Jump to content

I restarted and now everything is gone :(


Recommended Posts

Well I already posted this before, just in the wrong forum so here we go;

Its so weird this should happen to me; I've been having this problem with my web browsers, Firefox and Chrome. The problem was whenever trying to access certain sites those browsers would freeze up and considerably slow down like a dying dinosaur which would obligate me to manually terminate them by whatever means. After terminating and trying to reopen the browsers I would get errors of profile still open.

For Firefox the only solution was to restart the entire system; for Chrome I only had to open up task manager and end its process - even though there would still be a previous chrome process running after I start up a new one and trying to kill the Firefox process ended with no dice.

Trying to solve this I ran all types of scans to check what was up. I used Ad-aware, Spybot-S&D, I removed Microsoft security Essentials and replaced it with AVG antivirus, I already had installed SuperAntiSpyware but it didn't seem to helping my problem though very helpful in finding some trojans lurking around. I use advanced system care so the Iobit Malware fighter is also part of my virus fighting arsenal. Strangely I always had Malwarebytes but hardly used it because it didn't seem to really protect me nor did it pick up anything during scans which my other programs would normally pick up on so I basically left it in a corner for months but today I just updated it from version 4 to 5 and now I see a big difference in the two and even greater benefits to come along with the later version.

But all in all I fear its too late for me cause right now my entire Window XP OS has restored straight to 'first-date' setting and now everything has renewed and I'm missing many programs which used to be apart of my desktop. They're still there in the hard drive though thankfully. My custom wallpaper is now the windows default grassy plains with clouds above and the little tweaks and custom bits I added to make my pc more 'me' has now been smudged away and rinsed cleanly all back to default settings. I find the defaults really ugly and unappealing - now everything must be started ever once more - but I won't do anything cause I can still tell whatever did this to my registry is still there and that's why I'm posting this!

Before this happened there were a lot of suspicious activity going on in my processes; I could see what in security task manager. I believe 'something' was running all around in windows32 area and overtime disguising theirselves as genuine applications or hiding behind such while modifying things until this happened

Even now its sad to know that malicious things can really destroy the framework of everything in your pc and leave you with a worthless trash that doesn't work. For me its more trouble than its worth to be trying to self fix this - I've been trying to for 3 weeks now with no success! This is what it's come to now =/

I knew of a file, scvlhosts.exe(not sure if that's the correct spelling)that I believe was malicious cause it was found in drive c: but I don't have a drive c: , all i have is C: (notice the capital letters) so I deleted it but still other things weren't going on or at least I think things weren't going on normally.

I learned about this site today as well and was following the first basic procedure for removing malware. I downloaded the defogger tool and ran it but it never prompted me to restart the system(is that normal btw?) ...So getting impatient I went myself to restart the computer and here I am now - and I can't restore anything cause I turned it off, you know, a standard advice given to xp users to not accidentally restore bad data.

I don't have a window backup cd too so I'm just in bad luck

The Iobit malware fighter recently picked up a program trying to modify the registry(while in the new hated mode) but I forgot its name, ctfmon.exe I think - I blocked it but not really sure if that helped. Spybot has been removed from the desktop along with many other programs and when trying to reinstall it back to the desktop I get a runtime error - "Runtime Error (at-1:0): Cannot Import dll:C:\Program Files\Spybot - Search & Destroy\UninsSrv.dll."

I'm so unlucky this is happening, please just try whatever to help me before its too late

Thank you in advance for trying

Here's the most recent Mbam scan log here;

mbam-log-2011-10-02 (04-26-37).txt

I had problems trying to download the GMER scanner - again I'm still having browser lagging and freezing issues. At least I still got through with DDS, the DDS.txt file here;

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by C.Henry at 10:08:00 on 2011-10-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.906 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\devldr32.exe

svchost.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: H - No File

mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tu2011\winstyler\tu_logonui.exe

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll

BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File

BHO: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

BHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:\program files\corestreet\spoofstick\SpoofStickBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll

TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dll

TB: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290136917968

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282520954890

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 63.245.66.41 63.245.66.42

TCP: Interfaces\{031219DC-6F85-4FF2-B3BF-A18390BC98F3} : DhcpNameServer = 63.245.66.41 63.245.66.42

TCP: Interfaces\{B0976CA2-33CD-4EFD-AAC2-6DCFB3AB5BF8} : DhcpNameServer = 63.245.66.41 63.245.66.42

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\c.henry.upgrade\application data\mozilla\firefox\profiles\5iierj4b.default\

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

.

============= FINISH: 10:10:22.64 ===============

Again I really appreciate anyone helping with my problem(Y)

attach.zip

Link to post
Share on other sites

Hello again even though no one hasn't replied to my thread yet.

I'm just updating here to tell I now have a windows backup disk so I'm gonna clean this computer.

I just wish I could get a reply sooner so I could be guided through this process; I'll just look around this forum concerning that, until someone posts here...

Link to post
Share on other sites

It's ok, I'm happy you came

Here's the Combofix logfile;

ComboFix 11-10-08.05 - C.Henry 10/08/2011 19:51:31.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.888 [GMT -4:00]

Running from: c:\documents and settings\C.Henry.UPGRADE\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\C.Henry.UPGRADE\Application Data\PriceGong

c:\documents and settings\C.Henry.UPGRADE\Application Data\PriceGong\Data\mru.xml

c:\windows\system32\d3d9caps.dat

c:\windows\system32\drivers\etc\hosts.txt

.

.

((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))

.

.

2011-10-08 22:02 . 2011-10-08 22:02 -------- d-----w- c:\windows\LastGood

2011-10-08 20:19 . 2011-10-08 20:20 -------- d-----w- c:\program files\Sony Media Go Install

2011-10-04 02:50 . 2011-10-09 00:06 -------- d-----w- c:\program files\SPYBOT - SEARCH & DESTROY

2011-10-02 06:44 . 2011-09-21 18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-10-02 01:09 . 2011-10-08 18:41 -------- d-----w- c:\documents and settings\C.Henry.UPGRADE

2011-10-01 22:25 . 2011-10-08 08:15 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-10-01 17:43 . 2011-10-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB

2011-10-01 17:42 . 2011-10-01 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-10-01 17:39 . 2011-10-01 17:39 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2011-10-01 04:21 . 2011-10-01 04:21 -------- d--h--w- c:\windows\PIF

2011-09-30 16:17 . 2011-10-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-09-30 16:16 . 2011-10-01 04:50 -------- d-----w- c:\program files\Security Task Manager

2011-09-30 06:45 . 2011-09-30 06:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-09-29 15:45 . 2011-09-29 15:45 50688 ----a-w- C:\ATF-Cleaner.exe

2011-09-29 01:05 . 2011-09-29 01:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs

2011-09-29 01:03 . 2011-09-29 01:04 262 ----a-w- C:\wallpaperviews.vbs

2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\program files\SystemRequirementsLab

2011-09-27 21:06 . 2011-10-01 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-24 18:58 . 2011-09-21 18:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-09-22 15:58 . 2011-09-22 15:58 -------- d-----w- C:\$AVG

2011-09-22 15:20 . 2011-09-22 15:20 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-09-22 15:20 . 2011-09-22 15:20 -------- d-----w- c:\program files\AVG Secure Search

2011-09-22 15:19 . 2011-10-07 13:03 -------- d-----w- c:\windows\system32\drivers\AVG

2011-09-22 15:19 . 2011-09-22 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-09-21 18:54 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-09-21 18:53 . 2011-09-21 18:53 -------- d-----w- c:\program files\Lavasoft

2011-09-21 18:53 . 2011-09-21 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-09-11 12:30 . 2011-09-11 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 15:02 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe

2011-10-01 04:57 . 2007-11-07 12:12 232960 ----a-w- C:\VC_RED.MSI

2011-10-01 02:12 . 2003-10-06 18:16 7700480 ----a-w- c:\windows\system32\nvcpl.dll

2011-09-30 22:56 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-09-30 19:19 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe

2011-09-29 12:02 . 2011-05-16 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 19:32 . 2004-08-04 12:00 142336 ----a-w- c:\windows\system32\nwprovau.dll

2011-09-13 10:30 . 2011-07-11 05:13 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 21:00 . 2010-11-07 12:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-19 20:33 . 2011-09-06 00:27 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-08-08 10:08 . 2011-08-08 10:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-11 05:14 . 2011-07-11 05:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-07-11 05:14 . 2011-07-11 05:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-07-11 05:14 . 2011-07-11 05:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys

2011-07-11 05:14 . 2011-07-11 05:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys

2011-07-11 05:14 . 2011-07-11 05:14 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-07-11 05:13 . 2011-07-11 05:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-01-26 14:11 . 2010-11-22 01:06 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2004-09-12 19:10 . 2010-11-25 01:36 11578 ----a-r- c:\program files\Replacer.cmd

2011-09-29 06:53 . 2011-10-02 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit2.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-09-22 15:20 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-22 1451336]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\C.Henry.UPGRADE\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-01 7700480]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-20 4393816]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-22 218440]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TU2011\WinStyler\tu_logonui.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=

"c:\\Program Files\\KingsIsle Entertainment\\Wizard101\\Wizard101.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Documents and Settings\\C.Henry\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"UpdateSvchost"= c:\\WINDOWS\\optimashit\\svchost.exe

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Documents and Settings\\C.Henry\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Documents and Settings\\C.Henry.UPGRADE\\Application Data\\mjusbsp\\magicJack.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"20200:UDP"= 20200:UDP:Free Realms tm

"20299:UDP"= 20299:UDP:Free Realms tm2

"6881:TCP"= 6881:TCP:Port 6881

"53952:TCP"= 53952:TCP:port 53952

"44191:TCP"= 44191:TCP:Port 44191

"86:TCP"= 86:TCP:BroadCam Video Streaming Server TCP/IP Port

"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server

"20201:UDP"= 20201:UDP:Port 20201

"20202:UDP"= 20202:UDP:Port 20202

"20203:UDP"= 20203:UDP:Port 20203

"20204:UDP"= 20204:UDP:Port 20204

"20205:UDP"= 20205:UDP:Port 20205

"20206:UDP"= 20206:UDP:Port 20206

"20207:UDP"= 20207:UDP:Port 20207

"20208:UDP"= 20208:UDP:Port 20208

"20209:UDP"= 20209:UDP:Port 20209

"20210:UDP"= 20210:UDP:Port 20210

"20211:UDP"= 20211:UDP:20211

"20212:UDP"= 20212:UDP:Port 20212

"20213:UDP"= 20213:UDP:Port 20213

"20214:UDP"= 20214:UDP:Port 20214

"20215:UDP"= 20215:UDP:Port 20215

"20216:UDP"= 20216:UDP:Port 20216

"20217:UDP"= 20217:UDP:Port 20217

"20218:UDP"= 20218:UDP:Port 20218

"20219:UDP"= 20219:UDP:Port 20219

"20220:UDP"= 20220:UDP:Port 20220

"20221:UDP"= 20221:UDP:Port 20221

"20222:UDP"= 20222:UDP:Port 20222

"20223:UDP"= 20223:UDP:Port 20223

"20224:UDP"= 20224:UDP:Port 20224

"20225:UDP"= 20225:UDP:Port 20225

"20226:UDP"= 20226:UDP:Port 20226

"20227:UDP"= 20227:UDP:Port 20227

"20228:UDP"= 20228:UDP:Port 20228

"20229:UDP"= 20229:UDP:Port 20229

"20230:UDP"= 20230:UDP:Port 20230

"20231:UDP"= 20231:UDP:Port 20231

"20232:UDP"= 20232:UDP:Port 20232

"20233:UDP"= 20233:UDP:Port 20233

"20234:UDP"= 20234:UDP:Port 20234

"20235:UDP"= 20235:UDP:Port 20235

"20236:UDP"= 20236:UDP:Port 20236

"20237:UDP"= 20237:UDP:Port 20237

"20238:UDP"= 20238:UDP:Port 20238

"20239:UDP"= 20239:UDP:Port 20239

"20240:UDP"= 20240:UDP:Port 20240

"20241:UDP"= 20241:UDP:Port 20241

"20242:UDP"= 20242:UDP:Port 20242

"20243:UDP"= 20243:UDP:Port 20243

"20244:UDP"= 20244:UDP:Port 20244

"20245:UDP"= 20245:UDP:Port 20245

"20246:UDP"= 20246:UDP:Port 20246

"20247:UDP"= 20247:UDP:Port 20247

"20248:UDP"= 20248:UDP:Port 20248

"20249:UDP"= 20249:UDP:Port 20249

"20250:UDP"= 20250:UDP:Port 20250

"20251:UDP"= 20251:UDP:Port 20251

"20252:UDP"= 20252:UDP:Port 20252

"20253:UDP"= 20253:UDP:Port 20253

"20254:UDP"= 20254:UDP:Port 20254

"20255:UDP"= 20255:UDP:Port 20255

"20256:UDP"= 20256:UDP:Port 20256

"20257:UDP"= 20257:UDP:Port 20257

"20258:UDP"= 20258:UDP:Port 20258

"20259:UDP"= 20259:UDP:Port 20259

"20260:UDP"= 20260:UDP:Port 20260

"20261:UDP"= 20261:UDP:Port 20261

"20262:UDP"= 20262:UDP:Port 20262

"20263:UDP"= 20263:UDP:Port 20263

"20264:UDP"= 20264:UDP:Port 20264

"20265:UDP"= 20265:UDP:port 20265

"20266:UDP"= 20266:UDP:Port 20266

"20267:UDP"= 20267:UDP:Port 20267

"20268:UDP"= 20268:UDP:Port 20268

"20269:UDP"= 20269:UDP:Port 20269

"20270:UDP"= 20270:UDP:Port 20270

"20271:UDP"= 20271:UDP:Port 20271

"20272:UDP"= 20272:UDP:Port 20272

"20273:UDP"= 20273:UDP:Port 20273

"20274:UDP"= 20274:UDP:Port 20274

"20275:UDP"= 20275:UDP:Port 20275

"20276:UDP"= 20276:UDP:port 20276

"20277:UDP"= 20277:UDP:Port 20277

"20278:UDP"= 20278:UDP:Port 20278

"20279:UDP"= 20279:UDP:Port 20279

"20280:UDP"= 20280:UDP:Port 20280

"20281:UDP"= 20281:UDP:Port 20281

"20282:UDP"= 20282:UDP:Port 20282

"20283:UDP"= 20283:UDP:Port 20283

"20284:UDP"= 20284:UDP:Port 20284

"20285:UDP"= 20285:UDP:Port 20285

"20286:UDP"= 20286:UDP:Port 20286

"20287:UDP"= 20287:UDP:Port 20287

"20288:UDP"= 20288:UDP:Port 20288

"20289:UDP"= 20289:UDP:Port 20289

"20290:UDP"= 20290:UDP:Port 20290

"20291:UDP"= 20291:UDP:Port 20291

"20292:UDP"= 20292:UDP:Port 20292

"20293:UDP"= 20293:UDP:Port 20293

"20294:UDP"= 20294:UDP:Port 20294

"20296:UDP"= 20296:UDP:Port 20296

"20297:UDP"= 20297:UDP:Port 20297

"20295:UDP"= 20295:UDP:Port 20295

"20298:UDP"= 20298:UDP:Port 20298

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 32592]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/21/2011 2:54 PM 64512]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/5/2011 8:27 PM 14776]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [9/5/2011 8:24 PM 328536]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [9/5/2011 8:26 PM 820568]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 11:25 AM 26872]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/15/2011 11:25 AM 488952]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 8:48 AM 366152]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [7/22/2011 2:26 PM 690472]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [9/22/2011 11:20 AM 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 8:48 AM 22216]

R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [9/5/2011 8:26 PM 30368]

R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [9/5/2011 8:26 PM 16080]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S1 MpKsl0fa035be;MpKsl0fa035be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys [?]

