greatkibble Posted October 2, 2011 ID:481517 Share Posted October 2, 2011 Well I already posted this before, just in the wrong forum so here we go;Its so weird this should happen to me; I've been having this problem with my web browsers, Firefox and Chrome. The problem was whenever trying to access certain sites those browsers would freeze up and considerably slow down like a dying dinosaur which would obligate me to manually terminate them by whatever means. After terminating and trying to reopen the browsers I would get errors of profile still open.For Firefox the only solution was to restart the entire system; for Chrome I only had to open up task manager and end its process - even though there would still be a previous chrome process running after I start up a new one and trying to kill the Firefox process ended with no dice.Trying to solve this I ran all types of scans to check what was up. I used Ad-aware, Spybot-S&D, I removed Microsoft security Essentials and replaced it with AVG antivirus, I already had installed SuperAntiSpyware but it didn't seem to helping my problem though very helpful in finding some trojans lurking around. I use advanced system care so the Iobit Malware fighter is also part of my virus fighting arsenal. Strangely I always had Malwarebytes but hardly used it because it didn't seem to really protect me nor did it pick up anything during scans which my other programs would normally pick up on so I basically left it in a corner for months but today I just updated it from version 4 to 5 and now I see a big difference in the two and even greater benefits to come along with the later version.But all in all I fear its too late for me cause right now my entire Window XP OS has restored straight to 'first-date' setting and now everything has renewed and I'm missing many programs which used to be apart of my desktop. They're still there in the hard drive though thankfully. My custom wallpaper is now the windows default grassy plains with clouds above and the little tweaks and custom bits I added to make my pc more 'me' has now been smudged away and rinsed cleanly all back to default settings. I find the defaults really ugly and unappealing - now everything must be started ever once more - but I won't do anything cause I can still tell whatever did this to my registry is still there and that's why I'm posting this!Before this happened there were a lot of suspicious activity going on in my processes; I could see what in security task manager. I believe 'something' was running all around in windows32 area and overtime disguising theirselves as genuine applications or hiding behind such while modifying things until this happened Even now its sad to know that malicious things can really destroy the framework of everything in your pc and leave you with a worthless trash that doesn't work. For me its more trouble than its worth to be trying to self fix this - I've been trying to for 3 weeks now with no success! This is what it's come to now =/I knew of a file, scvlhosts.exe(not sure if that's the correct spelling)that I believe was malicious cause it was found in drive c: but I don't have a drive c: , all i have is C: (notice the capital letters) so I deleted it but still other things weren't going on or at least I think things weren't going on normally.I learned about this site today as well and was following the first basic procedure for removing malware. I downloaded the defogger tool and ran it but it never prompted me to restart the system(is that normal btw?) ...So getting impatient I went myself to restart the computer and here I am now - and I can't restore anything cause I turned it off, you know, a standard advice given to xp users to not accidentally restore bad data.I don't have a window backup cd too so I'm just in bad luckThe Iobit malware fighter recently picked up a program trying to modify the registry(while in the new hated mode) but I forgot its name, ctfmon.exe I think - I blocked it but not really sure if that helped. Spybot has been removed from the desktop along with many other programs and when trying to reinstall it back to the desktop I get a runtime error - "Runtime Error (at-1:0): Cannot Import dll:C:\Program Files\Spybot - Search & Destroy\UninsSrv.dll."I'm so unlucky this is happening, please just try whatever to help me before its too lateThank you in advance for tryingHere's the most recent Mbam scan log here;mbam-log-2011-10-02 (04-26-37).txtI had problems trying to download the GMER scanner - again I'm still having browser lagging and freezing issues. At least I still got through with DDS, the DDS.txt file here;.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by C.Henry at 10:08:00 on 2011-10-02Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.906 [GMT -4:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: ZoneAlarm Firewall *Enabled* .============== Running Processes ===============.C:\PROGRA~1\AVG\AVG2012\avgrsx.exeC:\Program Files\AVG\AVG2012\avgcsrvx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\IObit\Advanced SystemCare 4\ASCService.exeC:\Program Files\AVG\AVG2012\avgwdsvc.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Nero\Update\NASvc.exeC:\Program Files\AVG\AVG2012\avgnsx.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exeC:\Program Files\AVG\AVG2012\AVGIDSAgent.exeC:\WINDOWS\system32\devldr32.exesvchost.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\AVG\AVG2012\avgtray.exeC:\Program Files\AVG Secure Search\vprot.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\IObit\IObit Malware Fighter\IMF.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: H - No FilemWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tu2011\winstyler\tu_logonui.exeBHO: AutorunsDisabled - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dllBHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dllBHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dllBHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No FileBHO: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No FileBHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dllBHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:\program files\corestreet\spoofstick\SpoofStickBHO.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dllTB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dllTB: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No FileTB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dllTB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostartmRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"mRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"mRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290136917968DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282520954890DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 63.245.66.41 63.245.66.42TCP: Interfaces\{031219DC-6F85-4FF2-B3BF-A18390BC98F3} : DhcpNameServer = 63.245.66.41 63.245.66.42TCP: Interfaces\{B0976CA2-33CD-4EFD-AAC2-6DCFB3AB5BF8} : DhcpNameServer = 63.245.66.41 63.245.66.42Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\c.henry.upgrade\application data\mozilla\firefox\profiles\5iierj4b.default\.============= SERVICES / DRIVERS ===============..=============== Created Last 30 ================..==================== Find3M ====================..============= FINISH: 10:10:22.64 ===============Again I really appreciate anyone helping with my problem(Y)attach.zip Link to post Share on other sites More sharing options...
