Jump to content

Recommended Posts

My computer is badly infected, please help.

Symptoms: Chrome search results were hijacked for a few days, then Chrome stopped working entirely. Firefox still works, but I can't download any files (including malware removers), it says "download blocked by security policy."

MalwareBytes found this: C:\WINDOWS\system32\drivers\jnflbj.sys (Rootkit.Agent) but I can't delete it.

HijackThis log below.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:37:12 PM, on 10/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

C:\Program Files\Battery Meter\BTMeter.exe

C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Dell Video Chat\DellVideoChat.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2

O4 - HKLM\..\Run: [bTMeter] C:\Program Files\Battery Meter\BTMeter.exe

O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sightSpeed] "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-21-2368029214-2977675976-3612118479-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')

O4 - HKUS\S-1-5-21-2368029214-2977675976-3612118479-501\..\Run: [sightSpeed] "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode (User 'Guest')

O4 - HKUS\S-1-5-21-2368029214-2977675976-3612118479-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Guest')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Google Update Service (gupdate1c9d3bad7ddbe82) (gupdate1c9d3bad7ddbe82) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 4818 bytes

Link to post
Share on other sites

Hello jetsetlag! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. Add or Remove Programs list
  2. Malwarebytes' Anti-Malware log
  3. a new fresh HiJackThis log

Link to post
Share on other sites

Hi Borislav,

I did what you said except for downloading ResetTeaTimer.exe - it was blocked.

Logs below:

Uninstall List:

3ivx MPEG-4 5.0.3 (remove only)

Acrobat.com

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Advanced Audio FX Engine

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Battery Meter

BT Broadband Desktop Help

calibre

Combined Community Codec Pack 2008-09-21 16:18

Compatibility Pack for the 2007 Office system

CyberLink PowerDVD 8.0 SE

CyberLink PowerDVD 8.0 SE

Dell Video Chat (remove only)

Dell Webcam Central

Dell Wireless WLAN Card Utility

Digsby

DivX Web Player

EasyTether

ETDWare PS/2-x86 7.0.4.4 WHQL

Foxit PDF Editor

Foxit Reader

Google Talk Plugin

Google Update Helper

Google Updater

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Integrated Webcam Driver (1.01.01.0116)

iTunes

Java 6 Update 17

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft WinUsb 2.0

Microsoft Works

Mozilla Firefox (3.0.19)

Mozilla Thunderbird (2.0.0.24)

MSVCRT

MSXML 6.0 Parser (KB927977)

muvee Plugin 1.0

Paint.NET v3.36

Realtek High Definition Audio Driver

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB982381)

Segoe UI

Skype

Link to post
Share on other sites

Interesting.... in your last log, TeaTimer is disabled. No problem!

Step 1

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 2

You don't have antivirus software? This is a very serious mistake! Exactly this is due to your problems!

I suggest you some free antivirus programs:

http://www.avira.com/en/avira-free-antivirus

http://www.microsoft.com/security_essentials/

http://www.avast.com/free-antivirus-download

Choose one of them, download it, install it and perform a full scan. Let me know about the resaults and post a new fresh HiJackThis log.

Link to post
Share on other sites

Thank you! I've downloaded and run Avira.

JaveRa log:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Oct 05 21:08:36 2010

Found and removed: C:\Documents and Settings\Reene\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Reene\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\Reene\Application Data\Sun\Java\jre1.6.0_15

Found and removed: Software\Classes\JavaPlugin.160_17

------------------------------------

Finished reporting.

----------------------------------------

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:32:09 PM, on 10/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

C:\Program Files\Battery Meter\BTMeter.exe

C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Dell Video Chat\DellVideoChat.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Digsby\lib\digsby-app.exe

C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe

C:\Program Files\Digsby\lib\aspell\bin\aspell.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2

O4 - HKLM\..\Run: [bTMeter] C:\Program Files\Battery Meter\BTMeter.exe

O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sightSpeed] "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Google Update Service (gupdate1c9d3bad7ddbe82) (gupdate1c9d3bad7ddbe82) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 4216 bytes

Link to post
Share on other sites

Here is the Avira log:

Avira AntiVir Personal

Report file date: Thursday, October 07, 2010 00:42

Scanning for 2908377 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : Reen

Computer name : REENSDELL

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 12:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 18:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 16:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 11:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:26:08