S1 MpKsl0fbb6989;MpKsl0fbb6989;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys [?]

S1 MpKsl30d36f72;MpKsl30d36f72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys [?]

S1 MpKsl333bf458;MpKsl333bf458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys [?]

S1 MpKsl46a99366;MpKsl46a99366;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys [?]

S1 MpKsl59e99f45;MpKsl59e99f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys [?]

S1 MpKsl681962f3;MpKsl681962f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys [?]

S1 MpKsl6fff11b7;MpKsl6fff11b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys [?]

S1 MpKsl72ab06f5;MpKsl72ab06f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys [?]

S1 MpKsl7385528c;MpKsl7385528c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys [?]

S1 MpKsl790e18a0;MpKsl790e18a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys [?]

S1 MpKsl836a2924;MpKsl836a2924;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys [?]

S1 MpKsl85f9705b;MpKsl85f9705b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys [?]

S1 MpKsl8836105c;MpKsl8836105c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys [?]

S1 MpKsl9496f593;MpKsl9496f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys [?]

S1 MpKsl952967d3;MpKsl952967d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys [?]

S1 MpKsl9e395e06;MpKsl9e395e06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys [?]

S1 MpKsl9ebaeedb;MpKsl9ebaeedb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys [?]

S1 MpKslc8e71ba2;MpKslc8e71ba2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys [?]

S1 MpKsle6108664;MpKsle6108664;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys [?]

S1 MpKsle7a8409d;MpKsle7a8409d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys [?]

S1 MpKslf660ee8d;MpKslf660ee8d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1ca2c9565ca07ae;Google Update Service (gupdate1ca2c9565ca07ae);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2151640]

S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [11/18/2010 1:53 AM 38976]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]

S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [10/16/2010 12:59 PM 1175556]

S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [9/5/2011 8:26 PM 239600]

S4 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 3:25 PM 15232]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - LAVASOFT_KERNEXPLORER

*Deregistered* - PAGEDFRG

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-08 c:\windows\Tasks\Ad-Aware Scan (everyday protection).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:59]

.

2011-10-08 c:\windows\Tasks\Ad-Aware Scan (Weekly protection).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:59]

.

2011-10-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:59]

.

2011-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-10-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-09-06 20:40]

.

2011-07-03 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files\Defraggler\df.exe [2011-09-13 09:45]

.

2011-09-12 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00]

.

2011-06-06 c:\windows\Tasks\expressripShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02]

.

2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-06-06 c:\windows\Tasks\pixillionShakeIcon.job

- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59]

.

2011-06-06 c:\windows\Tasks\prismDowngrade.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-07-09 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-10-08 c:\windows\Tasks\User_Feed_Synchronization-{4D2ABBC6-BA46-42D6-ADD5-C2E6C2D58B6A}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-10-08 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-06-06 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03]

.

2011-06-06 c:\windows\Tasks\wavepadDowngrade.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

2011-06-06 c:\windows\Tasks\wavepadShakeIcon.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 63.245.66.41 63.245.66.42

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\C.Henry.UPGRADE\Application Data\Mozilla\Firefox\Profiles\5iierj4b.default\

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 640000

FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\C.Henry.UPGRADE\\Desktop

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.download.useDownloadDir - false

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.startup.homepage_override.buildID - 20110928134238

FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1

FF - user.js: browser.syncPromoViewsLeft - 2

FF - user.js: dom.disable_window_flip - false

FF - user.js: extensions.blocklist.pingCountTotal - 2

FF - user.js: extensions.blocklist.pingCountVersion - 2

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 5

FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342A-8307-11DF-A508-4AE2DFD72085}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\:{\descriptor\:\c:\\\\Program Files\\\\CheckPoint\\\\ZAForceField\\\\TrustChecker\,\mtime\:1317440292281},\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]

FF - user.js: extensions.lastAppVersion - 7.0.1

FF - user.js: extensions.lastPlatformVersion - 7.0.1

FF - user.js: extensions.pendingOperations - false

FF - user.js: font.internaluseonly.changed - true

FF - user.js: gfx.blacklist.direct2d - 3

FF - user.js: gfx.blacklist.layers.direct3d10 - 3

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3

FF - user.js: gfx.blacklist.layers.direct3d9 - 3

FF - user.js: gfx.blacklist.layers.opengl - 3

FF - user.js: gfx.blacklist.webgl.angle - 3

FF - user.js: gfx.blacklist.webgl.opengl - 3

FF - user.js: idle.lastDailyNotification - 1317649027

FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1317649027

FF - user.js: places.history.expiration.transient_current_max_pages - 42924

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1317523296

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

BHO-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)

Toolbar-Locked - (no file)

Toolbar-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-08 20:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1104)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

.

- - - - - - - > 'lsass.exe'(1164)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

Completion time: 2011-10-08 20:47:08

ComboFix-quarantined-files.txt 2011-10-09 00:46

.

Pre-Run: 50,846,928,896 bytes free

Post-Run: 51,049,959,424 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut /TUTag=TXUGW3

.

- - End Of File - - 2F0DFDB9FD2E979C1FCEE03993E4F1F4

I never knew that after running Combofix there would be an automatic DDS scan, but my scans failed numerously when Cfx did its job and it never automatically restored from blanking out the taskbar - luckily I knew about the explorer.exe task in Task manager so that helped but I never got any DDS files after about 20 mins from running Combofix, so I ran one later, right here;

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by C.Henry at 22:00:38 on 2011-10-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.679 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: ZoneAlarm Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

svchost.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Documents and Settings\C.Henry\My Documents\Downloads\SoftonicDownloader_for_vdownloader.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\explorer.exe

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\C.Henry.UPGRADE\Application Data\mjusbsp\magicJack.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tu2011\winstyler\tu_logonui.exe

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll

BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

BHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:\program files\corestreet\spoofstick\SpoofStickBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll

TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

uRun: [cdloader] "c:\documents and settings\c.henry.upgrade\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290136917968

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282520954890

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 63.245.66.41 63.245.66.42

TCP: Interfaces\{031219DC-6F85-4FF2-B3BF-A18390BC98F3} : DhcpNameServer = 63.245.66.41 63.245.66.42

TCP: Interfaces\{B0976CA2-33CD-4EFD-AAC2-6DCFB3AB5BF8} : DhcpNameServer = 63.245.66.41 63.245.66.42

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\c.henry.upgrade\application data\mozilla\firefox\profiles\5iierj4b.default\

.

---- FIREFOX POLICIES ----

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 640000

FF - user.js: browser.download.lastDir - c:\\documents and settings\\c.henry.upgrade\\Desktop

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.download.useDownloadDir - false

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.startup.homepage_override.buildID - 20110928134238

FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1

FF - user.js: browser.syncPromoViewsLeft - 2

FF - user.js: dom.disable_window_flip - false

FF - user.js: extensions.blocklist.pingCountTotal - 2

FF - user.js: extensions.blocklist.pingCountVersion - 2

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 5

FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342a-8307-11df-a508-4ae2dfd72085}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{ffb96cc1-7eb3-449d-b827-db661701c6bb}\:{\descriptor\:\c:\\\\program files\\\\checkpoint\\\\zaforcefield\\\\trustchecker\,\mtime\:1317440292281},\{1e73965b-8b48-48be-9c8d-68b920abc1c4}\:{\descriptor\:\c:\\\\program files\\\\avg\\\\avg2012\\\\firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]

FF - user.js: extensions.lastAppVersion - 7.0.1

FF - user.js: extensions.lastPlatformVersion - 7.0.1

FF - user.js: extensions.pendingOperations - false

FF - user.js: font.internaluseonly.changed - true

FF - user.js: gfx.blacklist.direct2d - 3

FF - user.js: gfx.blacklist.layers.direct3d10 - 3

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3

FF - user.js: gfx.blacklist.layers.direct3d9 - 3

FF - user.js: gfx.blacklist.layers.opengl - 3

FF - user.js: gfx.blacklist.webgl.angle - 3

FF - user.js: gfx.blacklist.webgl.opengl - 3

FF - user.js: idle.lastDailyNotification - 1317649027

FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1317649027

FF - user.js: places.history.expiration.transient_current_max_pages - 42924

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1317523296

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

.

============= FINISH: 22:01:51.03 ===============

attach.zip

Link to post
Share on other sites

  • Root Admin

Okay well you have a bit of a mess going on here but we'll get you cleaned up and going well again.

STEP 01

You currently have 3 different Anti-Virus programs installed which is not good and can cause problems.

For now please fully uninstall the following programs. When we're done here you can decide which one you want to use.

AVG Anti-Virus Free Edition 2012

Lavasoft Ad-Watch Live! Anti-Virus

After removing AVG from the Add/Remove in Control panel you can also download and run this tool to help finish cleaning up any left over items.

AVG Manual Removal Tool

Then when that is done please run the following to also finish cleaning up after AVG

Remove AVG Anti-Virus WMI Registration

  1. Click on the Start menu.

  2. Select Run...

  3. Type wbemtest and click OK

  4. Click Connect

  5. Type (or copy/paste) root/SecurityCenter in the NameSpace box

  6. Click Connect

  7. Click on Query

  8. Type in or copy / paste
    SELECT * FROM AntiVirusProduct
    and click on Apply

If there is more than one result, it means there is more than one Antivirus program installed.

Double click on each result to view the properties for that Antivirus product.

Identify the product(s) installed and DELETE any records for
AVG

Delete_AV_From_WMI.gif

Also for now please uninstall the ZoneAlarm Firewall

After removal from the Add/Remove in Control panel you can use this tool to finish cleaning up any left overs.

ZoneAlarm Clean

STEP 02

Please download and run this program: unhide

STEP 03

After you run Uhide then run the following. Click on START - RUN and type in CMD and click Okay

Then in the DOS console type type following one line at a time and press the Enter Key after each.

NETSH  FIREWALL  RESET

netsh int ip reset c:\resetlog.txt

STEP 04

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

STEP 05

Please visit this site and restore Firefox back to the factory default settings.

Restore Firefox Default Settings Without Uninstalling It

STEP 06

From within Internet Explorer go to Tools/Internet Options/Advanced and click on the Reset button and then quit Internet Explorer.

STEP 07

Now delete your current copy of Combofix on the desktop and download a new fresh copy.

Combofix download

Then run Combofix again and post back the new log on your next reply and let me know if any programs have come back and how things look now.

Link to post
Share on other sites

Here's the Combo log;

ComboFix 11-10-09.01 - C.Henry 10/09/2011 12:19:11.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1557 [GMT -4:00]

Running from: c:\documents and settings\C.Henry.UPGRADE\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))

.

.

2011-10-09 13:43 . 2011-10-09 13:43 -------- d-----w- c:\program files\LAVASOFT

2011-10-08 20:19 . 2011-10-08 20:20 -------- d-----w- c:\program files\Sony Media Go Install

2011-10-04 02:50 . 2011-10-09 00:46 -------- d-----w- c:\program files\SPYBOT - SEARCH & DESTROY

2011-10-02 06:44 . 2011-09-21 18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-10-02 01:09 . 2011-10-09 14:09 -------- d-----w- c:\documents and settings\C.Henry.UPGRADE

2011-10-01 22:25 . 2011-10-09 08:15 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-10-01 17:43 . 2011-10-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB

2011-10-01 17:42 . 2011-10-01 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-10-01 17:39 . 2011-10-01 17:39 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2011-10-01 04:21 . 2011-10-01 04:21 -------- d-----w- c:\windows\PIF

2011-09-30 16:17 . 2011-10-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-09-30 16:16 . 2011-10-01 04:50 -------- d-----w- c:\program files\Security Task Manager

2011-09-30 06:45 . 2011-09-30 06:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-09-29 15:45 . 2011-09-29 15:45 50688 ----a-w- C:\ATF-Cleaner.exe

2011-09-29 01:05 . 2011-09-29 01:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs

2011-09-29 01:03 . 2011-09-29 01:04 262 ----a-w- C:\wallpaperviews.vbs

2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\program files\SystemRequirementsLab

2011-09-27 21:06 . 2011-10-01 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-24 18:58 . 2011-09-21 18:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-09-22 15:58 . 2011-09-22 15:58 -------- d-----w- C:\$AVG

2011-09-22 15:20 . 2011-10-09 13:49 -------- d-----w- c:\program files\AVG Secure Search

2011-09-22 15:19 . 2011-10-09 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-09-21 18:54 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-09-21 18:53 . 2011-10-09 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-09-11 12:30 . 2011-09-11 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 15:02 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe

2011-10-01 04:57 . 2007-11-07 12:12 232960 ----a-w- C:\VC_RED.MSI

2011-10-01 02:12 . 2003-10-06 18:16 7700480 ----a-w- c:\windows\system32\nvcpl.dll

2011-09-30 22:56 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-09-30 19:19 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe

2011-09-29 12:02 . 2011-05-16 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 19:32 . 2004-08-04 12:00 142336 ----a-w- c:\windows\system32\nwprovau.dll

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 21:00 . 2010-11-07 12:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-19 20:33 . 2011-09-06 00:27 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-01-26 14:11 . 2010-11-22 01:06 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2004-09-12 19:10 . 2010-11-25 01:36 11578 ----a-r- c:\program files\Replacer.cmd

2011-09-29 06:53 . 2011-10-02 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-09_00.43.50 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-04 12:00 . 2011-10-06 14:20 80870 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2011-10-09 15:47 80870 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2011-10-09 15:47 484600 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2011-10-06 14:20 484600 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit2.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\C.Henry.UPGRADE\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-01 7700480]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-20 4393816]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzMzMTE2NjcyLVQxLVRCOCsyLUZMKzgtQjEtU1QxMkZPSSsxLUREVCswLUVVTEErMS1TVDEyRkFQUCsx∏=90&ver=2012.0.1831&mid=0ae8a13333e4fa283e25609d3cf8a258-4b628844da1f1fb03cf3fccc0e864369d2f26c70" [?]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TU2011\WinStyler\tu_logonui.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/21/2011 2:54 PM 64512]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/5/2011 8:27 PM 14776]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [9/5/2011 8:24 PM 328536]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [9/5/2011 8:26 PM 820568]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 8:48 AM 366152]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [7/22/2011 2:26 PM 690472]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 8:48 AM 22216]

R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [9/5/2011 8:26 PM 30368]

R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [9/5/2011 8:26 PM 16080]

S1 MpKsl0fa035be;MpKsl0fa035be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys [?]

S1 MpKsl0fbb6989;MpKsl0fbb6989;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys [?]

S1 MpKsl30d36f72;MpKsl30d36f72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys [?]

S1 MpKsl333bf458;MpKsl333bf458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys [?]

S1 MpKsl46a99366;MpKsl46a99366;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys [?]

S1 MpKsl59e99f45;MpKsl59e99f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys [?]

S1 MpKsl681962f3;MpKsl681962f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys [?]

S1 MpKsl6fff11b7;MpKsl6fff11b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys [?]

S1 MpKsl72ab06f5;MpKsl72ab06f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys [?]

S1 MpKsl7385528c;MpKsl7385528c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys [?]

S1 MpKsl790e18a0;MpKsl790e18a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys [?]

S1 MpKsl836a2924;MpKsl836a2924;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys [?]

S1 MpKsl85f9705b;MpKsl85f9705b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys [?]

S1 MpKsl8836105c;MpKsl8836105c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys [?]

S1 MpKsl9496f593;MpKsl9496f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys [?]

