task Services - c:\documents and settings\Mateusz Borowiak\Application Data\2.exe SSODL-Windows Task Services-c:\documents and settings\Mateusz Borowiak\Application Data\2.exe - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-10 17:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-01-10 17:14:36 ComboFix-quarantined-files.txt 2012-01-10 16:14 ComboFix2.txt 2011-12-04 15:58 ComboFix3.txt 2011-11-23 00:06 . Pre-Run: 31 003 217 920 bytes free Post-Run: 31 016 624 128 bytes free . - - End Of File - - 23BD076F8E6804CFE6FDE2A3B688D74F