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:26:16

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 20:26:34

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 20:26:47

VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 20:26:47

VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 20:26:47

VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 20:26:47

VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 20:26:47

VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 20:26:48

VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 20:26:48

VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 20:26:49

VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 20:26:49

VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 20:26:50

VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 20:26:51

VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 20:26:52

VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 20:26:52

VBASE021.VDF : 7.10.12.123 2048 Bytes 10/5/2010 20:26:52

VBASE022.VDF : 7.10.12.124 2048 Bytes 10/5/2010 20:26:52

VBASE023.VDF : 7.10.12.125 2048 Bytes 10/5/2010 20:26:52

VBASE024.VDF : 7.10.12.126 2048 Bytes 10/5/2010 20:26:52

VBASE025.VDF : 7.10.12.127 2048 Bytes 10/5/2010 20:26:52

VBASE026.VDF : 7.10.12.128 2048 Bytes 10/5/2010 20:26:52

VBASE027.VDF : 7.10.12.129 2048 Bytes 10/5/2010 20:26:52

VBASE028.VDF : 7.10.12.130 2048 Bytes 10/5/2010 20:26:52

VBASE029.VDF : 7.10.12.131 2048 Bytes 10/5/2010 20:26:52

VBASE030.VDF : 7.10.12.132 2048 Bytes 10/5/2010 20:26:53

VBASE031.VDF : 7.10.12.142 83456 Bytes 10/6/2010 21:34:06

Engineversion : 8.2.4.72

AEVDF.DLL : 8.1.2.1 106868 Bytes 10/5/2010 20:27:06

AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/5/2010 20:27:05

AESCN.DLL : 8.1.6.1 127347 Bytes 10/5/2010 20:27:03

AESBX.DLL : 8.1.3.1 254324 Bytes 10/5/2010 20:27:06

AERDL.DLL : 8.1.9.2 635252 Bytes 10/5/2010 20:27:03

AEPACK.DLL : 8.2.3.7 471413 Bytes 10/5/2010 20:27:00

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/5/2010 20:26:59

AEHEUR.DLL : 8.1.2.30 2941303 Bytes 10/5/2010 20:26:59

AEHELP.DLL : 8.1.13.4 242038 Bytes 10/5/2010 20:26:55

AEGEN.DLL : 8.1.3.23 401779 Bytes 10/5/2010 20:26:55

AEEMU.DLL : 8.1.2.0 393588 Bytes 10/5/2010 20:26:54

AECORE.DLL : 8.1.17.0 196982 Bytes 10/5/2010 20:26:54

AEBB.DLL : 8.1.1.0 53618 Bytes 10/5/2010 20:26:54

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 12:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 12:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 16:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 12:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 12:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 12:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 09:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 12:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 15:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 14:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 13:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 14:14:29

Configuration settings for the scan:

Jobname.............................: Scan for Rootkits and active malware

Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\rootkit.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: high

Start of the scan: Thursday, October 07, 2010 00:42

Starting search for hidden objects.

The scan of running processes will be started

Scan process 'avscan.exe' - '70' Module(s) have been scanned

Scan process 'avscan.exe' - '58' Module(s) have been scanned

Scan process 'dllhost.exe' - '48' Module(s) have been scanned

Scan process 'vssvc.exe' - '51' Module(s) have been scanned

Scan process 'avcenter.exe' - '99' Module(s) have been scanned

Scan process 'wuauclt.exe' - '38' Module(s) have been scanned

Scan process 'msdtc.exe' - '43' Module(s) have been scanned

Scan process 'dllhost.exe' - '61' Module(s) have been scanned

Scan process 'aspell.exe' - '18' Module(s) have been scanned

Scan process 'svchost.exe' - '35' Module(s) have been scanned

Scan process 'digsby-app.exe' - '122' Module(s) have been scanned

Scan process 'firefox.exe' - '116' Module(s) have been scanned

Scan process 'chrome.exe' - '41' Module(s) have been scanned

Scan process 'setup.exe' - '34' Module(s) have been scanned

Scan process 'rundll32.exe' - '57' Module(s) have been scanned

Scan process 'alg.exe' - '36' Module(s) have been scanned

Scan process 'iPodService.exe' - '31' Module(s) have been scanned

Scan process 'btdna.exe' - '60' Module(s) have been scanned

Scan process 'ctfmon.exe' - '28' Module(s) have been scanned

Scan process 'msmsgs.exe' - '41' Module(s) have been scanned

Scan process 'DellVideoChat.exe' - '106' Module(s) have been scanned

Scan process 'Skype.exe' - '94' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned

Scan process 'avgnt.exe' - '53' Module(s) have been scanned

Scan process 'WLTRAY.exe' - '41' Module(s) have been scanned

Scan process 'BTHelpNotifier.exe' - '64' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'SeaPort.exe' - '51' Module(s) have been scanned

Scan process 'BTMeter.exe' - '25' Module(s) have been scanned

Scan process 'WebcamDell.exe' - '44' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '32' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '44' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'sched.exe' - '52' Module(s) have been scanned

Scan process 'Explorer.EXE' - '123' Module(s) have been scanned

Scan process 'spoolsv.exe' - '53' Module(s) have been scanned

Scan process 'bcmwltry.exe' - '48' Module(s) have been scanned

Scan process 'WLTRYSVC.EXE' - '18' Module(s) have been scanned

Scan process 'svchost.exe' - '43' Module(s) have been scanned

Scan process 'svchost.exe' - '44' Module(s) have been scanned

Scan process 'svchost.exe' - '158' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'svchost.exe' - '51' Module(s) have been scanned

Scan process 'avshadow.exe' - '30' Module(s) have been scanned

Scan process 'avguard.exe' - '58' Module(s) have been scanned

Scan process 'lsass.exe' - '59' Module(s) have been scanned

Scan process 'services.exe' - '39' Module(s) have been scanned

Scan process 'winlogon.exe' - '69' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).

The registry was scanned ( '444' files ).

Starting the file scan:

Begin scan in 'C:' <OS>

End of the scan: Thursday, October 07, 2010 01:56

Used time: 1:13:12 Hour(s)

The scan has been done completely.

9414 Scanned directories

224610 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

224610 Files not concerned

7084 Archives were scanned

56 Warnings

0 Notes

325592 Objects were scanned with rootkit scan

0 Hidden objects were found

Link to post
Share on other sites

Thanks!

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Hi! The ComboFix log is below:

Thanks!

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Hi! The ComboFix log is below:

ComboFix 10-10-07.01 - Renee 10/08/2010 6:53.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.539 [GMT 1:00]

Running from: c:\documents and settings\Renee\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Renee\g2mdlhlpx.exe

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc1095.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc11E8.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc135E.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc1397.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc14BF.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc15.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc166C.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc168.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc188.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc194.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc197.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc1A9.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc1B.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc1F5.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc1FA.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc279.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc28.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc2A7.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc2B.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc2D0.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc2EB.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc2FB2.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc3.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc36B.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc387.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc3AD.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc3B1F.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc3D.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc4177.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc42EC.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc44AC.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc462.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc463E.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc489B.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc4DB.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc4ED.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc4F7.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc518.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc53.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc55.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc56B5.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc5A0.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc5F.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc63F.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc680.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc6E.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc70B.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc7D7.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc7E.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc820.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc85E.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc8C.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc931.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mcc9F.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mccA2.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mccCB.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mccD8.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mccE.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mccE4.tmp

c:\documents and settings\Renee\Local Settings\Temporary Internet Files\mccF36.tmp

c:\documents and settings\Renee\Start Menu\Programs\Uninstall.lnk

C:\ErrLog.txt

c:\windows\ofayudafawinaqa.dll

c:\windows\system32\Install.txt

c:\windows\system32\szetyj67v.txt

Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected

Restored copy from - Kitty had a snack :)

.

((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))

.