S1 MpKsl952967d3;MpKsl952967d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys [?]

S1 MpKsl9e395e06;MpKsl9e395e06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys [?]

S1 MpKsl9ebaeedb;MpKsl9ebaeedb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys [?]

S1 MpKslc8e71ba2;MpKslc8e71ba2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys [?]

S1 MpKsle6108664;MpKsle6108664;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys [?]

S1 MpKsle7a8409d;MpKsle7a8409d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys [?]

S1 MpKslf660ee8d;MpKslf660ee8d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1ca2c9565ca07ae;Google Update Service (gupdate1ca2c9565ca07ae);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]

S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [11/18/2010 1:53 AM 38976]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [10/16/2010 12:59 PM 1175556]

S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [9/5/2011 8:26 PM 239600]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-10-09 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-09-06 20:40]

.

2011-07-03 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files\Defraggler\df.exe [2011-09-13 09:45]

.

2011-09-12 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00]

.

2011-06-06 c:\windows\Tasks\expressripShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-06-06 c:\windows\Tasks\pixillionShakeIcon.job

- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59]

.

2011-06-06 c:\windows\Tasks\prismDowngrade.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-07-09 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{4D2ABBC6-BA46-42D6-ADD5-C2E6C2D58B6A}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-06-06 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03]

.

2011-06-06 c:\windows\Tasks\wavepadDowngrade.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

2011-06-06 c:\windows\Tasks\wavepadShakeIcon.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 63.245.66.41 63.245.66.42

FF - ProfilePath - c:\documents and settings\C.Henry.UPGRADE\Application Data\Mozilla\Firefox\Profiles\5iierj4b.default\

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 640000

FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\C.Henry.UPGRADE\\Desktop

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.download.useDownloadDir - false

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.startup.homepage_override.buildID - 20110928134238

FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1

FF - user.js: browser.syncPromoViewsLeft - 2

FF - user.js: dom.disable_window_flip - false

FF - user.js: extensions.blocklist.pingCountTotal - 2

FF - user.js: extensions.blocklist.pingCountVersion - 2

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 5

FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342A-8307-11DF-A508-4AE2DFD72085}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\:{\descriptor\:\c:\\\\Program Files\\\\CheckPoint\\\\ZAForceField\\\\TrustChecker\,\mtime\:1317440292281},\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]

FF - user.js: extensions.lastAppVersion - 7.0.1

FF - user.js: extensions.lastPlatformVersion - 7.0.1

FF - user.js: extensions.pendingOperations - false

FF - user.js: font.internaluseonly.changed - true

FF - user.js: gfx.blacklist.direct2d - 3

FF - user.js: gfx.blacklist.layers.direct3d10 - 3

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3

FF - user.js: gfx.blacklist.layers.direct3d9 - 3

FF - user.js: gfx.blacklist.layers.opengl - 3

FF - user.js: gfx.blacklist.webgl.angle - 3

FF - user.js: gfx.blacklist.webgl.opengl - 3

FF - user.js: idle.lastDailyNotification - 1317649027

FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1317649027

FF - user.js: places.history.expiration.transient_current_max_pages - 42924

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1317523296

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-Lavasoft Ad-Aware Service

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-09 12:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(876)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(3164)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-10-09 12:28:49

ComboFix-quarantined-files.txt 2011-10-09 16:28

ComboFix2.txt 2011-10-09 00:47

.

Pre-Run: 51,305,500,672 bytes free

Post-Run: 51,302,551,552 bytes free

.

- - End Of File - - 5ECC4A7B9082E36E29D1014E0AF27CB2

I did just as you told but there was this part I skipped over, the wbemtest for finding multiple antivirus programs which showed two entries but neither was labelled under AVG so I didn't do anything.

None of the shortcuts from my major downfall came back, sadly, but Internet explorer showed up on the desktop.

The windows file checker only found one problem - it replaced some bad keys for something I can't really remember.

Also the browsers aren't lagging or stalling anymore but I'm still not convinced all is well now is it

I'm guessing these were problems from long before these new problems came about, but now I'm questioning whether the windows reinstall is necessary at this point?

Link to post
Share on other sites

  • Root Admin

STEP 01

You may want to reconsider if you really want to use this application on your computer or not. All of these applications or drivers are from iObit

IObit Malware Fighter

SmartDefragDriver

Advanced SystemCare Service

RegFilter

UrlFilter

FileMonitor

Please see the following post and make up your own mind

STEP 02

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines


File::
C:\ATF-Cleaner.exe
c:\program files\BitTorrentBar\prxtbBit2.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=-
[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 03

Please uninstall SUPERAntispyware for now and if you wish to use it then download a new fresh copy and install it again when we're finished here.

The current version is using very old files.

STEP 04

You should simply uninstall this very old program from Microsoft as well. Microsoft Security Essentials is the latest Anti-Virus from Microsoft for free.

Microsoft Antimalware

STEP 05

You're also using very old files of MBAM a full removal and reinstall of our software should be done.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

STEP 06

Double check and make sure you still use and want any of these scheduled tasks.

Those of them that are over a year old they may or may not even work so best to make sure you want them still and if not then delete them.

Contents of the 'Scheduled Tasks' folder

.

2011-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-10-09 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-09-06 20:40]

.

2011-07-03 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files\Defraggler\df.exe [2011-09-13 09:45]

.

2011-09-12 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00]

.

2011-06-06 c:\windows\Tasks\expressripShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-06-06 c:\windows\Tasks\pixillionShakeIcon.job

- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59]

.

2011-06-06 c:\windows\Tasks\prismDowngrade.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-07-09 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{4D2ABBC6-BA46-42D6-ADD5-C2E6C2D58B6A}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-06-06 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03]

.

2011-06-06 c:\windows\Tasks\wavepadDowngrade.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

2011-06-06 c:\windows\Tasks\wavepadShakeIcon.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

STEP 07

Start MBAM and check for updates and do a Quick Scan and post back that log on your next reply.

STEP 08

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.


    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

STEP 09

You also show that Lavasoft Ad-Watch Live! Anti-Virus is still installed. Is that the Anti-Virus that you really want to use now? Just checking so that I know what else might need to be removed or updated.

STEP 10

Did the disk check from step 04 of the previous post run? How long did it take to run CHKDSK?

Link to post
Share on other sites

1:

Interesting post; I honestly never knew there was a security risk with that program overall. Sadly I'll miss some features I really liked from it, such as the uninstaller app; it was much more powerful than the standard add/remove program - is there an alternative to the app?

The first three programs I'm familiar with but the last three, such as file monitor, I was completely unaware of. o:

2:

ComboFix 11-10-09.01 - C.Henry 10/11/2011 10:11:02.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1594 [GMT -4:00]

Running from: c:\documents and settings\C.Henry.UPGRADE\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\C.Henry.UPGRADE\Desktop\CFscript.txt

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

FILE ::

"C:\ATF-Cleaner.exe"

"c:\program files\BitTorrentBar\prxtbBit2.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\ATF-Cleaner.exe

c:\program files\BitTorrentBar\prxtbBit2.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))

.

.

2011-10-10 04:07 . 2011-10-10 04:07 -------- d-----w- c:\windows\LastGood

2011-10-09 13:43 . 2011-10-09 13:43 -------- d-----w- c:\program files\LAVASOFT

2011-10-08 20:19 . 2011-10-08 20:20 -------- d-----w- c:\program files\Sony Media Go Install

2011-10-04 02:50 . 2011-10-09 00:46 -------- d-----w- c:\program files\SPYBOT - SEARCH & DESTROY

2011-10-02 06:44 . 2011-09-21 18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-10-02 01:09 . 2011-10-09 14:09 -------- d-----w- c:\documents and settings\C.Henry.UPGRADE

2011-10-01 22:25 . 2011-10-09 08:15 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-10-01 17:43 . 2011-10-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB

2011-10-01 17:42 . 2011-10-01 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-10-01 04:21 . 2011-10-01 04:21 -------- d-----w- c:\windows\PIF

2011-09-30 16:17 . 2011-10-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-09-30 16:16 . 2011-10-01 04:50 -------- d-----w- c:\program files\Security Task Manager

2011-09-30 06:45 . 2011-09-30 06:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-09-29 01:05 . 2011-09-29 01:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs

2011-09-29 01:03 . 2011-09-29 01:04 262 ----a-w- C:\wallpaperviews.vbs

2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\program files\SystemRequirementsLab

2011-09-27 21:06 . 2011-10-01 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-24 18:58 . 2011-09-21 18:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-09-22 15:58 . 2011-09-22 15:58 -------- d-----w- C:\$AVG

2011-09-22 15:20 . 2011-10-09 13:49 -------- d-----w- c:\program files\AVG Secure Search

2011-09-22 15:19 . 2011-10-09 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-09-21 18:54 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-09-21 18:53 . 2011-10-09 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 15:02 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe

2011-10-01 04:57 . 2007-11-07 12:12 232960 ----a-w- C:\VC_RED.MSI

2011-10-01 02:12 . 2003-10-06 18:16 7700480 ----a-w- c:\windows\system32\nvcpl.dll

2011-09-30 22:56 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-09-30 19:19 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe

2011-09-29 12:02 . 2011-05-16 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 19:32 . 2004-08-04 12:00 142336 ----a-w- c:\windows\system32\nwprovau.dll

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 21:00 . 2010-11-07 12:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-01-26 14:11 . 2010-11-22 01:06 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2004-09-12 19:10 . 2010-11-25 01:36 11578 ----a-r- c:\program files\Replacer.cmd

2011-09-29 06:53 . 2011-10-02 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-09_00.43.50 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-04 12:00 . 2011-10-06 14:20 80870 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2011-10-09 15:47 80870 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2011-10-09 15:47 484600 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2011-10-06 14:20 484600 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\C.Henry.UPGRADE\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-01 7700480]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TU2011\WinStyler\tu_logonui.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\C.Henry.UPGRADE\\Application Data\\mjusbsp\\magicJack.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/21/2011 2:54 PM 64512]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 8:48 AM 366152]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [7/22/2011 2:26 PM 690472]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 8:48 AM 22216]

S1 MpKsl0fa035be;MpKsl0fa035be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys [?]

S1 MpKsl0fbb6989;MpKsl0fbb6989;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys [?]

S1 MpKsl30d36f72;MpKsl30d36f72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys [?]

S1 MpKsl333bf458;MpKsl333bf458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys [?]

S1 MpKsl46a99366;MpKsl46a99366;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys [?]

S1 MpKsl59e99f45;MpKsl59e99f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys [?]

S1 MpKsl681962f3;MpKsl681962f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys [?]

S1 MpKsl6fff11b7;MpKsl6fff11b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys [?]

S1 MpKsl72ab06f5;MpKsl72ab06f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys [?]

S1 MpKsl7385528c;MpKsl7385528c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys [?]

S1 MpKsl790e18a0;MpKsl790e18a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys [?]

S1 MpKsl836a2924;MpKsl836a2924;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys [?]

S1 MpKsl85f9705b;MpKsl85f9705b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys [?]

S1 MpKsl8836105c;MpKsl8836105c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys [?]

S1 MpKsl9496f593;MpKsl9496f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys [?]

S1 MpKsl952967d3;MpKsl952967d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys [?]

S1 MpKsl9e395e06;MpKsl9e395e06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys [?]

S1 MpKsl9ebaeedb;MpKsl9ebaeedb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys [?]

S1 MpKslc8e71ba2;MpKslc8e71ba2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys [?]

S1 MpKsle6108664;MpKsle6108664;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys [?]

S1 MpKsle7a8409d;MpKsle7a8409d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys [?]

S1 MpKslf660ee8d;MpKslf660ee8d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1ca2c9565ca07ae;Google Update Service (gupdate1ca2c9565ca07ae);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]

S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [11/18/2010 1:53 AM 38976]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [10/16/2010 12:59 PM 1175556]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - SmartDefragDriver

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-07-03 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files\Defraggler\df.exe [2011-09-13 09:45]

.

2011-09-12 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00]

.

2011-06-06 c:\windows\Tasks\expressripShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02]

.

2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-06-06 c:\windows\Tasks\pixillionShakeIcon.job

- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59]

.

2011-06-06 c:\windows\Tasks\prismDowngrade.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-07-09 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-10-11 c:\windows\Tasks\User_Feed_Synchronization-{4D2ABBC6-BA46-42D6-ADD5-C2E6C2D58B6A}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-10-11 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-06-06 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03]

.

2011-06-06 c:\windows\Tasks\wavepadDowngrade.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

2011-06-06 c:\windows\Tasks\wavepadShakeIcon.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 63.245.66.41 63.245.66.42

FF - ProfilePath - c:\documents and settings\C.Henry.UPGRADE\Application Data\Mozilla\Firefox\Profiles\5iierj4b.default\

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 640000

FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\C.Henry.UPGRADE\\Desktop

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.download.useDownloadDir - false

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.startup.homepage_override.buildID - 20110928134238

FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1

FF - user.js: browser.syncPromoViewsLeft - 2

FF - user.js: dom.disable_window_flip - false

FF - user.js: extensions.blocklist.pingCountTotal - 2

FF - user.js: extensions.blocklist.pingCountVersion - 2

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 5

FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342A-8307-11DF-A508-4AE2DFD72085}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\:{\descriptor\:\c:\\\\Program Files\\\\CheckPoint\\\\ZAForceField\\\\TrustChecker\,\mtime\:1317440292281},\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]

FF - user.js: extensions.lastAppVersion - 7.0.1

FF - user.js: extensions.lastPlatformVersion - 7.0.1

FF - user.js: extensions.pendingOperations - false

FF - user.js: font.internaluseonly.changed - true

FF - user.js: gfx.blacklist.direct2d - 3

FF - user.js: gfx.blacklist.layers.direct3d10 - 3

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3

FF - user.js: gfx.blacklist.layers.direct3d9 - 3

FF - user.js: gfx.blacklist.layers.opengl - 3

FF - user.js: gfx.blacklist.webgl.angle - 3

FF - user.js: gfx.blacklist.webgl.opengl - 3

FF - user.js: idle.lastDailyNotification - 1317649027

FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1317649027

FF - user.js: places.history.expiration.transient_current_max_pages - 42924

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1317523296

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-11 10:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(876)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2011-10-11 10:20:08

ComboFix-quarantined-files.txt 2011-10-11 14:20

ComboFix2.txt 2011-10-09 16:28

ComboFix3.txt 2011-10-09 00:47

.

Pre-Run: 50,925,932,544 bytes free

Post-Run: 50,910,756,864 bytes free

.

- - End Of File - - CE2E735A347B2C30AF676DCCEAD96D62

3 & 4:

Uninstalled

5:

Followed instructions successfully.

6:

I edited these tasks to my favor. There are a few I seldom use but I do plan on using in the future.

7:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7923

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/11/2011 12:07:42 PM

mbam-log-2011-10-11 (12-07-42).txt

Scan type: Quick scan

Objects scanned: 108120

Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

8: DDS log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by C.Henry at 12:20:44 on 2011-10-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1545 [GMT -4:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\devldr32.exe

C:\Documents and Settings\C.Henry.UPGRADE\Application Data\mjusbsp\magicJack.exe

C:\WINDOWS\System32\NOTEPAD.EXE

C:\WINDOWS\System32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tu2011\winstyler\tu_logonui.exe

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:\program files\corestreet\spoofstick\SpoofStickBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dll

uRun: [cdloader] "c:\documents and settings\c.henry.upgrade\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290136917968

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282520954890

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\c.henry.upgrade\application data\mozilla\firefox\profiles\5iierj4b.default\

.

---- FIREFOX POLICIES ----

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 640000

FF - user.js: browser.download.lastDir - c:\\documents and settings\\c.henry.upgrade\\Desktop

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.download.useDownloadDir - false

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.startup.homepage_override.buildID - 20110928134238

FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1

FF - user.js: browser.syncPromoViewsLeft - 2

FF - user.js: dom.disable_window_flip - false

FF - user.js: extensions.blocklist.pingCountTotal - 2

FF - user.js: extensions.blocklist.pingCountVersion - 2

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 5

FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342a-8307-11df-a508-4ae2dfd72085}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{ffb96cc1-7eb3-449d-b827-db661701c6bb}\:{\descriptor\:\c:\\\\program files\\\\checkpoint\\\\zaforcefield\\\\trustchecker\,\mtime\:1317440292281},\{1e73965b-8b48-48be-9c8d-68b920abc1c4}\:{\descriptor\:\c:\\\\program files\\\\avg\\\\avg2012\\\\firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]

FF - user.js: extensions.lastAppVersion - 7.0.1

FF - user.js: extensions.lastPlatformVersion - 7.0.1

FF - user.js: extensions.pendingOperations - false

FF - user.js: font.internaluseonly.changed - true

FF - user.js: gfx.blacklist.direct2d - 3

FF - user.js: gfx.blacklist.layers.direct3d10 - 3

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3

FF - user.js: gfx.blacklist.layers.direct3d9 - 3

FF - user.js: gfx.blacklist.layers.opengl - 3

FF - user.js: gfx.blacklist.webgl.angle - 3

FF - user.js: gfx.blacklist.webgl.opengl - 3

FF - user.js: idle.lastDailyNotification - 1317649027

FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1317649027

FF - user.js: places.history.expiration.transient_current_max_pages - 42924

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1317523296

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

.

============= FINISH: 12:21:31.17 ===============

Attach log: attach.txt

9:

Actually no I did try uninstally Ad-aware but it doesn't seem it's gone; I did try removing it from regedit recently but I'm not sure if it's gone now.

10:

Yes the CHKDSK scan was successful after the restart and it only took 20-25 mins, I think.

Link to post
Share on other sites

  • Root Admin

STEP 01

Please visit this site for help on removing Lavasoft Ad-Watch

How to uninstall Ad-Aware 9.x

STEP 02

Please visit this site and restore Firefox back to the factory default settings.

Restore Firefox Default Settings Without Uninstalling It

STEP 03

Please download Javara and run it to fully remove all version of Java. When done we can install the latest version again.

STEP 04

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines


SecCenter::
{A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

Do you have any missing files or shortcuts in the start menu or any other indications of an infection still?

Link to post
Share on other sites

ComboFix 11-10-09.01 - C.Henry 10/11/2011 17:40:12.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1547 [GMT -4:00]

Running from: c:\documents and settings\C.Henry.UPGRADE\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\C.Henry.UPGRADE\Desktop\CFscript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))

.

.

2011-10-11 20:05 . 2011-10-11 20:05 -------- d-----w- c:\program files\VS Revo Group

2011-10-11 14:59 . 2011-10-11 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-11 14:59 . 2011-10-11 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-11 14:59 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-09 13:43 . 2011-10-09 13:43 -------- d-----w- c:\program files\LAVASOFT

2011-10-08 20:19 . 2011-10-08 20:20 -------- d-----w- c:\program files\Sony Media Go Install

2011-10-04 02:50 . 2011-10-09 00:46 -------- d-----w- c:\program files\SPYBOT - SEARCH & DESTROY

2011-10-02 06:44 . 2011-09-21 18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-10-02 01:09 . 2011-10-09 14:09 -------- d-----w- c:\documents and settings\C.Henry.UPGRADE

2011-10-01 17:43 . 2011-10-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB

2011-10-01 17:42 . 2011-10-01 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-10-01 04:21 . 2011-10-01 04:21 -------- d-----w- c:\windows\PIF

2011-09-30 16:17 . 2011-10-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-09-30 16:16 . 2011-10-01 04:50 -------- d-----w- c:\program files\Security Task Manager

2011-09-30 06:45 . 2011-09-30 06:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-09-29 01:05 . 2011-09-29 01:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs

2011-09-29 01:03 . 2011-09-29 01:04 262 ----a-w- C:\wallpaperviews.vbs

2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\program files\SystemRequirementsLab

2011-09-27 21:06 . 2011-10-01 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-24 18:58 . 2011-09-21 18:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-09-22 15:58 . 2011-09-22 15:58 -------- d-----w- C:\$AVG

2011-09-22 15:20 . 2011-10-09 13:49 -------- d-----w- c:\program files\AVG Secure Search

2011-09-22 15:19 . 2011-10-09 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-09-21 18:54 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-09-21 18:53 . 2011-10-09 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 15:02 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe

2011-10-01 04:57 . 2007-11-07 12:12 232960 ----a-w- C:\VC_RED.MSI

2011-10-01 02:12 . 2003-10-06 18:16 7700480 ----a-w- c:\windows\system32\nvcpl.dll

2011-09-30 22:56 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-09-30 19:19 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe

2011-09-29 12:02 . 2011-05-16 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 19:32 . 2004-08-04 12:00 142336 ----a-w- c:\windows\system32\nwprovau.dll

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-01-26 14:11 . 2010-11-22 01:06 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2004-09-12 19:10 . 2010-11-25 01:36 11578 ----a-r- c:\program files\Replacer.cmd

2011-09-29 06:53 . 2011-10-02 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-09_00.43.50 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-04 12:00 . 2011-10-06 14:20 80870 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2011-10-11 15:08 80870 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2011-10-11 15:08 484600 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2011-10-06 14:20 484600 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\C.Henry.UPGRADE\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-01 7700480]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TU2011\WinStyler\tu_logonui.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"=

"c:\\Documents and Settings\\C.Henry.UPGRADE\\Application Data\\mjusbsp\\magicJack.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/21/2011 2:54 PM 64512]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/11/2011 10:59 AM 366152]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [7/22/2011 2:26 PM 690472]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/11/2011 10:59 AM 22216]

S1 MpKsl0fa035be;MpKsl0fa035be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys [?]

S1 MpKsl0fbb6989;MpKsl0fbb6989;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys [?]

S1 MpKsl30d36f72;MpKsl30d36f72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys [?]

S1 MpKsl333bf458;MpKsl333bf458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys [?]

S1 MpKsl46a99366;MpKsl46a99366;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys [?]

S1 MpKsl59e99f45;MpKsl59e99f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys [?]

S1 MpKsl681962f3;MpKsl681962f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys [?]

S1 MpKsl6fff11b7;MpKsl6fff11b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys [?]

S1 MpKsl72ab06f5;MpKsl72ab06f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys [?]

S1 MpKsl7385528c;MpKsl7385528c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys [?]

S1 MpKsl790e18a0;MpKsl790e18a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys [?]

S1 MpKsl836a2924;MpKsl836a2924;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys [?]

S1 MpKsl85f9705b;MpKsl85f9705b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys [?]

S1 MpKsl8836105c;MpKsl8836105c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys [?]

S1 MpKsl9496f593;MpKsl9496f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys [?]

S1 MpKsl952967d3;MpKsl952967d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys [?]

S1 MpKsl9e395e06;MpKsl9e395e06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys [?]

S1 MpKsl9ebaeedb;MpKsl9ebaeedb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys [?]

S1 MpKslc8e71ba2;MpKslc8e71ba2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys [?]

S1 MpKsle6108664;MpKsle6108664;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys [?]

S1 MpKsle7a8409d;MpKsle7a8409d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys [?]

S1 MpKslf660ee8d;MpKslf660ee8d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]

S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1ca2c9565ca07ae;Google Update Service (gupdate1ca2c9565ca07ae);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]

S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [11/18/2010 1:53 AM 38976]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [10/16/2010 12:59 PM 1175556]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-11 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files\Defraggler\df.exe [2011-09-13 09:45]

.

2011-10-11 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00]

.

2011-10-11 c:\windows\Tasks\expressripShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02]

.

2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-10-11 c:\windows\Tasks\pixillionShakeIcon.job

- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59]

.

2011-10-11 c:\windows\Tasks\prismDowngrade.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-10-11 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-10-11 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-10-11 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03]

.

2011-10-11 c:\windows\Tasks\wavepadDowngrade.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

2011-10-11 c:\windows\Tasks\wavepadShakeIcon.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 63.245.66.41 63.245.66.42

FF - ProfilePath - c:\documents and settings\C.Henry.UPGRADE\Application Data\Mozilla\Firefox\Profiles\5iierj4b.default\

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 640000

FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\C.Henry.UPGRADE\\Desktop

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.download.useDownloadDir - false

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.startup.homepage_override.buildID - 20110928134238

FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1

FF - user.js: browser.syncPromoViewsLeft - 2

FF - user.js: dom.disable_window_flip - false

FF - user.js: extensions.blocklist.pingCountTotal - 2

FF - user.js: extensions.blocklist.pingCountVersion - 2

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 5

FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342A-8307-11DF-A508-4AE2DFD72085}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\:{\descriptor\:\c:\\\\Program Files\\\\CheckPoint\\\\ZAForceField\\\\TrustChecker\,\mtime\:1317440292281},\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]

FF - user.js: extensions.lastAppVersion - 7.0.1

FF - user.js: extensions.lastPlatformVersion - 7.0.1

FF - user.js: extensions.pendingOperations - false

FF - user.js: font.internaluseonly.changed - true

FF - user.js: gfx.blacklist.direct2d - 3

FF - user.js: gfx.blacklist.layers.direct3d10 - 3

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3

FF - user.js: gfx.blacklist.layers.direct3d9 - 3

FF - user.js: gfx.blacklist.layers.opengl - 3

FF - user.js: gfx.blacklist.webgl.angle - 3

FF - user.js: gfx.blacklist.webgl.opengl - 3

FF - user.js: idle.lastDailyNotification - 1317649027

FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1317649027

FF - user.js: places.history.expiration.transient_current_max_pages - 42924

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1317523296

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-11 17:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2404)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-10-11 17:50:10

ComboFix-quarantined-files.txt 2011-10-11 21:50

ComboFix2.txt 2011-10-11 14:20

ComboFix3.txt 2011-10-09 16:28

ComboFix4.txt 2011-10-09 00:47

.

Pre-Run: 51,322,662,912 bytes free

Post-Run: 51,318,202,368 bytes free

.

- - End Of File - - 2D8B93701439B47E995D93BFDD752DA8

Everything seems to be working 'ok' but one thing that's kinda bothering me is that Malwarebytes keeps informing me of this Ip address it keeps blocking from an incoming source, and it seems to try every hour once or twice.

This one is the one who's regularly trying - 200.98.197.93

This one, well I've only seen this today - 91.223.89.134

Also is it ok to download updates for Combofix cause it said there was a newer version available but I only continued with the scanning. Is it ok to download updates from Microsoft as well? I fear its too late

Link to post
Share on other sites

  • Root Admin

STEP 01

Well a couple things. The log shows that you did not reset Firefox back to factory default settings and it does have entries in it that can be causing your issue possibly.

STEP 02

Yes, please delete your current copy of Combofix and download a new fresh copy.

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines


driver::
MpKsl0fa035be
file::
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys
folder::
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 03

Please download and run the following tdsskiller scanner from Kaspersky

Post back the log file on your next reply

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.

Logs have names like: UtilityName.Version_Date_Time_log.txt.

E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

 

Link to post
Share on other sites

Part 1 of Combofix log:

ComboFix 11-10-11.05 - C.Henry 10/12/2011 7:03.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1409 [GMT -4:00]

Running from: c:\documents and settings\C.Henry.UPGRADE\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\C.Henry.UPGRADE\Desktop\CFscript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

FILE ::

"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MPKSL0FA035BE

-------\Service_MpKsl0fa035be

-------\Legacy_MpKsl0fbb6989

-------\Legacy_MpKsl30d36f72

-------\Legacy_MpKsl333bf458

-------\Legacy_MpKsl46a99366

-------\Legacy_MpKsl59e99f45

-------\Legacy_MpKsl681962f3

-------\Legacy_MpKsl6fff11b7

-------\Legacy_MpKsl72ab06f5

-------\Legacy_MpKsl7385528c

-------\Legacy_MpKsl790e18a0

-------\Legacy_MpKsl836a2924

-------\Legacy_MpKsl85f9705b

-------\Legacy_MpKsl8836105c

-------\Legacy_MpKsl9496f593

-------\Legacy_MpKsl952967d3

-------\Legacy_MpKsl9e395e06

-------\Legacy_MpKsl9ebaeedb

-------\Legacy_MpKslc8e71ba2

-------\Legacy_MpKsle7a8409d

-------\Legacy_MpKslf660ee8d

-------\Service_MpKsl0fbb6989

-------\Service_MpKsl30d36f72

-------\Service_MpKsl333bf458

-------\Service_MpKsl46a99366

-------\Service_MpKsl59e99f45

-------\Service_MpKsl681962f3

-------\Service_MpKsl6fff11b7

-------\Service_MpKsl72ab06f5

-------\Service_MpKsl7385528c

-------\Service_MpKsl790e18a0

-------\Service_MpKsl836a2924

-------\Service_MpKsl85f9705b

-------\Service_MpKsl8836105c

-------\Service_MpKsl9496f593

-------\Service_MpKsl952967d3

-------\Service_MpKsl9e395e06

-------\Service_MpKsl9ebaeedb

-------\Service_MpKslc8e71ba2

-------\Service_MpKsle6108664

-------\Service_MpKsle7a8409d

-------\Service_MpKslf660ee8d

.

.

((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))

.

.