2010-10-06 06:54 . 2010-10-06 06:54 -------- d-----w- c:\documents and settings\Renee\Application Data\Avira

2010-10-05 20:23 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-10-05 20:23 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-05 20:23 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-10-05 20:23 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-10-05 20:23 . 2010-10-05 20:23 -------- d-----w- c:\program files\Avira

2010-10-05 20:23 . 2010-10-05 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-09-30 21:53 . 2010-10-05 22:22 -------- d-----w- c:\windows\system32\NtmsData

2010-09-18 12:45 . 2010-09-18 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-18 12:45 . 2010-09-18 12:57 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-18 00:31 . 2010-09-18 00:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-08 05:53 . 2009-05-13 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-10-08 05:50 . 2009-05-16 14:01 -------- d-----w- c:\documents and settings\Renee\Application Data\DNA

2010-10-08 05:34 . 2009-04-23 01:00 -------- d-----w- c:\documents and settings\Renee\Application Data\Skype

2010-10-05 21:34 . 2009-05-16 14:01 -------- d-----w- c:\program files\DNA

2010-10-05 20:21 . 2009-05-16 14:01 -------- d-----w- c:\documents and settings\Renee\Application Data\BitTorrent

2010-10-01 19:45 . 2010-03-03 22:05 -------- d-----w- c:\program files\Windows Media Connect 2

2010-09-26 18:18 . 2009-06-19 13:47 -------- d-----w- c:\documents and settings\Renee\Application Data\Spotify

2010-09-18 12:06 . 2009-05-13 11:04 -------- d-----w- c:\program files\Google

2010-09-18 12:02 . 2009-06-19 20:47 -------- d-----w- c:\program files\QuickTime

2010-09-18 10:54 . 2009-05-01 18:30 6238 ----a-w- c:\documents and settings\Renee\Application Data\wklnhst.dat

2010-09-13 21:21 . 2009-04-23 01:05 -------- d-----w- c:\documents and settings\Renee\Application Data\skypePM

2010-09-04 09:50 . 2010-10-01 21:06 163624 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat

2010-09-02 16:34 . 2009-04-22 23:55 -------- d-----w- c:\program files\Digsby

2010-08-14 11:18 . 2009-04-23 01:24 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-08-14 09:58 . 2010-08-14 09:58 -------- d-----w- c:\program files\Trend Micro

2010-08-13 20:22 . 2010-04-24 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

2010-08-04 20:22 . 2010-08-04 20:22 120 ----a-w- c:\windows\Mkiga.dat

2010-08-04 20:22 . 2010-08-04 20:22 0 ----a-w- c:\windows\Rcoyoheyevalana.bin

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-03-16 04:21 . 2009-03-16 04:21 75 --sh--r- c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe" [2010-06-12 231888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]

"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-02-18 2441216]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Documents and Settings\\Renee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=

"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [3/16/2009 5:15 AM 14248]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/5/2010 9:23 PM 135336]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [3/16/2009 5:20 AM 135936]

R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [3/16/2009 6:55 AM 5088416]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/16/2009 6:55 AM 110080]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [3/16/2009 6:56 AM 148056]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [3/16/2009 6:56 AM 133472]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [3/16/2009 6:56 AM 271328]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/16/2009 6:55 AM 157696]

S0 jnflbj;jnflbj; [x]

S2 gupdate1c9d3bad7ddbe82;Google Update Service (gupdate1c9d3bad7ddbe82);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2009 12:06 PM 133104]

.

Contents of the 'Scheduled Tasks' folder

2010-10-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-13 11:04]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0cb44bbadc58.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 11:06]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368029214-2977675976-3612118479-1006Core1cb181170e8386e.job

- c:\documents and settings\Renee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 23:43]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - c:\documents and settings\Renee\Application Data\Mozilla\Firefox\Profiles\iln3xm31.default\

FF - plugin: c:\documents and settings\Renee\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Renee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\Renee\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Common Files\Motive\npMotive.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - HiddenExtension: XULRunner: {66C2FEDD-6821-4ADF-86A7-DF8617FBD6A7} - c:\documents and settings\Renee\Local Settings\Application Data\{66C2FEDD-6821-4ADF-86A7-DF8617FBD6A7}\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2010-10-08 07:05:21

ComboFix-quarantined-files.txt 2010-10-08 06:05

Pre-Run: 131,652,505,600 bytes free

Post-Run: 131,778,592,768 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 1F09457E2B13F78562B200C5950B3E6E

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

Driver::
jnflbj

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Here you go!

ComboFix 10-10-08.01 - Renee 10/09/2010 10:20:11.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.142 [GMT 1:00]

Running from: c:\documents and settings\Renee\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Renee\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Renee\Local Settings\Application Data\{66C2FEDD-6821-4ADF-86A7-DF8617FBD6A7}

c:\documents and settings\Renee\Local Settings\Application Data\{66C2FEDD-6821-4ADF-86A7-DF8617FBD6A7}\chrome.manifest

c:\documents and settings\Renee\Local Settings\Application Data\{66C2FEDD-6821-4ADF-86A7-DF8617FBD6A7}\chrome\content\_cfg.js

c:\documents and settings\Renee\Local Settings\Application Data\{66C2FEDD-6821-4ADF-86A7-DF8617FBD6A7}\chrome\content\overlay.xul

c:\documents and settings\Renee\Local Settings\Application Data\{66C2FEDD-6821-4ADF-86A7-DF8617FBD6A7}\install.rdf

.

((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))

.

2010-10-08 05:41 . 2010-10-08 06:05 -------- d-----w- C:\Combo-Fix

2010-10-06 06:54 . 2010-10-06 06:54 -------- d-----w- c:\documents and settings\Renee\Application Data\Avira

2010-10-05 20:23 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-10-05 20:23 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-05 20:23 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-10-05 20:23 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-10-05 20:23 . 2010-10-05 20:23 -------- d-----w- c:\program files\Avira

2010-10-05 20:23 . 2010-10-05 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-09-30 21:53 . 2010-10-05 22:22 -------- d-----w- c:\windows\system32\NtmsData

2010-09-18 12:45 . 2010-09-18 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-18 12:45 . 2010-09-18 12:57 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-18 00:31 . 2010-09-18 00:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-09 09:37 . 2009-04-23 01:00 -------- d-----w- c:\documents and settings\Renee\Application Data\Skype

2010-10-09 09:36 . 2009-05-16 14:01 -------- d-----w- c:\documents and settings\Renee\Application Data\DNA

2010-10-08 20:36 . 2009-05-16 14:01 -------- d-----w- c:\program files\DNA

2010-10-08 20:35 . 2009-03-16 04:31 -------- d-----w- c:\program files\Microsoft Silverlight

2010-10-08 18:44 . 2009-03-16 04:18 -------- d-----w- c:\program files\Microsoft Works

2010-10-08 05:53 . 2009-05-13 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-10-05 20:21 . 2009-05-16 14:01 -------- d-----w- c:\documents and settings\Renee\Application Data\BitTorrent

2010-10-01 19:45 . 2010-03-03 22:05 -------- d-----w- c:\program files\Windows Media Connect 2

2010-09-26 18:18 . 2009-06-19 13:47 -------- d-----w- c:\documents and settings\Renee\Application Data\Spotify

2010-09-18 12:06 . 2009-05-13 11:04 -------- d-----w- c:\program files\Google

2010-09-18 12:02 . 2009-06-19 20:47 -------- d-----w- c:\program files\QuickTime

2010-09-18 10:54 . 2009-05-01 18:30 6238 ----a-w- c:\documents and settings\Renee\Application Data\wklnhst.dat

2010-09-13 21:21 . 2009-04-23 01:05 -------- d-----w- c:\documents and settings\Renee\Application Data\skypePM

2010-09-04 09:50 . 2010-10-01 21:06 163624 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat

2010-09-02 16:34 . 2009-04-22 23:55 -------- d-----w- c:\program files\Digsby

2010-08-17 13:17 . 2008-04-25 20:33 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-14 11:18 . 2009-04-23 01:24 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-08-14 09:58 . 2010-08-14 09:58 -------- d-----w- c:\program files\Trend Micro

2010-08-13 20:22 . 2010-04-24 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

2010-08-04 20:22 . 2010-08-04 20:22 120 ----a-w- c:\windows\Mkiga.dat

2010-08-04 20:22 . 2010-08-04 20:22 0 ----a-w- c:\windows\Rcoyoheyevalana.bin

2010-07-22 15:49 . 2008-04-25 20:33 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-05-23 01:00 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-03-16 04:21 . 2009-03-16 04:21 75 --sh--r- c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((( SnapShot@2010-10-08_06.02.27 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-25 20:33 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe

+ 2008-04-25 20:33 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe

- 2008-04-25 20:33 . 2010-06-24 02:04 79188 c:\windows\system32\perfc009.dat

+ 2008-04-25 20:33 . 2010-10-08 18:41 79188 c:\windows\system32\perfc009.dat

+ 2008-04-25 20:33 . 2010-06-24 12:10 81920 c:\windows\system32\ieencode.dll

- 2008-04-25 20:33 . 2010-04-16 16:09 81920 c:\windows\system32\ieencode.dll

- 2008-04-25 20:33 . 2008-04-14 12:00 80384 c:\windows\system32\iccvid.dll

+ 2008-04-25 20:33 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll

+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

- 2009-02-20 08:10 . 2010-04-16 16:09 81920 c:\windows\system32\dllcache\ieencode.dll

+ 2009-02-20 08:10 . 2010-06-24 12:10 81920 c:\windows\system32\dllcache\ieencode.dll

+ 2010-09-22 08:43 . 2010-09-22 08:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

- 2010-03-23 04:31 . 2010-03-23 04:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2010-09-23 14:55 . 2010-09-23 14:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

- 2010-04-01 10:42 . 2010-04-01 10:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2010-09-23 01:26 . 2010-09-23 01:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2010-03-31 13:51 . 2010-03-31 13:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2010-09-23 01:26 . 2010-09-23 01:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2010-03-31 13:51 . 2010-03-31 13:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2010-03-31 13:51 . 2010-03-31 13:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2010-09-23 01:26 . 2010-09-23 01:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2010-03-31 14:32 . 2010-03-31 14:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2010-09-23 02:17 . 2010-09-23 02:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2010-03-31 14:32 . 2010-03-31 14:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2010-09-23 02:17 . 2010-09-23 02:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2010-10-08 18:20 . 2010-10-08 18:20 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2010-06-12 12:41 . 2010-06-12 12:41 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2010-06-05 02:01 . 2010-06-05 02:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2010-06-05 02:01 . 2010-10-08 18:36 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2009-03-16 04:18 . 2010-10-08 18:44 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe

- 2009-03-16 04:18 . 2010-05-05 06:15 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe

+ 2010-10-08 18:22 . 2010-10-08 18:22 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_66c2d617\System.Drawing.Design.dll

+ 2010-10-08 18:22 . 2010-10-08 18:22 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_131ff6f6\CustomMarshalers.dll

+ 2010-10-08 18:54 . 2010-10-08 18:54 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\dd5ce29ac227f3d0fd81b84621a57477\WindowsLiveWriter.ni.exe

+ 2010-10-08 18:55 . 2010-10-08 18:55 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\67a565eaa748e11f0953953cbdcd4e72\WindowsLive.Writer.Api.ni.dll

+ 2010-10-08 18:53 . 2010-10-08 18:53 24064 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\18b9e9f92e6e9266d5acd8c5bbf2ee19\WiaProxy32.ni.exe

+ 2010-10-08 18:46 . 2010-10-08 18:46 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll

+ 2010-10-08 18:57 . 2010-10-08 18:57 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-10-08 18:57 . 2010-10-08 18:57 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll

+ 2010-10-08 18:47 . 2010-10-08 18:47 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe

+ 2010-10-08 18:45 . 2010-10-08 18:45 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll

+ 2010-10-08 18:52 . 2010-10-08 18:52 20992 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\f4aed175261503128dab6af83e18ff3e\PaintDotNet.StylusReader.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll

+ 2010-10-08 18:46 . 2010-10-08 18:46 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll

+ 2010-10-08 18:45 . 2010-10-08 18:45 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll

+ 2010-10-08 18:52 . 2010-10-08 18:52 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\9635ebb159cfd1fdeada9e92dbb06347\Interop.WIA.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe

+ 2010-10-08 18:52 . 2010-10-08 18:52 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\DdsFileType\cd5c70a2e0b26ff9e79b4f9cf6483d5a\DdsFileType.ni.dll

+ 2010-10-08 18:47 . 2010-10-08 18:47 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-06-24 02:04 . 2010-06-24 02:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-06-12 12:42 . 2010-06-12 12:42 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-10-08 18:21 . 2010-10-08 18:21 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2008-04-25 20:33 . 2008-04-14 12:00 293376 c:\windows\system32\winsrv.dll

+ 2008-04-25 20:33 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll

- 2008-04-25 20:33 . 2010-04-16 16:09 667136 c:\windows\system32\wininet.dll

+ 2008-04-25 20:33 . 2010-06-24 12:10 667136 c:\windows\system32\wininet.dll

- 2008-04-25 20:33 . 2008-04-14 12:00 406016 c:\windows\system32\usp10.dll

+ 2008-04-25 20:33 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll

+ 2008-04-25 20:33 . 2010-06-24 12:10 627712 c:\windows\system32\urlmon.dll

- 2008-04-25 20:33 . 2010-04-16 16:09 627712 c:\windows\system32\urlmon.dll

+ 2008-04-25 20:33 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll

+ 2008-04-25 20:33 . 2010-10-08 18:41 464078 c:\windows\system32\perfh009.dat

- 2008-04-25 20:33 . 2010-06-24 02:04 464078 c:\windows\system32\perfh009.dat

- 2006-10-18 21:47 . 2006-10-18 21:47 317440 c:\windows\system32\MP4SDECD.dll

+ 2006-10-18 21:47 . 2010-03-30 11:24 317440 c:\windows\system32\mp4sdecd.dll

+ 2008-04-26 01:44 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll

- 2008-04-25 20:33 . 2010-04-16 16:09 251904 c:\windows\system32\iepeers.dll

+ 2008-04-25 20:33 . 2010-06-24 12:10 251904 c:\windows\system32\iepeers.dll

+ 2008-04-25 13:38 . 2010-10-08 20:35 167504 c:\windows\system32\FNTCACHE.DAT

- 2008-04-25 13:38 . 2010-06-12 15:53 167504 c:\windows\system32\FNTCACHE.DAT

+ 2008-04-25 20:33 . 2010-06-21 15:27 354304 c:\windows\system32\drivers\srv.sys

+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll

+ 2009-02-20 08:10 . 2010-06-24 12:10 667136 c:\windows\system32\dllcache\wininet.dll

- 2009-02-20 08:10 . 2010-04-16 16:09 667136 c:\windows\system32\dllcache\wininet.dll

+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll

+ 2009-02-20 08:10 . 2010-06-24 12:10 627712 c:\windows\system32\dllcache\urlmon.dll

- 2009-02-20 08:10 . 2010-04-16 16:09 627712 c:\windows\system32\dllcache\urlmon.dll

+ 2009-05-23 01:04 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys

+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll

+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll

+ 2010-03-30 11:24 . 2010-03-30 11:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll

+ 2009-05-23 01:04 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2010-02-26 05:43 . 2010-06-24 12:10 251904 c:\windows\system32\dllcache\iepeers.dll

- 2010-02-26 05:43 . 2010-04-16 16:09 251904 c:\windows\system32\dllcache\iepeers.dll

- 2010-03-23 04:31 . 2010-03-23 04:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2010-09-22 08:43 . 2010-09-22 08:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2009-08-07 22:51 . 2009-08-07 22:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2010-09-23 01:26 . 2010-09-23 01:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2010-03-31 13:51 . 2010-03-31 13:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2010-09-23 01:25 . 2010-09-23 01:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2010-03-31 13:49 . 2010-03-31 13:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2010-09-23 02:17 . 2010-09-23 02:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

- 2010-03-31 14:32 . 2010-03-31 14:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2010-09-23 20:02 . 2010-09-23 20:02 798208 c:\windows\Installer\299d05f.msp

+ 2009-03-16 04:18 . 2010-10-08 18:44 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe

- 2009-03-16 04:18 . 2010-05-05 06:15 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe

+ 2009-03-16 04:18 . 2010-10-08 18:44 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe

- 2009-03-16 04:18 . 2010-05-05 06:15 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe

- 2009-03-16 04:18 . 2010-05-05 06:15 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe

+ 2009-03-16 04:18 . 2010-10-08 18:44 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe

+ 2007-11-28 02:33 . 2007-11-28 02:33 173408 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F378_WkProof.dll

+ 2007-11-28 02:34 . 2007-11-28 02:34 972128 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20987_wkwpqd.dll

+ 2007-11-28 02:34 . 2007-11-28 02:34 161120 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20985_wkwpqrtf.dll

+ 2010-10-08 18:23 . 2010-10-08 18:23 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6eb48a76\System.Drawing.dll

+ 2010-10-08 18:23 . 2010-10-08 18:23 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_206d844a\System.Drawing.Design.dll

+ 2010-10-08 18:23 . 2010-10-08 18:23 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_984f8230\CustomMarshalers.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe

+ 2010-10-08 18:55 . 2010-10-08 18:55 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f39d526b39e8928e719d9ce8a971383e\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f06626ccee27150b618f6ff8e4b83dba\WindowsLive.Writer.Extensibility.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e0e45d40fad4c1b13c93dbd1268410f3\WindowsLive.Writer.Passport.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0916f4cf87dafdf941b66056dd0e005\WindowsLive.Writer.BlogClient.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c46d84073499887c745801bda334c97f\WindowsLive.Writer.Interop.SHDocVw.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa7ddbdf38e8a7129fb0befd951897f5\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8f73472385b353ebd6010d02ad42b2b6\WindowsLive.Writer.SpellChecker.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7619247d1c0a0779042423940f5f93de\WindowsLive.Writer.HtmlParser.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56faab9a03f8863e76f75d8b6c70185b\WindowsLive.Writer.Localization.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4844cd1fac89240407ab5e2a4fe9c518\WindowsLive.Writer.BrowserControl.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\482300ac4d48e5c77dc319ec489e6bfc\WindowsLive.Writer.Interop.Mshtml.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\436529704b6c85b97f68a5489dc82ab2\WindowsLive.Writer.FileDestinations.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3dce78aa75f081de7ad7cd480e64167a\WindowsLive.Writer.Interop.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1931e1807dc35a71bda7ce8b517c84ef\WindowsLive.Writer.Controls.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\18a657bcf90f1a3340e7e33ea4dad4c9\WindowsLive.Writer.Mshtml.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\088f2a6fd9107021e9b80ecc5c832334\WindowsLive.Writer.Instrumentation.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4db92179406aa5a642aca6165defa8fe\WindowsLive.Client.ni.dll

+ 2010-10-08 18:51 . 2010-10-08 18:51 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll

+ 2010-10-08 18:46 . 2010-10-08 18:46 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll

+ 2010-10-08 19:01 . 2010-10-08 19:01 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll

+ 2010-10-08 18:48 . 2010-10-08 18:48 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll

+ 2010-10-08 18:45 . 2010-10-08 18:45 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll

+ 2010-10-08 18:47 . 2010-10-08 18:47 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2010-10-08 18:48 . 2010-10-08 18:48 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll

+ 2010-10-08 19:01 . 2010-10-08 19:01 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll

+ 2010-10-08 18:53 . 2010-10-08 18:53 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll

+ 2010-10-08 18:53 . 2010-10-08 18:53 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll

+ 2010-10-08 18:48 . 2010-10-08 18:48 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll

+ 2010-10-08 18:48 . 2010-10-08 18:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll

+ 2010-10-08 18:49 . 2010-10-08 18:49 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll

+ 2010-10-08 18:57 . 2010-10-08 18:57 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll

+ 2010-10-08 18:44 . 2010-10-08 18:44 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll

+ 2010-10-08 18:57 . 2010-10-08 18:57 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\a055d54c458b7557d957c714551873c3\sysglobl.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe

+ 2010-10-08 18:56 . 2010-10-08 18:56 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe

+ 2010-10-08 18:50 . 2010-10-08 18:50 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll

+ 2010-10-08 18:52 . 2010-10-08 18:52 601088 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\5992531957a9798c170762ed64254ee9\PaintDotNet.SystemLayer.ni.dll

+ 2010-10-08 18:52 . 2010-10-08 18:52 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\7f308bde56a1b7f934c1212c811e92c0\PaintDotNet.Resources.ni.dll

+ 2010-10-08 18:52 . 2010-10-08 18:52 643072 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\b1cdfcb72de43fffb129d9e10eeeb5a7\PaintDotNet.Effects.ni.dll

+ 2010-10-08 18:52 . 2010-10-08 18:52 695808 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\c968f0b611ac0be6d23907a032d22785\PaintDotNet.Data.ni.dll

+ 2010-10-08 18:52 . 2010-10-08 18:52 227328 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\36d90c944406230354b48cdc43ff5bb4\PaintDotNet.Base.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe

+ 2010-10-08 18:56 . 2010-10-08 18:56 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2010-10-08 18:45 . 2010-10-08 18:45 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2010-10-08 18:52 . 2010-10-08 18:52 504320 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\eaaef15d9ee3bdd5f303f999220d7ee8\ICSharpCode.SharpZipLib.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe

+ 2010-10-08 18:52 . 2010-10-08 18:52 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-06-24 02:04 . 2010-06-24 02:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2010-06-24 02:04 . 2010-06-24 02:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-06-24 02:04 . 2010-06-24 02:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-06-24 02:04 . 2010-06-24 02:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-06-24 02:04 . 2010-06-24 02:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2008-04-25 20:33 . 2010-06-23 13:44 1851904 c:\windows\system32\win32k.sys

- 2008-04-25 20:33 . 2010-04-16 16:09 1509888 c:\windows\system32\shdocvw.dll

+ 2008-04-25 20:33 . 2010-06-24 12:10 1509888 c:\windows\system32\shdocvw.dll

+ 2008-04-25 20:33 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe

- 2008-04-25 20:33 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe

+ 2008-04-14 00:01 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe

- 2008-04-14 00:01 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe

+ 2008-04-25 20:33 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll

- 2008-04-25 20:33 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll

+ 2008-04-25 20:33 . 2010-06-24 12:10 3073024 c:\windows\system32\mshtml.dll

- 2008-04-25 20:33 . 2010-04-16 16:09 3073024 c:\windows\system32\mshtml.dll

+ 2009-02-09 11:13 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys

+ 2009-03-02 23:04 . 2010-06-24 12:10 1509888 c:\windows\system32\dllcache\shdocvw.dll

- 2009-03-02 23:04 . 2010-04-16 16:09 1509888 c:\windows\system32\dllcache\shdocvw.dll

- 2009-05-23 01:08 . 2010-02-17 08:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2009-05-23 01:08 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe

- 2009-05-23 01:08 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2009-05-23 01:08 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2009-02-07 17:02 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2009-02-07 17:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2009-05-23 01:08 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2009-05-23 01:08 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2009-05-23 01:01 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll

- 2009-05-23 01:01 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll

- 2009-02-20 08:11 . 2010-04-16 16:09 3073024 c:\windows\system32\dllcache\mshtml.dll

+ 2009-02-20 08:11 . 2010-06-24 12:10 3073024 c:\windows\system32\dllcache\mshtml.dll

+ 2010-03-10 02:31 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe

- 2010-03-10 02:31 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe

- 2010-03-10 04:33 . 2010-04-16 16:09 1025024 c:\windows\system32\dllcache\browseui.dll

+ 2010-03-10 04:33 . 2010-06-24 12:10 1025024 c:\windows\system32\dllcache\browseui.dll