2011-10-11 20:05 . 2011-10-11 20:05 -------- d-----w- c:\program files\VS Revo Group

2011-10-11 14:59 . 2011-10-11 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-11 14:59 . 2011-10-11 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-11 14:59 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-09 13:43 . 2011-10-09 13:43 -------- d-----w- c:\program files\LAVASOFT

2011-10-08 20:19 . 2011-10-08 20:20 -------- d-----w- c:\program files\Sony Media Go Install

2011-10-04 02:50 . 2011-10-09 00:46 -------- d-----w- c:\program files\SPYBOT - SEARCH & DESTROY

2011-10-02 06:44 . 2011-09-21 18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-10-02 01:09 . 2011-10-09 14:09 -------- d-----w- c:\documents and settings\C.Henry.UPGRADE

2011-10-01 17:43 . 2011-10-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB

2011-10-01 17:42 . 2011-10-01 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-10-01 04:21 . 2011-10-01 04:21 -------- d-----w- c:\windows\PIF

2011-09-30 16:17 . 2011-10-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-09-30 16:16 . 2011-10-01 04:50 -------- d-----w- c:\program files\Security Task Manager

2011-09-30 06:45 . 2011-09-30 06:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-09-29 01:05 . 2011-09-29 01:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs

2011-09-29 01:03 . 2011-09-29 01:04 262 ----a-w- C:\wallpaperviews.vbs

2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\program files\SystemRequirementsLab

2011-09-27 21:06 . 2011-10-01 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-24 18:58 . 2011-09-21 18:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-09-22 15:58 . 2011-09-22 15:58 -------- d-----w- C:\$AVG

2011-09-22 15:20 . 2011-10-09 13:49 -------- d-----w- c:\program files\AVG Secure Search

2011-09-22 15:19 . 2011-10-09 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-09-21 18:54 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-09-21 18:53 . 2011-10-09 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 15:02 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe

2011-10-01 04:57 . 2007-11-07 12:12 232960 ----a-w- C:\VC_RED.MSI

2011-10-01 02:12 . 2003-10-06 18:16 7700480 ----a-w- c:\windows\system32\nvcpl.dll

2011-09-30 22:56 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-09-30 19:19 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe

2011-09-29 12:02 . 2011-05-16 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 19:32 . 2004-08-04 12:00 142336 ----a-w- c:\windows\system32\nwprovau.dll

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-01-26 14:11 . 2010-11-22 01:06 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2004-09-12 19:10 . 2010-11-25 01:36 11578 ----a-r- c:\program files\Replacer.cmd

2011-09-29 06:53 . 2011-10-02 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

Link to post
Share on other sites

Part 2 of Combofix log:

((((((((((((((((((((((((((((( SnapShot@2011-10-09_00.43.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 12:00 . 2011-10-12 11:17 80870 c:\windows\system32\perfc009.dat

- 2004-08-04 12:00 . 2011-10-06 14:20 80870 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll

+ 2009-03-08 09:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll

- 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll

- 2010-11-19 02:48 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2010-11-19 02:48 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2004-08-04 12:00 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll

- 2004-08-04 12:00 . 2009-10-08 18:56 20480 c:\windows\system32\dllcache\oleaccrc.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2010-11-19 02:48 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2010-11-19 02:48 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2011-05-17 13:27 . 2011-05-17 13:27 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll

+ 2011-07-09 13:30 . 2011-07-09 13:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll

+ 2011-07-08 18:00 . 2011-07-08 18:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

- 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2011-07-07 16:04 . 2011-07-07 16:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2011-07-07 16:04 . 2011-07-07 16:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2011-07-07 16:03 . 2011-07-07 16:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2011-07-07 17:09 . 2011-07-07 17:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2011-07-07 17:09 . 2011-07-07 17:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-09-06 05:39 . 2011-09-06 05:39 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2010-08-23 05:22 . 2011-10-11 22:40 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

- 2010-08-23 05:22 . 2011-06-15 13:14 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll

+ 2011-10-11 22:21 . 2011-10-11 22:21 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7ed3f3eb\System.Drawing.Design.dll

+ 2011-10-11 22:21 . 2011-10-11 22:21 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c36a2929\CustomMarshalers.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\1c177e9aa7a1661ddec16c2f9f30947c\UIAutomationProvider.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\e4f0e0d45a1739bad6cc96377c9dd7f2\System.Windows.Presentation.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\385b56be2d617548e4b731dd050a1f32\System.Web.ApplicationServices.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e08ecf530f270cd45c72318b67826cb1\System.ServiceModel.Channels.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\117b65133fc00228bc249d1c61c387ea\System.AddIn.Contract.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\432eb09604ab71ee1aa4622bfbc4afee\Microsoft.VisualC.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\06ac8d640d2dfa7d4bb23c03584304ef\Accessibility.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\1ee639a35730f580f0266d2466d3976d\WindowsLiveWriter.ni.exe

+ 2011-10-11 23:08 . 2011-10-11 23:08 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4490f2c7ba373caac054470763d7081d\WindowsLive.Writer.Api.ni.dll

+ 2011-10-11 22:55 . 2011-10-11 22:55 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll

+ 2011-10-11 22:46 . 2011-10-11 22:46 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe

+ 2011-10-11 22:45 . 2011-10-11 22:45 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\a615508098c5f4f5a34e89d22527c9de\Microsoft.WSMan.Runtime.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\17fc30ccabf04ef1cf60a571067bc6dc\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe

+ 2011-10-11 23:05 . 2011-10-11 23:05 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-10-11 22:21 . 2011-10-11 22:21 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-07-25 15:07 . 2011-07-25 15:07 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\3a2ab56bb224b871516526753985ff69\System.Xml.Serialization.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\5cc246adea1b07b9c2a76bbe86fbfe2e\dfsvc.ni.exe

- 2011-08-12 04:03 . 2011-08-12 04:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll

+ 2004-08-04 12:00 . 2011-10-12 11:17 484600 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2011-10-06 14:20 484600 c:\windows\system32\perfh009.dat

+ 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll

+ 2009-03-08 09:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll

- 2009-03-08 09:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe

+ 2009-08-31 18:21 . 2011-10-11 22:42 283720 c:\windows\system32\FNTCACHE.DAT

- 2009-08-31 18:21 . 2011-10-01 01:45 283720 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-04 12:00 . 2011-08-22 23:48 916480 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll

- 2004-08-04 12:00 . 2009-10-08 18:57 220160 c:\windows\system32\dllcache\oleacc.dll

+ 2004-08-04 12:00 . 2011-09-26 15:41 220160 c:\windows\system32\dllcache\oleacc.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll

+ 2010-11-19 02:48 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll

- 2010-11-19 02:48 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-11-19 02:48 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2010-11-19 02:48 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-11-19 02:48 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2010-11-19 02:48 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys

+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys

- 2011-05-17 13:27 . 2011-05-17 13:27 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll

+ 2011-07-09 13:30 . 2011-07-09 13:30 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll

- 2011-05-17 13:27 . 2011-05-17 13:27 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll

+ 2011-07-09 13:30 . 2011-07-09 13:30 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-07-07 09:18 . 2011-07-07 09:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-07-07 09:18 . 2011-07-07 09:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-07-07 16:04 . 2011-07-07 16:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2011-07-07 16:01 . 2011-07-07 16:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2011-07-07 17:09 . 2011-07-07 17:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll

+ 2011-10-11 22:29 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll

+ 2011-10-11 22:29 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe

+ 2011-10-11 22:29 . 2011-06-23 18:36 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll

+ 2011-10-11 22:29 . 2011-06-23 12:05 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe

+ 2011-10-11 22:22 . 2011-10-11 22:22 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_98a85068\System.Drawing.dll

Link to post
Share on other sites

Part 3 of Combofix log:

+ 2011-10-11 22:23 . 2011-10-11 22:23 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e3da2ca4\System.Drawing.Design.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2eefdbb9\CustomMarshalers.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\962b04386ebf18f5871d5ceefa83ba4b\WindowsFormsIntegration.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5b96ee4992d9559ba5483c769bc5c889\UIAutomationTypes.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\1c29539a07226b411e0a1a47aed57183\UIAutomationClient.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\dcad72e49476386b76a81d2df187c32c\System.Windows.Input.Manipulations.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\caf1d94cb89859c72d6c8cd8774068d3\System.Transactions.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bd104bb2f798661c5a972249582b5441\System.ServiceModel.Routing.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\aecd169d75edbcbe626d2a222a02e9f3\System.Security.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\bed774dde4b62ed1d2d55c2d1769d600\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\97126244f88693adb36f94116d8d0dda\System.Numerics.ni.dll

+ 2011-10-12 03:32 . 2011-10-12 03:32 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56fe9070b1d56613fd5cf7c73ec3b26f\System.Net.ni.dll

+ 2011-10-12 03:32 . 2011-10-12 03:32 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\420c9d9b271bc26d1b6f437f1f4913a9\System.Messaging.ni.dll

+ 2011-10-12 02:15 . 2011-10-12 02:15 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\b71ea67c5bfa5b660efc12eb1c6ea4af\System.Management.Instrumentation.ni.dll

+ 2011-10-12 02:15 . 2011-10-12 02:15 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\267d7dbdbe126590fba4a11c1ab12926\System.IO.Log.ni.dll

+ 2011-10-12 02:15 . 2011-10-12 02:15 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\4ca1f130cbacf72beedf13da42b93e75\System.IdentityModel.Selectors.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd4f85af43b2c177c8d085a8ba3f4993\System.EnterpriseServices.Wrapper.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd4f85af43b2c177c8d085a8ba3f4993\System.EnterpriseServices.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\b806ef4a19c8157e7858e0a15f9cf48d\System.Dynamic.ni.dll

+ 2011-10-12 02:15 . 2011-10-12 02:15 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\4178d8536c67896ab77af36a48ee7ec4\System.DirectoryServices.Protocols.ni.dll

+ 2011-10-12 02:15 . 2011-10-12 02:15 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\324617c0a492d6acc64325c836553f2c\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-10-12 02:15 . 2011-10-12 02:15 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\ca25f888c067fa170d8bba824efa2ca8\System.Device.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\282487a15f595c199b6cc640ea8995e8\System.Data.DataSetExtensions.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\06f71e66b9913a24c22f85a0caef3ae4\System.Configuration.Install.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\fa608e0882b98981cb6fd6e0754bdff8\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a91d48ec926171da7de01cf2a10b1dfc\System.ComponentModel.Composition.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\f407937d4694c46537c470007a1df957\System.AddIn.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\80347a66af30b5c14c0114baee4c64f8\System.Activities.DurableInstancing.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\fcbb4a33ebdc8562603bc7f725a088ce\SMSvcHost.ni.exe

+ 2011-10-12 02:12 . 2011-10-12 02:12 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\398a52caf1e9fd1a6ea9dd589b0f6e68\SMDiagnostics.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d2d4bdbd9e2196e04dcdd68994a1f952\PresentationFramework.Royale.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\6e48fb2ce01b4758a68f61651d6461d8\PresentationFramework.Luna.ni.dll

+ 2011-10-11 22:27 . 2011-10-11 22:27 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\351819dc653a07a310cf1387b3266936\PresentationFramework.Classic.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\edec5402d5424967ba20de137835ed2a\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\f4ab32c177d931f26072a14c27efc3b5\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\48ad8351ab66166c853d410d3282a408\CustomMarshalers.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe

+ 2011-10-11 23:08 . 2011-10-11 23:08 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\8d9744364ead927be159ddaca5c73b6a\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f3247ee4c8974dcb21978a283ca5dd37\WindowsLive.Writer.Interop.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\de41662d8b5a65327eb32e4601b29734\WindowsLive.Writer.Interop.Mshtml.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c3eeef28ef5d1fe19442fb127106e180\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb87acb24dd38a2a35c460e960909f26\WindowsLive.Writer.Passport.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b9c42f04581b04b23db07d4d29e47a1d\WindowsLive.Writer.SpellChecker.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\71caec3c513d97567d5196a72ee57ef0\WindowsLive.Writer.BrowserControl.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6adb0eaf9a145a2ba81619e49b1c4480\WindowsLive.Writer.Extensibility.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\599239bb43737ad8063b7e9620a4c16e\WindowsLive.Writer.FileDestinations.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\49ab3a63512d9d028cc4fa800c1c3d2f\WindowsLive.Writer.Localization.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3ae7eae306c355e1efb728fac33b3965\WindowsLive.Writer.Interop.SHDocVw.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1fbb3941992cd85018b7c64a68dce3f8\WindowsLive.Writer.BlogClient.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\14ddbf463c0b9b17f98d8f048777784a\WindowsLive.Writer.Instrumentation.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0c0afa682f30eb3e75011f1c92b04129\WindowsLive.Writer.Controls.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\097baf70e23eed55818deec43d26c44a\WindowsLive.Writer.Mshtml.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\04473507f11eea12b260ab8b2707d423\WindowsLive.Writer.HtmlParser.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\a295b8cfd7c63e29f4972592e2b7ef4b\WindowsLive.Client.ni.dll

+ 2011-10-11 22:55 . 2011-10-11 22:55 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll

+ 2011-10-11 22:55 . 2011-10-11 22:55 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll

+ 2011-10-11 22:55 . 2011-10-11 22:55 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll

+ 2011-10-11 23:05 . 2011-10-11 23:05 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll

+ 2011-10-11 23:05 . 2011-10-11 23:05 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll

+ 2011-10-11 22:51 . 2011-10-11 22:51 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\fee1a48b769a8c4beb335ee5ce006091\System.Data.Entity.Design.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe

+ 2011-10-11 22:46 . 2011-10-11 22:46 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll

+ 2011-10-11 22:46 . 2011-10-11 22:46 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll

+ 2011-10-11 22:46 . 2011-10-11 22:46 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll

+ 2011-10-11 22:46 . 2011-10-11 22:46 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe

+ 2011-10-11 23:09 . 2011-10-11 23:09 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a976a4b51c81150402b0abee38f41ab1\Microsoft.WSMan.Management.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4a7b6bc850621fa2d38fb08f910ef7\Microsoft.PowerShell.Security.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b3d3d76cfc8350587616860fb0f64ccc\Microsoft.PowerShell.ConsoleHost.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6f6b54b6cebab6867dafeb6db1b98ab1\Microsoft.PowerShell.GraphicalHost.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\592e4b99037ec91cd4201d1ee28895b7\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3a03ec48148fa16aa65fd9ba5df49cb8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe

+ 2011-10-11 23:05 . 2011-10-11 23:05 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-10-11 22:35 . 2011-10-11 22:35 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-10-11 22:35 . 2011-10-11 22:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2011-10-03 08:35 5971456 c:\windows\system32\mshtml.dll

+ 2009-03-08 09:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll

- 2010-08-31 13:42 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys

+ 2010-08-31 13:42 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys

- 2004-08-04 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 12:00 . 2011-10-03 08:35 5971456 c:\windows\system32\dllcache\mshtml.dll

+ 2010-11-19 02:48 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll

- 2011-05-17 13:27 . 2011-05-17 13:27 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll

+ 2011-07-09 13:30 . 2011-07-09 13:30 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll

- 2011-05-17 13:27 . 2011-05-17 13:27 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll

+ 2011-07-09 13:30 . 2011-07-09 13:30 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll

+ 2011-07-09 13:30 . 2011-07-09 13:30 6724424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2011-07-07 09:18 . 2011-07-07 09:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-07-07 09:18 . 2011-07-07 09:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2010-09-23 19:55 . 2010-09-23 19:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2011-07-08 17:59 . 2011-07-08 17:59 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2011-07-08 17:59 . 2011-07-08 17:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2010-09-23 19:55 . 2010-09-23 19:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2011-07-07 16:02 . 2011-07-07 16:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2011-07-07 16:02 . 2011-07-07 16:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2011-07-08 17:59 . 2011-07-08 17:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL

\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2011-09-06 05:40 . 2011-09-06 05:40 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-09-06 05:39 . 2011-09-06 05:39 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll

+ 2011-10-11 22:29 . 2011-07-25 15:17 5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll

+ 2011-10-11 22:29 . 2011-06-23 18:36 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c0e1e388\System.dll

+ 2011-10-11 22:21 . 2011-10-11 22:21 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_491bab64\System.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_71930867\System.Xml.dll

+ 2011-10-11 22:22 . 2011-10-11 22:22 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2f31e28d\System.Xml.dll

+ 2011-10-11 22:22 . 2011-10-11 22:22 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c1da05d2\System.Windows.Forms.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7b64e910\System.Windows.Forms.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f1ddcd92\System.Drawing.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c474f20f\System.Design.dll

+ 2011-10-11 22:22 . 2011-10-11 22:22 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_471f98df\System.Design.dll

+ 2011-10-11 22:22 . 2011-10-11 22:22 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7b64ec5d\mscorlib.dll

+ 2011-10-11 22:23 . 2011-10-11 22:23 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5ece3ab9\mscorlib.dll

+ 2011-10-11 22:26 . 2011-10-11 22:26 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\ac9379a0db1d8da11fbc46f09da411db\UIAutomationClientsideProviders.ni.dll

+ 2011-10-11 22:25 . 2011-10-11 22:25 9086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll

+ 2011-10-11 22:25 . 2011-10-11 22:25 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e3a0483820fafd51c8cd4576de6eb45f\System.Windows.Forms.DataVisualization.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4cbc10b8a84a7ef0fcf9d2885bfe9832\System.Web.Services.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\6663f8ba0327399c1a5b313707cff36f\System.Speech.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a19563d781ccd0807a41d27701d485c6\System.ServiceModel.Activities.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9be7f7f68d488eb02161d3f0663a61a4\System.ServiceModel.Discovery.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0a30a201408744c5315446aef7fb3d5a\System.Printing.ni.dll