- 2008-04-25 20:33 . 2010-04-16 16:09 1025024 c:\windows\system32\browseui.dll

+ 2008-04-25 20:33 . 2010-06-24 12:10 1025024 c:\windows\system32\browseui.dll

- 2010-03-23 04:32 . 2010-03-23 04:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-09-22 08:44 . 2010-09-22 08:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

- 2009-08-07 22:51 . 2009-08-07 22:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2010-04-01 10:42 . 2010-04-01 10:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2010-09-23 14:55 . 2010-09-23 14:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

- 2010-04-01 10:42 . 2010-04-01 10:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2010-09-23 14:55 . 2010-09-23 14:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2010-03-31 13:50 . 2010-03-31 13:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2010-09-23 01:26 . 2010-09-23 01:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2010-09-23 01:25 . 2010-09-23 01:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

- 2010-04-01 10:42 . 2010-04-01 10:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2010-09-23 14:55 . 2010-09-23 14:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2010-07-09 16:28 . 2010-07-09 16:28 2151424 c:\windows\Installer\299d071.msp

+ 2010-09-23 06:39 . 2010-09-23 06:39 4265472 c:\windows\Installer\299d044.msp

+ 2010-07-10 19:14 . 2010-07-10 19:14 2850816 c:\windows\Installer\299d024.msp

- 2009-03-16 04:18 . 2010-05-05 06:15 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe

+ 2009-03-16 04:18 . 2010-10-08 18:44 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe

+ 2009-03-16 04:18 . 2010-10-08 18:44 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe

- 2009-03-16 04:18 . 2010-05-05 06:15 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe

+ 2007-11-28 02:33 . 2007-11-28 02:33 2901344 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22194_wksssdb.dll

- 2009-05-23 01:08 . 2010-02-17 08:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-05-23 01:08 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-05-23 01:08 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-05-23 01:08 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-02-07 17:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-02-07 17:02 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2009-05-23 01:08 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2009-05-23 01:08 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2010-10-08 18:23 . 2010-10-08 18:23 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b088fae6\System.dll

+ 2010-10-08 18:22 . 2010-10-08 18:22 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_25e45c88\System.dll

+ 2010-10-08 18:24 . 2010-10-08 18:24 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9e5b8969\System.Xml.dll

+ 2010-10-08 18:22 . 2010-10-08 18:22 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9983181a\System.Xml.dll

+ 2010-10-08 18:23 . 2010-10-08 18:23 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_988bb74a\System.Windows.Forms.dll

+ 2010-10-08 18:22 . 2010-10-08 18:22 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_1393b2cd\System.Windows.Forms.dll

+ 2010-10-08 18:24 . 2010-10-08 18:24 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2c0a9acd\System.Drawing.dll

+ 2010-10-08 18:24 . 2010-10-08 18:24 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b0fe3193\System.Design.dll

+ 2010-10-08 18:23 . 2010-10-08 18:23 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2bcec535\System.Design.dll

+ 2010-10-08 18:23 . 2010-10-08 18:23 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_087b423a\mscorlib.dll

+ 2010-10-08 18:24 . 2010-10-08 18:24 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0318edc4\mscorlib.dll

+ 2010-10-08 18:54 . 2010-10-08 18:54 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d13674449b3ae21327820bddbd7e445f\WindowsLive.Writer.PostEditor.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c266f56473a94ee07c092381c2ff9522\WindowsLive.Writer.CoreServices.ni.dll

+ 2010-10-08 18:55 . 2010-10-08 18:55 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ba732eb3a84c96e8bf60495395efbfac\WindowsLive.Writer.ApplicationFramework.ni.dll

+ 2010-10-08 18:45 . 2010-10-08 18:45 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll

+ 2010-10-08 18:44 . 2010-10-08 18:44 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll

+ 2010-10-08 18:44 . 2010-10-08 18:44 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll

+ 2010-10-08 19:01 . 2010-10-08 19:01 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll

+ 2010-10-08 19:01 . 2010-10-08 19:01 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll

+ 2010-10-08 18:49 . 2010-10-08 18:49 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll

+ 2010-10-08 19:00 . 2010-10-08 19:00 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll

+ 2010-10-08 18:53 . 2010-10-08 18:53 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll

+ 2010-10-08 18:48 . 2010-10-08 18:48 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll

+ 2010-10-08 18:53 . 2010-10-08 18:53 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll

+ 2010-10-08 18:46 . 2010-10-08 18:46 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll

+ 2010-10-08 18:48 . 2010-10-08 18:48 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll

+ 2010-10-08 18:46 . 2010-10-08 18:46 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll

+ 2010-10-08 18:48 . 2010-10-08 18:48 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll

+ 2010-10-08 18:44 . 2010-10-08 18:45 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll

+ 2010-10-08 18:50 . 2010-10-08 18:50 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll

+ 2010-10-08 18:48 . 2010-10-08 18:48 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll

+ 2010-10-08 18:48 . 2010-10-08 18:48 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll

+ 2010-10-08 18:44 . 2010-10-08 18:44 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll

+ 2010-10-08 18:52 . 2010-10-08 18:52 2019840 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\5bbdb6d6fbae6e06b8133fb8f610f04c\PaintDotNet.ni.exe

+ 2010-10-08 18:52 . 2010-10-08 18:52 1812480 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\3777baeedc31f8e096cf2bf5939006e2\PaintDotNet.Core.ni.dll

+ 2010-10-08 18:57 . 2010-10-08 18:57 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll

+ 2010-10-08 18:59 . 2010-10-08 18:59 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-10-08 18:56 . 2010-10-08 18:56 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-06-24 02:04 . 2010-06-24 02:04 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2010-06-24 02:04 . 2010-06-24 02:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-10-08 18:43 . 2010-10-08 18:43 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2009-08-16 07:17 . 2009-08-16 07:17 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-06-24 02:03 . 2010-06-24 02:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-10-08 18:40 . 2010-10-08 18:40 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-06-24 02:04 . 2010-06-24 02:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2010-10-08 18:41 . 2010-10-08 18:41 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2010-10-08 18:21 . 2010-10-08 18:21 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2010-06-12 12:42 . 2010-06-12 12:42 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2010-06-12 12:42 . 2010-06-12 12:42 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-10-08 18:21 . 2010-10-08 18:21 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2009-07-10 17:28 . 2010-09-10 13:34 35552200 c:\windows\system32\MRT.exe

+ 2010-09-24 13:08 . 2010-09-24 13:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp

+ 2010-05-19 12:08 . 2010-05-19 12:08 11408896 c:\windows\Installer\299d058.msp

+ 2010-10-08 18:34 . 2010-10-08 18:34 20303872 c:\windows\Installer\299d04f.msp

+ 2010-09-24 06:08 . 2010-09-24 06:08 17518080 c:\windows\Installer\299d03b.msp

+ 2010-10-08 18:47 . 2010-10-08 18:47 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll

+ 2010-10-08 18:49 . 2010-10-08 18:49 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll

+ 2010-10-08 18:54 . 2010-10-08 18:54 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\52ca772b93f517fc8fe53d0a240642b3\System.ServiceModel.ni.dll

+ 2010-10-08 18:49 . 2010-10-08 18:49 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll

+ 2010-10-08 18:48 . 2010-10-08 18:48 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll

+ 2010-10-08 18:46 . 2010-10-08 18:46 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll

+ 2010-10-08 18:43 . 2010-10-08 18:43 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]

"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-02-18 2441216]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Documents and Settings\\Renee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=

"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [3/16/2009 5:15 AM 14248]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/5/2010 9:23 PM 135336]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [3/16/2009 5:20 AM 135936]

R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [3/16/2009 6:55 AM 5088416]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/16/2009 6:55 AM 110080]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [3/16/2009 6:56 AM 148056]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [3/16/2009 6:56 AM 133472]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [3/16/2009 6:56 AM 271328]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/16/2009 6:55 AM 157696]

S0 jnflbj;jnflbj; [x]

S2 gupdate1c9d3bad7ddbe82;Google Update Service (gupdate1c9d3bad7ddbe82);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2009 12:06 PM 133104]

.

Contents of the 'Scheduled Tasks' folder

2010-10-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-13 11:04]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0cb44bbadc58.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 11:06]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368029214-2977675976-3612118479-1006Core1cb181170e8386e.job

- c:\documents and settings\Renee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 23:43]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - c:\documents and settings\Renee\Application Data\Mozilla\Firefox\Profiles\iln3xm31.default\

FF - plugin: c:\documents and settings\Renee\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Renee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\Renee\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Common Files\Motive\npMotive.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2010-10-09 10:40:30

ComboFix-quarantined-files.txt 2010-10-09 09:40

ComboFix2.txt 2010-10-08 06:05

Pre-Run: 130,870,493,184 bytes free

Post-Run: 130,878,656,512 bytes free

- - End Of File - - AC4BCA30544AD8E1D93F5F49AF7FF3BF

Link to post
Share on other sites

My script was not activated. Please delete your copy of ComboFix, download a new fresh one and try again:

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

Driver::
jnflbj

File::
C:\WINDOWS\system32\drivers\jnflbj.sys

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Done as instructed, log below. Thanks!

ComboFix 10-10-09.03 - renee 10/09/2010 23:04:47.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.229 [GMT 1:00]

Running from: c:\documents and settings\renee\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\renee\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::

"c:\windows\system32\drivers\jnflbj.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\renee\Local Settings\Temporary Internet Files\mccEE.tmp

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_JNFLBJ

-------\Service_jnflbj

((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))

.

2010-10-08 05:41 . 2010-10-08 06:05 -------- d-----w- C:\Combo-Fix

2010-10-06 06:54 . 2010-10-06 06:54 -------- d-----w- c:\documents and settings\renee\Application Data\Avira

2010-10-05 20:23 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-10-05 20:23 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-05 20:23 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-10-05 20:23 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-10-05 20:23 . 2010-10-05 20:23 -------- d-----w- c:\program files\Avira

2010-10-05 20:23 . 2010-10-05 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-09-30 21:53 . 2010-10-05 22:22 -------- d-----w- c:\windows\system32\NtmsData

2010-09-18 12:45 . 2010-09-18 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-18 12:45 . 2010-09-18 12:57 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-18 00:31 . 2010-09-18 00:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]

"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-02-18 2441216]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Documents and Settings\\renee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=

"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [3/16/2009 5:15 AM 14248]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/5/2010 9:23 PM 135336]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [3/16/2009 5:20 AM 135936]

R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [3/16/2009 6:55 AM 5088416]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/16/2009 6:55 AM 110080]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [3/16/2009 6:56 AM 148056]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [3/16/2009 6:56 AM 133472]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [3/16/2009 6:56 AM 271328]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/16/2009 6:55 AM 157696]

S2 gupdate1c9d3bad7ddbe82;Google Update Service (gupdate1c9d3bad7ddbe82);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2009 12:06 PM 133104]

.

Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-13 11:04]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0cb44bbadc58.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 11:06]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368029214-2977675976-3612118479-1006Core1cb181170e8386e.job

- c:\documents and settings\renee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 23:43]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - c:\documents and settings\renee\Application Data\Mozilla\Firefox\Profiles\iln3xm31.default\

FF - plugin: c:\documents and settings\renee\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\renee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\renee\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Common Files\Motive\npMotive.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2288)

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe

c:\program files\Skype\Phone\Skype.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-10-09 23:21:00 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-09 22:20

ComboFix2.txt 2010-10-09 09:40

ComboFix3.txt 2010-10-08 06:05

Pre-Run: 130,837,987,328 bytes free

Post-Run: 130,760,843,264 bytes free

- - End Of File - - 3EFEAA49E5E1AFCEBD94191487F90DB8

Link to post
Share on other sites

You're welcome! :o Here some final steps:

Step 1

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete JavaRa. Please uninstall HiJackThis 2.0.4 .

Step 3

Please download and install the latest version of Java from:

www.java.com/en

Step 4

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Safe surfing! :o

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.