+ 2011-10-12 02:15 . 2011-10-12 02:15 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll

+ 2011-10-12 02:15 . 2011-10-12 02:15 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll

+ 2011-10-11 22:27 . 2011-10-11 22:27 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\83a815291644645a3ab1ce55452e1e61\System.DirectoryServices.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\1c2d038775f2c9d42468261118019e6b\System.Deployment.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\14d8a7579839b11151cd901b846d0afb\System.Data.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\05f8ccf31515e720b1663e710e992211\System.Data.SqlXml.ni.dll

+ 2011-10-12 02:15 . 2011-10-12 02:15 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\c05998cb3411b039bdfb5d852e1413be\System.Data.Services.Client.ni.dll

+ 2011-10-11 22:25 . 2011-10-11 22:25 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\d622a2c40d37cfdb88e4eea7315a323e\System.Data.Linq.ni.dll

+ 2011-10-11 22:25 . 2011-10-11 22:25 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\e69e487d338ceb3883b7d175885f0794\System.Activities.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\cc25c620acedf02fd6b5c46238643cab\System.Activities.Presentation.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\49577d8acbf16b6091f5466feae43403\System.Activities.Core.Presentation.ni.dll

+ 2011-10-12 02:13 . 2011-10-12 02:13 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\2d23bb6dd81b41002c8f927b95b7b226\ReachFramework.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\ec64d7c99f7e030d39c355ce7a968600\PresentationUI.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c7dd3d91f33a79c70db8bd805a483f4b\Microsoft.VisualBasic.Activities.Compiler.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\596251e8604d886f1edfcd2671a2f371\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\51df2ad80d91a7669dd1856a9c1061f9\Microsoft.VisualBasic.ni.dll

+ 2011-10-12 02:12 . 2011-10-12 02:12 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\477c9b916a9aee0a8beb041ee00a5fcb\Microsoft.Transactions.Bridge.ni.dll

+ 2011-10-12 03:32 . 2011-10-12 03:32 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\614f6f698d269e2c56bf23feba58551c\Microsoft.JScript.ni.dll

+ 2011-10-11 22:28 . 2011-10-11 22:28 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\f03a7f8f2393a04fac7fecc1c55bd02e\Microsoft.CSharp.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ea9639305271fc22aa925a7356d7db6\WindowsLive.Writer.ApplicationFramework.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b947518f29c960e94304bce3bc2c0d2\WindowsLive.Writer.CoreServices.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3203e91891cafbbb289bcde65e6a8389\WindowsLive.Writer.PostEditor.ni.dll

+ 2011-10-11 22:45 . 2011-10-11 22:45 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll

+ 2011-10-11 22:55 . 2011-10-11 22:55 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll

+ 2011-10-11 22:45 . 2011-10-11 22:45 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll

+ 2011-10-11 22:55 . 2011-10-11 22:55 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll

+ 2011-10-11 22:52 . 2011-10-11 22:52 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll

+ 2011-10-12 02:11 . 2011-10-12 02:11 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll

+ 2011-10-11 23:05 . 2011-10-11 23:05 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll

+ 2011-10-11 22:51 . 2011-10-11 22:51 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\3959e9012ee532343861eb35c6c72b24\System.Management.Automation.ni.dll

+ 2011-10-11 23:05 . 2011-10-11 23:05 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll

+ 2011-10-11 22:51 . 2011-10-11 22:51 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll

+ 2011-10-11 22:48 . 2011-10-11 22:48 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5d5aa4b926ae422607ea833d934665c2\System.Data.OracleClient.ni.dll

+ 2011-10-11 22:49 . 2011-10-11 22:49 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll

+ 2011-10-11 23:10 . 2011-10-11 23:10 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\b70adfee3b5ed7e0688d13f24cbec556\System.Data.Entity.ni.dll

+ 2011-10-11 22:48 . 2011-10-11 22:48 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll

+ 2011-10-11 22:47 . 2011-10-11 22:47 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll

+ 2011-10-11 22:47 . 2011-10-11 22:47 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll

+ 2011-10-11 22:45 . 2011-10-11 22:45 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\37fd70ad5f3726031995041b246fe862\PresentationBuildTasks.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fba2661cffd923f17dbfa6662adf5ce3\Microsoft.PowerShell.GPowerShell.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eb5b6ad2dc6e2ecbdbb1ce1bf754b32e\Microsoft.PowerShell.Editor.ni.dll

+ 2011-10-11 23:09 . 2011-10-11 23:09 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7c0df343514ab15e0fe9b11e9b013b11\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2011-10-12 01:45 . 2011-10-12 01:45 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-10-11 23:08 . 2011-10-11 23:08 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-10-11 22:35 . 2011-10-11 22:35 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-10-11 22:37 . 2011-10-11 22:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-10-11 22:36 . 2011-10-11 22:36 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-08-12 04:03 . 2011-08-12 04:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-10-11 22:21 . 2011-10-11 22:21 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2011-07-25 15:07 . 2011-07-25 15:07 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2011-07-25 15:07 . 2011-07-25 15:07 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-10-11 22:21 . 2011-10-11 22:21 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2009-08-31 23:58 . 2011-10-11 22:30 48324552 c:\windows\system32\MRT.exe

- 2009-03-08 09:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll

+ 2009-03-08 09:39 . 2011-08-23 21:48 11081728 c:\windows\system32\ieframe.dll

- 2010-11-19 02:48 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2010-11-19 02:48 . 2011-08-23 21:48 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2011-07-13 02:49 . 2011-07-13 02:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp

+ 2011-10-11 22:39 . 2011-10-11 22:39 20333568 c:\windows\Installer\190854e.msp

+ 2011-07-12 00:43 . 2011-07-12 00:43 11641344 c:\windows\Installer\1908542.msp

+ 2011-07-11 21:19 . 2011-07-11 21:19 10619904 c:\windows\Installer\1908538.msp

+ 2011-07-12 19:50 . 2011-07-12 19:50 17555968 c:\windows\Installer\190852b.msp

+ 2011-10-11 22:29 . 2011-06-23 18:36 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll

+ 2011-10-11 22:27 . 2011-10-11 22:27 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll

+ 2011-10-12 03:33 . 2011-10-12 03:33 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll

+ 2011-10-12 02:15 . 2011-10-12 02:15 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\78afce4e1bd3d345ef1fff004659191c\System.Data.Entity.ni.dll

+ 2011-10-11 22:27 . 2011-10-11 22:27 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll

+ 2011-10-11 22:26 . 2011-10-11 22:26 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll

+ 2011-10-11 22:24 . 2011-10-11 22:24 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll

+ 2011-10-11 22:55 . 2011-10-11 22:55 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll

+ 2011-10-11 23:07 . 2011-10-11 23:07 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll

+ 2011-10-11 22:50 . 2011-10-11 22:50 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll

+ 2011-10-11 22:46 . 2011-10-11 22:46 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll

+ 2011-10-11 22:45 . 2011-10-11 22:45 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll

+ 2011-10-11 22:44 . 2011-10-11 22:44 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

.

-- Snapshot reset to current date --

Link to post
Share on other sites

Part 4 of Combofix log:

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\C.Henry.UPGRADE\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-01 7700480]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\documents and settings\C.Henry.UPGRADE\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TU2011\WinStyler\tu_logonui.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"=

"c:\\Documents and Settings\\C.Henry.UPGRADE\\Application Data\\mjusbsp\\magicJack.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/21/2011 2:54 PM 64512]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/11/2011 10:59 AM 366152]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [7/22/2011 2:26 PM 690472]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/11/2011 10:59 AM 22216]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]

S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1ca2c9565ca07ae;Google Update Service (gupdate1ca2c9565ca07ae);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]

S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [11/18/2010 1:53 AM 38976]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [10/16/2010 12:59 PM 1175556]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-11 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files\Defraggler\df.exe [2011-09-13 09:45]

.

2011-10-11 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00]

.

2011-10-11 c:\windows\Tasks\expressripShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02]

.

2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52]

.

2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job

- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16]

.

2011-10-11 c:\windows\Tasks\pixillionShakeIcon.job

- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59]

.

2011-10-11 c:\windows\Tasks\prismDowngrade.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-10-12 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59]

.

2011-10-12 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-10-11 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03]

.

2011-10-11 c:\windows\Tasks\wavepadDowngrade.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

2011-10-11 c:\windows\Tasks\wavepadShakeIcon.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 63.245.66.41 63.245.66.42

FF - ProfilePath - c:\documents and settings\C.Henry.UPGRADE\Application Data\Mozilla\Firefox\Profiles\5iierj4b.default\

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 640000

FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\C.Henry.UPGRADE\\Desktop

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.download.useDownloadDir - false

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.startup.homepage_override.buildID - 20110928134238

FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1

FF - user.js: browser.syncPromoViewsLeft - 2

FF - user.js: dom.disable_window_flip - false

FF - user.js: extensions.blocklist.pingCountTotal - 2

FF - user.js: extensions.blocklist.pingCountVersion - 2

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 5

FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342A-8307-11DF-A508-4AE2DFD72085}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\:{\descriptor\:\c:\\\\Program Files\\\\CheckPoint\\\\ZAForceField\\\\TrustChecker\,\mtime\:1317440292281},\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]

FF - user.js: extensions.lastAppVersion - 7.0.1

FF - user.js: extensions.lastPlatformVersion - 7.0.1

FF - user.js: extensions.pendingOperations - false

FF - user.js: font.internaluseonly.changed - true

FF - user.js: gfx.blacklist.direct2d - 3

FF - user.js: gfx.blacklist.layers.direct3d10 - 3

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3

FF - user.js: gfx.blacklist.layers.direct3d9 - 3

FF - user.js: gfx.blacklist.layers.opengl - 3

FF - user.js: gfx.blacklist.webgl.angle - 3

FF - user.js: gfx.blacklist.webgl.opengl - 3

FF - user.js: idle.lastDailyNotification - 1317649027

FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1317649027

FF - user.js: places.history.expiration.transient_current_max_pages - 42924

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1317523296

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-12 07:13

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3504)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\devldr32.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

.

**************************************************************************

.

Completion time: 2011-10-12 07:19:38 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-12 11:19

ComboFix2.txt 2011-10-11 21:50

ComboFix3.txt 2011-10-11 14:20

ComboFix4.txt 2011-10-09 16:28

ComboFix5.txt 2011-10-12 11:02

.

Pre-Run: 50,298,290,176 bytes free

Post-Run: 50,167,074,816 bytes free

.

- - End Of File - - C558B7DEDA0FB7CAF83013A32F0D1684

TDSS log:

07:29:30.0156 2540 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54

07:29:31.0031 2540 ============================================================

07:29:31.0031 2540 Current date / time: 2011/10/12 07:29:31.0031

07:29:31.0031 2540 SystemInfo:

07:29:31.0031 2540

07:29:31.0031 2540 OS Version: 5.1.2600 ServicePack: 3.0

07:29:31.0031 2540 Product type: Workstation

07:29:31.0031 2540 ComputerName: UPGRADE

07:29:31.0031 2540 UserName: C.Henry

07:29:31.0031 2540 Windows directory: C:\WINDOWS

07:29:31.0031 2540 System windows directory: C:\WINDOWS

07:29:31.0031 2540 Processor architecture: Intel x86

07:29:31.0031 2540 Number of processors: 1

07:29:31.0031 2540 Page size: 0x1000

07:29:31.0031 2540 Boot type: Normal boot

07:29:31.0031 2540 ============================================================

07:29:32.0171 2540 Initialize success

07:29:55.0000 3664 ============================================================

07:29:55.0000 3664 Scan started

07:29:55.0000 3664 Mode: Manual;

07:29:55.0000 3664 ============================================================

07:29:55.0593 3664 Abiosdsk - ok

07:29:55.0656 3664 abp480n5 - ok

07:29:55.0750 3664 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

07:29:55.0750 3664 ACPI - ok

07:29:55.0843 3664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

07:29:55.0843 3664 ACPIEC - ok

07:29:55.0921 3664 adpu160m - ok

07:29:56.0000 3664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

07:29:56.0015 3664 aec - ok

07:29:56.0109 3664 AegisP (8d155386b3b032ea7513e19f8c8f80a7) C:\WINDOWS\system32\DRIVERS\AegisP.sys

07:29:56.0109 3664 AegisP - ok

07:29:56.0234 3664 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

07:29:56.0234 3664 AFD - ok

07:29:56.0343 3664 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

07:29:56.0343 3664 agp440 - ok

07:29:56.0406 3664 Aha154x - ok

07:29:56.0453 3664 aic78u2 - ok

07:29:56.0515 3664 aic78xx - ok

07:29:56.0578 3664 AliIde - ok

07:29:56.0640 3664 amsint - ok

07:29:56.0703 3664 asc - ok

07:29:56.0765 3664 asc3350p - ok

07:29:56.0812 3664 asc3550 - ok

07:29:56.0921 3664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

07:29:56.0921 3664 AsyncMac - ok

07:29:57.0031 3664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

07:29:57.0031 3664 atapi - ok

07:29:57.0125 3664 Atdisk - ok

07:29:57.0281 3664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

07:29:57.0281 3664 Atmarpc - ok

07:29:57.0390 3664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

07:29:57.0390 3664 audstub - ok

07:29:57.0500 3664 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS

07:29:57.0500 3664 BCM42RLY - ok

07:29:57.0625 3664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

07:29:57.0625 3664 Beep - ok

07:29:57.0656 3664 catchme - ok

07:29:57.0750 3664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

07:29:57.0750 3664 cbidf2k - ok

07:29:57.0828 3664 cd20xrnt - ok

07:29:57.0921 3664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

07:29:57.0921 3664 Cdaudio - ok

07:29:58.0015 3664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

07:29:58.0031 3664 Cdfs - ok

07:29:58.0140 3664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

07:29:58.0140 3664 Cdrom - ok

07:29:58.0250 3664 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

07:29:58.0250 3664 cercsr6 - ok

07:29:58.0359 3664 CmdIde - ok

07:29:58.0437 3664 Cpqarray - ok

07:29:58.0531 3664 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys

07:29:58.0531 3664 ctljystk - ok

07:29:58.0609 3664 dac2w2k - ok

07:29:58.0671 3664 dac960nt - ok

07:29:58.0781 3664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

07:29:58.0781 3664 Disk - ok

07:29:58.0875 3664 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS

07:29:58.0875 3664 DM9102 - ok

07:29:59.0015 3664 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

07:29:59.0046 3664 dmboot - ok

07:29:59.0156 3664 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

07:29:59.0171 3664 dmio - ok

07:29:59.0281 3664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

07:29:59.0281 3664 dmload - ok

07:29:59.0390 3664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

07:29:59.0390 3664 DMusic - ok

07:29:59.0468 3664 dpti2o - ok

07:29:59.0562 3664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

07:29:59.0562 3664 drmkaud - ok

07:29:59.0703 3664 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys

07:29:59.0718 3664 emu10k - ok

07:29:59.0812 3664 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys

07:29:59.0812 3664 emu10k1 - ok

07:29:59.0937 3664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

07:29:59.0937 3664 Fastfat - ok

07:30:00.0062 3664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

07:30:00.0062 3664 Fdc - ok

07:30:00.0171 3664 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

07:30:00.0171 3664 Fips - ok

07:30:00.0281 3664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

07:30:00.0296 3664 Flpydisk - ok

07:30:00.0390 3664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

07:30:00.0390 3664 FltMgr - ok

07:30:00.0484 3664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

07:30:00.0484 3664 Fs_Rec - ok

07:30:00.0593 3664 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

07:30:00.0593 3664 Ftdisk - ok

07:30:00.0687 3664 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

07:30:00.0687 3664 gameenum - ok

07:30:00.0796 3664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

07:30:00.0796 3664 Gpc - ok

07:30:00.0906 3664 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

07:30:00.0906 3664 hidusb - ok

07:30:00.0968 3664 hpn - ok

07:30:01.0062 3664 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

07:30:01.0062 3664 HPZid412 - ok

07:30:01.0156 3664 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

07:30:01.0156 3664 HPZipr12 - ok

07:30:01.0281 3664 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

07:30:01.0281 3664 HPZius12 - ok

07:30:01.0406 3664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

07:30:01.0406 3664 HTTP - ok

07:30:01.0468 3664 i2omp - ok

07:30:01.0562 3664 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

07:30:01.0578 3664 i8042prt - ok

07:30:01.0687 3664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

07:30:01.0687 3664 Imapi - ok

07:30:01.0750 3664 ini910u - ok

07:30:01.0859 3664 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

07:30:01.0859 3664 IntelIde - ok

07:30:01.0953 3664 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

07:30:01.0953 3664 intelppm - ok

07:30:02.0046 3664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

07:30:02.0046 3664 Ip6Fw - ok

07:30:02.0156 3664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

07:30:02.0156 3664 IpFilterDriver - ok

07:30:02.0281 3664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

07:30:02.0281 3664 IpInIp - ok

07:30:02.0390 3664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

07:30:02.0390 3664 IpNat - ok

07:30:02.0500 3664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

07:30:02.0500 3664 IPSec - ok

07:30:02.0593 3664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

07:30:02.0593 3664 IRENUM - ok

07:30:02.0703 3664 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

07:30:02.0703 3664 isapnp - ok

07:30:02.0812 3664 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

07:30:02.0812 3664 Kbdclass - ok

07:30:02.0890 3664 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

07:30:02.0906 3664 kbdhid - ok

07:30:03.0000 3664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

07:30:03.0000 3664 kmixer - ok

07:30:03.0093 3664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

07:30:03.0109 3664 KSecDD - ok

07:30:03.0218 3664 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys

07:30:03.0218 3664 Lbd - ok

07:30:03.0328 3664 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

07:30:03.0328 3664 MBAMProtector - ok

07:30:03.0453 3664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

07:30:03.0453 3664 mnmdd - ok

07:30:03.0546 3664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

07:30:03.0546 3664 Modem - ok

07:30:03.0656 3664 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

07:30:03.0656 3664 Mouclass - ok

07:30:03.0765 3664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

07:30:03.0765 3664 mouhid - ok

07:30:03.0859 3664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

07:30:03.0859 3664 MountMgr - ok

07:30:03.0921 3664 mraid35x - ok

07:30:04.0031 3664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

07:30:04.0046 3664 MRxDAV - ok

07:30:04.0156 3664 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

07:30:04.0187 3664 MRxSmb - ok

07:30:04.0343 3664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

07:30:04.0343 3664 Msfs - ok

07:30:04.0437 3664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

07:30:04.0437 3664 MSKSSRV - ok

07:30:04.0546 3664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

07:30:04.0546 3664 MSPCLOCK - ok

07:30:04.0640 3664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

07:30:04.0640 3664 MSPQM - ok

07:30:04.0734 3664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

07:30:04.0734 3664 mssmbios - ok

07:30:04.0843 3664 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

07:30:04.0859 3664 Mup - ok

07:30:04.0984 3664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

07:30:05.0000 3664 NDIS - ok

07:30:05.0109 3664 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

07:30:05.0109 3664 NdisTapi - ok

07:30:05.0203 3664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

07:30:05.0203 3664 Ndisuio - ok

07:30:05.0328 3664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

07:30:05.0328 3664 NdisWan - ok

07:30:05.0421 3664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

07:30:05.0421 3664 NDProxy - ok

07:30:05.0531 3664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

07:30:05.0531 3664 NetBIOS - ok

07:30:05.0625 3664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

07:30:05.0640 3664 NetBT - ok

07:30:05.0765 3664 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys

07:30:05.0765 3664 npf - ok

07:30:05.0859 3664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

07:30:05.0859 3664 Npfs - ok

07:30:05.0984 3664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

07:30:06.0000 3664 Ntfs - ok

07:30:06.0125 3664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

07:30:06.0125 3664 Null - ok

07:30:06.0406 3664 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

07:30:06.0531 3664 nv - ok

07:30:06.0656 3664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

07:30:06.0656 3664 NwlnkFlt - ok

07:30:06.0750 3664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

07:30:06.0750 3664 NwlnkFwd - ok

07:30:06.0859 3664 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

07:30:06.0875 3664 NwlnkIpx - ok

07:30:06.0953 3664 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

07:30:06.0953 3664 NwlnkNb - ok

07:30:07.0078 3664 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

07:30:07.0078 3664 NwlnkSpx - ok

07:30:07.0203 3664 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

07:30:07.0203 3664 Parport - ok

07:30:07.0312 3664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

07:30:07.0312 3664 PartMgr - ok

07:30:07.0406 3664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

07:30:07.0406 3664 ParVdm - ok

07:30:07.0515 3664 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

07:30:07.0515 3664 PCI - ok

07:30:07.0578 3664 PCIDump - ok

07:30:07.0656 3664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

07:30:07.0656 3664 PCIIde - ok

07:30:07.0750 3664 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

07:30:07.0765 3664 Pcmcia - ok

07:30:07.0828 3664 perc2 - ok

07:30:07.0890 3664 perc2hib - ok

07:30:08.0015 3664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

07:30:08.0015 3664 PptpMiniport - ok

07:30:08.0125 3664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

07:30:08.0140 3664 PSched - ok

07:30:08.0234 3664 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\WINDOWS\system32\Drivers\pssdk42.sys

07:30:08.0234 3664 PSSDK42 - ok

07:30:08.0359 3664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

07:30:08.0359 3664 Ptilink - ok

07:30:08.0468 3664 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

07:30:08.0468 3664 PxHelp20 - ok

07:30:08.0531 3664 ql1080 - ok

07:30:08.0578 3664 Ql10wnt - ok

07:30:08.0640 3664 ql12160 - ok

07:30:08.0687 3664 ql1240 - ok

07:30:08.0750 3664 ql1280 - ok

07:30:08.0828 3664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

07:30:08.0828 3664 RasAcd - ok

07:30:08.0937 3664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

07:30:08.0937 3664 Rasl2tp - ok

07:30:09.0046 3664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

07:30:09.0062 3664 RasPppoe - ok

07:30:09.0156 3664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

07:30:09.0156 3664 Raspti - ok

07:30:09.0281 3664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

07:30:09.0281 3664 Rdbss - ok

07:30:09.0390 3664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

07:30:09.0390 3664 RDPCDD - ok

07:30:09.0484 3664 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

07:30:09.0500 3664 rdpdr - ok

07:30:09.0625 3664 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

07:30:09.0625 3664 RDPWD - ok

07:30:09.0750 3664 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

07:30:09.0750 3664 redbook - ok

07:30:09.0843 3664 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

07:30:09.0859 3664 RimUsb - ok

07:30:09.0984 3664 RT2500 (4b6f7b6c966e90a55102daa107f44934) C:\WINDOWS\system32\DRIVERS\RT2500.sys

07:30:10.0000 3664 RT2500 - ok

07:30:10.0062 3664 SASKUTIL - ok

07:30:10.0187 3664 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

07:30:10.0187 3664 SCDEmu - ok

07:30:10.0296 3664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

07:30:10.0296 3664 Secdrv - ok

07:30:10.0406 3664 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

07:30:10.0406 3664 serenum - ok

07:30:10.0515 3664 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

07:30:10.0515 3664 Serial - ok

07:30:10.0656 3664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

07:30:10.0656 3664 Sfloppy - ok

07:30:10.0750 3664 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys

07:30:10.0750 3664 sfman - ok

07:30:10.0828 3664 Simbad - ok

07:30:10.0890 3664 Sparrow - ok

07:30:10.0984 3664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

07:30:11.0000 3664 splitter - ok

07:30:11.0109 3664 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

07:30:11.0109 3664 sr - ok

07:30:11.0250 3664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

07:30:11.0281 3664 Srv - ok

07:30:11.0406 3664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

07:30:11.0406 3664 swenum - ok

07:30:11.0500 3664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

07:30:11.0515 3664 swmidi - ok

07:30:11.0578 3664 symc810 - ok

07:30:11.0656 3664 symc8xx - ok

07:30:11.0703 3664 sym_hi - ok

07:30:11.0765 3664 sym_u3 - ok

07:30:11.0843 3664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

07:30:11.0843 3664 sysaudio - ok

07:30:11.0968 3664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

07:30:11.0984 3664 Tcpip - ok

07:30:12.0109 3664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

07:30:12.0109 3664 TDPIPE - ok

07:30:12.0218 3664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

07:30:12.0218 3664 TDTCP - ok

07:30:12.0328 3664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

07:30:12.0328 3664 TermDD - ok

07:30:12.0406 3664 TosIde - ok

07:30:12.0515 3664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

07:30:12.0515 3664 Udfs - ok

07:30:12.0593 3664 ultra - ok

07:30:12.0703 3664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

07:30:12.0718 3664 Update - ok

07:30:12.0875 3664 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

07:30:12.0875 3664 usbaudio - ok

07:30:12.0968 3664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

07:30:12.0968 3664 usbccgp - ok

07:30:13.0093 3664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

07:30:13.0093 3664 usbehci - ok

07:30:13.0203 3664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

07:30:13.0203 3664 usbhub - ok

07:30:13.0296 3664 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

07:30:13.0296 3664 usbprint - ok

07:30:13.0390 3664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

07:30:13.0406 3664 usbscan - ok

07:30:13.0515 3664 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

07:30:13.0515 3664 USBSTOR - ok

07:30:13.0609 3664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

07:30:13.0609 3664 usbuhci - ok

07:30:13.0718 3664 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

07:30:13.0718 3664 USB_RNDIS - ok

07:30:13.0828 3664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

07:30:13.0828 3664 VgaSave - ok

07:30:13.0890 3664 ViaIde - ok

07:30:14.0000 3664 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

07:30:14.0000 3664 VolSnap - ok

07:30:14.0109 3664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

07:30:14.0125 3664 Wanarp - ok

07:30:14.0234 3664 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

07:30:14.0265 3664 Wdf01000 - ok

07:30:14.0390 3664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

07:30:14.0390 3664 wdmaud - ok

07:30:14.0531 3664 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

07:30:14.0531 3664 WinUSB - ok

07:30:14.0703 3664 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

07:30:14.0703 3664 WudfPf - ok

07:30:14.0812 3664 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

07:30:14.0812 3664 WudfRd - ok

07:30:14.0875 3664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

07:30:15.0000 3664 \Device\Harddisk0\DR0 - ok

07:30:15.0015 3664 Boot (0x1200) (ce0b9a7473c6f11317dff6310a225bad) \Device\Harddisk0\DR0\Partition0

07:30:15.0015 3664 \Device\Harddisk0\DR0\Partition0 - ok

07:30:15.0046 3664 Boot (0x1200) (3dc0a3373deda7f2aab27762dd21a599) \Device\Harddisk0\DR0\Partition1

07:30:15.0046 3664 \Device\Harddisk0\DR0\Partition1 - ok

07:30:15.0046 3664 ============================================================

07:30:15.0046 3664 Scan finished

07:30:15.0046 3664 ============================================================

07:30:15.0078 3856 Detected object count: 0

07:30:15.0078 3856 Actual detected object count: 0

Does Firefox still need to be restored to defaults, I don't know what else I could do to help there. I disabled the add-ons.

I still have the spybot program installed, should I remove it?

Link to post
Share on other sites

Hey I did another TDSS scan with the first of the additional options added this time and I got this entry;

"Physical drive: \Device\Harddisk0\DR0"

It's classified as a medium threat object, what should I do about it cause I haven't take any actions yet.

Also I guess that the combofix log is that long because of a recent update, sorry for the trouble

Link to post
Share on other sites

14:29:28.0296 2284 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54

14:29:29.0015 2284 ============================================================

14:29:29.0015 2284 Current date / time: 2011/10/12 14:29:29.0015

14:29:29.0015 2284 SystemInfo:

14:29:29.0015 2284

14:29:29.0015 2284 OS Version: 5.1.2600 ServicePack: 3.0

14:29:29.0015 2284 Product type: Workstation

14:29:29.0015 2284 ComputerName: UPGRADE

14:29:29.0015 2284 UserName: C.Henry

14:29:29.0015 2284 Windows directory: C:\WINDOWS

14:29:29.0031 2284 System windows directory: C:\WINDOWS

14:29:29.0031 2284 Processor architecture: Intel x86

14:29:29.0031 2284 Number of processors: 1

14:29:29.0031 2284 Page size: 0x1000

14:29:29.0031 2284 Boot type: Normal boot

14:29:29.0031 2284 ============================================================

14:29:30.0078 2284 Initialize success

14:29:34.0484 3596 ============================================================

14:29:34.0484 3596 Scan started

14:29:34.0484 3596 Mode: Manual;

14:29:34.0484 3596 ============================================================

14:29:35.0656 3596 Abiosdsk - ok

14:29:35.0687 3596 abp480n5 - ok

14:29:35.0765 3596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:29:35.0765 3596 ACPI - ok

14:29:35.0859 3596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

14:29:35.0859 3596 ACPIEC - ok

14:29:35.0921 3596 adpu160m - ok

14:29:36.0015 3596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:29:36.0031 3596 aec - ok

14:29:36.0125 3596 AegisP (8d155386b3b032ea7513e19f8c8f80a7) C:\WINDOWS\system32\DRIVERS\AegisP.sys

14:29:36.0125 3596 AegisP - ok

14:29:36.0234 3596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

14:29:36.0234 3596 AFD - ok

14:29:36.0359 3596 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

14:29:36.0359 3596 agp440 - ok

14:29:36.0421 3596 Aha154x - ok

14:29:36.0453 3596 aic78u2 - ok

14:29:36.0500 3596 aic78xx - ok

14:29:36.0546 3596 AliIde - ok

14:29:36.0578 3596 amsint - ok

14:29:36.0625 3596 asc - ok

14:29:36.0656 3596 asc3350p - ok

14:29:36.0687 3596 asc3550 - ok

14:29:36.0781 3596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:29:36.0781 3596 AsyncMac - ok

14:29:36.0890 3596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:29:36.0890 3596 atapi - ok

14:29:36.0953 3596 Atdisk - ok

14:29:37.0031 3596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:29:37.0031 3596 Atmarpc - ok

14:29:37.0140 3596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:29:37.0140 3596 audstub - ok

14:29:37.0250 3596 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS

14:29:37.0250 3596 BCM42RLY - ok

14:29:37.0359 3596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:29:37.0359 3596 Beep - ok

14:29:37.0390 3596 catchme - ok

14:29:37.0484 3596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:29:37.0484 3596 cbidf2k - ok

14:29:37.0546 3596 cd20xrnt - ok

14:29:37.0640 3596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:29:37.0640 3596 Cdaudio - ok

14:29:37.0734 3596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:29:37.0734 3596 Cdfs - ok

14:29:37.0828 3596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:29:37.0828 3596 Cdrom - ok

14:29:37.0921 3596 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

14:29:37.0921 3596 cercsr6 - ok

14:29:38.0015 3596 CmdIde - ok

14:29:38.0078 3596 Cpqarray - ok

14:29:38.0203 3596 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys

14:29:38.0203 3596 ctljystk - ok

14:29:38.0296 3596 dac2w2k - ok

14:29:38.0359 3596 dac960nt - ok

14:29:38.0453 3596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:29:38.0453 3596 Disk - ok

14:29:38.0562 3596 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS

14:29:38.0562 3596 DM9102 - ok

14:29:38.0718 3596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

14:29:38.0718 3596 dmboot - ok

14:29:38.0843 3596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

14:29:38.0843 3596 dmio - ok

14:29:38.0953 3596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:29:38.0953 3596 dmload - ok

14:29:39.0078 3596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:29:39.0078 3596 DMusic - ok

14:29:39.0156 3596 dpti2o - ok

14:29:39.0234 3596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:29:39.0234 3596 drmkaud - ok

14:29:39.0343 3596 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys

14:29:39.0343 3596 emu10k - ok

14:29:39.0453 3596 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys

14:29:39.0453 3596 emu10k1 - ok

14:29:39.0562 3596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:29:39.0562 3596 Fastfat - ok

14:29:39.0671 3596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

14:29:39.0671 3596 Fdc - ok

14:29:39.0765 3596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

14:29:39.0765 3596 Fips - ok

14:29:39.0859 3596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

14:29:39.0859 3596 Flpydisk - ok

14:29:39.0984 3596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

14:29:39.0984 3596 FltMgr - ok

14:29:40.0093 3596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:29:40.0093 3596 Fs_Rec - ok

14:29:40.0203 3596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:29:40.0203 3596 Ftdisk - ok

14:29:40.0296 3596 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

14:29:40.0296 3596 gameenum - ok

14:29:40.0390 3596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:29:40.0390 3596 Gpc - ok

14:29:40.0515 3596 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:29:40.0515 3596 hidusb - ok

14:29:40.0578 3596 hpn - ok

14:29:40.0671 3596 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

14:29:40.0671 3596 HPZid412 - ok

14:29:40.0765 3596 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

14:29:40.0765 3596 HPZipr12 - ok

14:29:40.0859 3596 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

14:29:40.0859 3596 HPZius12 - ok

14:29:40.0984 3596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:29:40.0984 3596 HTTP - ok

14:29:41.0046 3596 i2omp - ok

14:29:41.0140 3596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:29:41.0140 3596 i8042prt - ok

14:29:41.0265 3596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:29:41.0265 3596 Imapi - ok

14:29:41.0328 3596 ini910u - ok

14:29:41.0421 3596 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

14:29:41.0421 3596 IntelIde - ok

14:29:41.0515 3596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:29:41.0515 3596 intelppm - ok

14:29:41.0609 3596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

14:29:41.0609 3596 Ip6Fw - ok

14:29:41.0718 3596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:29:41.0718 3596 IpFilterDriver - ok

14:29:41.0812 3596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:29:41.0812 3596 IpInIp - ok

14:29:41.0921 3596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:29:41.0921 3596 IpNat - ok

14:29:42.0031 3596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:29:42.0031 3596 IPSec - ok

14:29:42.0140 3596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:29:42.0140 3596 IRENUM - ok

14:29:42.0234 3596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:29:42.0234 3596 isapnp - ok

14:29:42.0343 3596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:29:42.0343 3596 Kbdclass - ok

14:29:42.0437 3596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

14:29:42.0437 3596 kbdhid - ok

14:29:42.0531 3596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:29:42.0531 3596 kmixer - ok

14:29:42.0640 3596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

14:29:42.0640 3596 KSecDD - ok

14:29:42.0734 3596 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys

14:29:42.0734 3596 Lbd - ok

14:29:42.0843 3596 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

14:29:42.0843 3596 MBAMProtector - ok

14:29:42.0968 3596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:29:42.0968 3596 mnmdd - ok

14:29:43.0078 3596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

14:29:43.0078 3596 Modem - ok

14:29:43.0187 3596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:29:43.0187 3596 Mouclass - ok

14:29:43.0296 3596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:29:43.0296 3596 mouhid - ok

14:29:43.0421 3596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:29:43.0421 3596 MountMgr - ok

14:29:43.0515 3596 mraid35x - ok

14:29:43.0593 3596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:29:43.0609 3596 MRxDAV - ok

14:29:43.0734 3596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:29:43.0734 3596 MRxSmb - ok

14:29:43.0890 3596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:29:43.0890 3596 Msfs - ok

14:29:43.0984 3596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:29:43.0984 3596 MSKSSRV - ok

14:29:44.0109 3596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:29:44.0109 3596 MSPCLOCK - ok

14:29:44.0203 3596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:29:44.0203 3596 MSPQM - ok

14:29:44.0312 3596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:29:44.0312 3596 mssmbios - ok

14:29:44.0421 3596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

14:29:44.0421 3596 Mup - ok

14:29:44.0531 3596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:29:44.0531 3596 NDIS - ok

14:29:44.0625 3596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:29:44.0625 3596 NdisTapi - ok

14:29:44.0734 3596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:29:44.0750 3596 Ndisuio - ok

14:29:44.0843 3596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:29:44.0843 3596 NdisWan - ok

14:29:44.0953 3596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:29:44.0953 3596 NDProxy - ok

14:29:45.0093 3596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:29:45.0109 3596 NetBIOS - ok

14:29:45.0234 3596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:29:45.0250 3596 NetBT - ok

14:29:45.0375 3596 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys

14:29:45.0375 3596 npf - ok

14:29:45.0468 3596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:29:45.0468 3596 Npfs - ok

14:29:45.0593 3596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:29:45.0593 3596 Ntfs - ok

14:29:45.0734 3596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:29:45.0734 3596 Null - ok

14:29:46.0000 3596 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

14:29:46.0031 3596 nv - ok

14:29:46.0156 3596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:29:46.0156 3596 NwlnkFlt - ok

14:29:46.0250 3596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:29:46.0250 3596 NwlnkFwd - ok

14:29:46.0359 3596 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

14:29:46.0359 3596 NwlnkIpx - ok

14:29:46.0453 3596 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

14:29:46.0453 3596 NwlnkNb - ok

14:29:46.0562 3596 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

14:29:46.0562 3596 NwlnkSpx - ok

14:29:46.0671 3596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

14:29:46.0671 3596 Parport - ok

14:29:46.0765 3596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:29:46.0765 3596 PartMgr - ok

14:29:46.0875 3596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

14:29:46.0875 3596 ParVdm - ok

14:29:47.0015 3596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

14:29:47.0015 3596 PCI - ok

14:29:47.0093 3596 PCIDump - ok

14:29:47.0218 3596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

14:29:47.0218 3596 PCIIde - ok

14:29:47.0328 3596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

14:29:47.0328 3596 Pcmcia - ok

14:29:47.0406 3596 perc2 - ok

14:29:47.0453 3596 perc2hib - ok

14:29:47.0578 3596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:29:47.0578 3596 PptpMiniport - ok

14:29:47.0671 3596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:29:47.0687 3596 PSched - ok

14:29:47.0781 3596 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\WINDOWS\system32\Drivers\pssdk42.sys

14:29:47.0781 3596 PSSDK42 - ok

14:29:47.0875 3596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:29:47.0875 3596 Ptilink - ok

14:29:47.0984 3596 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

14:29:47.0984 3596 PxHelp20 - ok

14:29:48.0078 3596 ql1080 - ok

14:29:48.0171 3596 Ql10wnt - ok

14:29:48.0250 3596 ql12160 - ok

14:29:48.0343 3596 ql1240 - ok

14:29:48.0437 3596 ql1280 - ok

14:29:48.0562 3596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:29:48.0562 3596 RasAcd - ok

14:29:48.0671 3596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:29:48.0671 3596 Rasl2tp - ok

14:29:48.0781 3596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:29:48.0781 3596 RasPppoe - ok

14:29:48.0890 3596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:29:48.0890 3596 Raspti - ok

14:29:49.0031 3596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:29:49.0031 3596 Rdbss - ok

14:29:49.0140 3596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:29:49.0140 3596 RDPCDD - ok

14:29:49.0281 3596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:29:49.0281 3596 rdpdr - ok

14:29:49.0375 3596 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

14:29:49.0375 3596 RDPWD - ok

14:29:49.0500 3596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:29:49.0500 3596 redbook - ok

14:29:49.0593 3596 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

14:29:49.0593 3596 RimUsb - ok

14:29:49.0718 3596 RT2500 (4b6f7b6c966e90a55102daa107f44934) C:\WINDOWS\system32\DRIVERS\RT2500.sys

14:29:49.0718 3596 RT2500 - ok

14:29:49.0812 3596 SASKUTIL - ok

14:29:49.0921 3596 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

14:29:49.0921 3596 SCDEmu - ok

14:29:50.0046 3596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:29:50.0046 3596 Secdrv - ok

14:29:50.0171 3596 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:29:50.0171 3596 serenum - ok

14:29:50.0281 3596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

14:29:50.0281 3596 Serial - ok

14:29:50.0406 3596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

14:29:50.0406 3596 Sfloppy - ok

14:29:50.0515 3596 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys

14:29:50.0515 3596 sfman - ok

14:29:50.0578 3596 Simbad - ok

14:29:50.0656 3596 Sparrow - ok

14:29:50.0734 3596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:29:50.0734 3596 splitter - ok

14:29:50.0843 3596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

14:29:50.0843 3596 sr - ok

14:29:50.0984 3596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

14:29:50.0984 3596 Srv - ok

14:29:51.0109 3596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:29:51.0109 3596 swenum - ok

14:29:51.0218 3596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:29:51.0218 3596 swmidi - ok

14:29:51.0296 3596 symc810 - ok

14:29:51.0343 3596 symc8xx - ok

14:29:51.0406 3596 sym_hi - ok

14:29:51.0453 3596 sym_u3 - ok

14:29:51.0546 3596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:29:51.0546 3596 sysaudio - ok

14:29:51.0687 3596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:29:51.0687 3596 Tcpip - ok

14:29:51.0812 3596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:29:51.0812 3596 TDPIPE - ok

14:29:51.0906 3596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:29:51.0921 3596 TDTCP - ok

14:29:52.0031 3596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:29:52.0031 3596 TermDD - ok

14:29:52.0109 3596 TosIde - ok

14:29:52.0203 3596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:29:52.0203 3596 Udfs - ok

14:29:52.0281 3596 ultra - ok

14:29:52.0390 3596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:29:52.0390 3596 Update - ok

14:29:52.0531 3596 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

14:29:52.0531 3596 usbaudio - ok

14:29:52.0625 3596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:29:52.0625 3596 usbccgp - ok

14:29:52.0734 3596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:29:52.0734 3596 usbehci - ok

14:29:52.0843 3596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:29:52.0843 3596 usbhub - ok

14:29:52.0937 3596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:29:52.0937 3596 usbprint - ok

14:29:53.0046 3596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:29:53.0046 3596 usbscan - ok

14:29:53.0156 3596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:29:53.0156 3596 USBSTOR - ok

14:29:53.0281 3596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:29:53.0281 3596 usbuhci - ok

14:29:53.0406 3596 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

14:29:53.0406 3596 USB_RNDIS - ok

14:29:53.0500 3596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:29:53.0500 3596 VgaSave - ok

14:29:53.0578 3596 ViaIde - ok

14:29:53.0656 3596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

14:29:53.0656 3596 VolSnap - ok

14:29:53.0765 3596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:29:53.0765 3596 Wanarp - ok

14:29:53.0875 3596 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

14:29:53.0890 3596 Wdf01000 - ok

14:29:54.0000 3596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:29:54.0015 3596 wdmaud - ok

14:29:54.0203 3596 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

14:29:54.0203 3596 WinUSB - ok

14:29:54.0359 3596 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:29:54.0359 3596 WudfPf - ok

14:29:54.0453 3596 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:29:54.0453 3596 WudfRd - ok

14:29:54.0515 3596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

14:29:54.0640 3596 \Device\Harddisk0\DR0 - ok

14:29:54.0656 3596 Boot (0x1200) (ce0b9a7473c6f11317dff6310a225bad) \Device\Harddisk0\DR0\Partition0

14:29:54.0656 3596 \Device\Harddisk0\DR0\Partition0 - ok

14:29:54.0671 3596 Boot (0x1200) (3dc0a3373deda7f2aab27762dd21a599) \Device\Harddisk0\DR0\Partition1

14:29:54.0671 3596 \Device\Harddisk0\DR0\Partition1 - ok

14:29:54.0671 3596 ============================================================

14:29:54.0671 3596 Scan finished

14:29:54.0671 3596 ============================================================

14:29:54.0687 3532 Detected object count: 0

14:29:54.0687 3532 Actual detected object count: 0

Ok I went a little advanced now and I think Firefox is restored to defaults.

I deleted as much traces of the other two I could find; if there are more traces, I don't know where to look.

Link to post
Share on other sites

Things do seem optimistic infection wise. I can't see any obvious signs of infection but who knows if I still am. ;)

DDS log;

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by C.Henry at 16:15:53 on 2011-10-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1255 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\explorer.exe

C:\Documents and Settings\C.Henry.UPGRADE\Application Data\mjusbsp\magicJack.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tu2011\winstyler\tu_logonui.exe

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:\program files\corestreet\spoofstick\SpoofStickBHO.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dll

uRun: [cdloader] "c:\documents and settings\c.henry.upgrade\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290136917968

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282520954890

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 63.245.66.41 63.245.66.42

TCP: Interfaces\{031219DC-6F85-4FF2-B3BF-A18390BC98F3} : DhcpNameServer = 63.245.66.41 63.245.66.42

TCP: Interfaces\{B0976CA2-33CD-4EFD-AAC2-6DCFB3AB5BF8} : DhcpNameServer = 63.245.66.41 63.245.66.42

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\c.henry.upgrade\application data\mozilla\firefox\profiles\5iierj4b.default\

.

---- FIREFOX POLICIES ----

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 640000

FF - user.js: browser.download.lastDir - c:\\documents and settings\\c.henry.upgrade\\Desktop

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.download.useDownloadDir - false

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.startup.homepage_override.buildID - 20110928134238

FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1

FF - user.js: browser.syncPromoViewsLeft - 2

FF - user.js: dom.disable_window_flip - false

FF - user.js: extensions.blocklist.pingCountTotal - 2

FF - user.js: extensions.blocklist.pingCountVersion - 2

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 5

FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342a-8307-11df-a508-4ae2dfd72085}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{ffb96cc1-7eb3-449d-b827-db661701c6bb}\:{\descriptor\:\c:\\\\program files\\\\checkpoint\\\\zaforcefield\\\\trustchecker\,\mtime\:1317440292281},\{1e73965b-8b48-48be-9c8d-68b920abc1c4}\:{\descriptor\:\c:\\\\program files\\\\avg\\\\avg2012\\\\firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]

FF - user.js: extensions.lastAppVersion - 7.0.1

FF - user.js: extensions.lastPlatformVersion - 7.0.1

FF - user.js: extensions.pendingOperations - false

FF - user.js: font.internaluseonly.changed - true

FF - user.js: gfx.blacklist.direct2d - 3

FF - user.js: gfx.blacklist.layers.direct3d10 - 3

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3

FF - user.js: gfx.blacklist.layers.direct3d9 - 3

FF - user.js: gfx.blacklist.layers.opengl - 3

FF - user.js: gfx.blacklist.webgl.angle - 3

FF - user.js: gfx.blacklist.webgl.opengl - 3

FF - user.js: idle.lastDailyNotification - 1317649027

FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1317649027

FF - user.js: places.history.expiration.transient_current_max_pages - 42924

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1317523296

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

.

============= FINISH: 16:16:10.62 ===============

attach.zip

Link to post
Share on other sites