greatkibble Posted October 4, 2011 Author ID:482271 Share Posted October 4, 2011 *bumping thread*Also I ran safe mode and ran the Gmer scanner which is attached in this thread Again, thanks in advance Link to post Share on other sites More sharing options...
greatkibble Posted October 4, 2011 Author ID:482273 Share Posted October 4, 2011 oops forgot to attach the file he silly me...ark.zip Link to post Share on other sites More sharing options...
greatkibble Posted October 6, 2011 Author ID:482835 Share Posted October 6, 2011 *bump bump* Link to post Share on other sites More sharing options...
greatkibble Posted October 8, 2011 Author ID:483404 Share Posted October 8, 2011 Hello again even though no one hasn't replied to my thread yet.I'm just updating here to tell I now have a windows backup disk so I'm gonna clean this computer.I just wish I could get a reply sooner so I could be guided through this process; I'll just look around this forum concerning that, until someone posts here... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 8, 2011 Root Admin ID:483453 Share Posted October 8, 2011 Hello and sorry for the delay but as you can tell the site is quite busy,Please visit this webpage for instructions for running ComboFix: When the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system. Link to post Share on other sites More sharing options...
greatkibble Posted October 9, 2011 Author ID:483525 Share Posted October 9, 2011 It's ok, I'm happy you cameHere's the Combofix logfile;ComboFix 11-10-08.05 - C.Henry 10/08/2011 19:51:31.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.888 [GMT -4:00]Running from: c:\documents and settings\C.Henry.UPGRADE\Desktop\ComboFix.exeAV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\C.Henry.UPGRADE\Application Data\PriceGongc:\documents and settings\C.Henry.UPGRADE\Application Data\PriceGong\Data\mru.xmlc:\windows\system32\d3d9caps.datc:\windows\system32\drivers\etc\hosts.txt..((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))..2011-10-08 22:02 . 2011-10-08 22:02 -------- d-----w- c:\windows\LastGood2011-10-08 20:19 . 2011-10-08 20:20 -------- d-----w- c:\program files\Sony Media Go Install2011-10-04 02:50 . 2011-10-09 00:06 -------- d-----w- c:\program files\SPYBOT - SEARCH & DESTROY2011-10-02 06:44 . 2011-09-21 18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe2011-10-02 01:09 . 2011-10-08 18:41 -------- d-----w- c:\documents and settings\C.Henry.UPGRADE2011-10-01 22:25 . 2011-10-08 08:15 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE2011-10-01 17:43 . 2011-10-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB2011-10-01 17:42 . 2011-10-01 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters2011-10-01 17:39 . 2011-10-01 17:39 -------- d-----w- c:\program files\PC Drivers HeadQuarters2011-10-01 04:21 . 2011-10-01 04:21 -------- d--h--w- c:\windows\PIF2011-09-30 16:17 . 2011-10-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan2011-09-30 16:16 . 2011-10-01 04:50 -------- d-----w- c:\program files\Security Task Manager2011-09-30 06:45 . 2011-09-30 06:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2011-09-29 15:45 . 2011-09-29 15:45 50688 ----a-w- C:\ATF-Cleaner.exe2011-09-29 01:05 . 2011-09-29 01:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs2011-09-29 01:03 . 2011-09-29 01:04 262 ----a-w- C:\wallpaperviews.vbs2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\program files\SystemRequirementsLab2011-09-27 21:06 . 2011-10-01 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2011-09-24 18:58 . 2011-09-21 18:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2011-09-22 15:58 . 2011-09-22 15:58 -------- d-----w- C:\$AVG2011-09-22 15:20 . 2011-09-22 15:20 -------- d-----w- c:\program files\Common Files\AVG Secure Search2011-09-22 15:20 . 2011-09-22 15:20 -------- d-----w- c:\program files\AVG Secure Search2011-09-22 15:19 . 2011-10-07 13:03 -------- d-----w- c:\windows\system32\drivers\AVG2011-09-22 15:19 . 2011-09-22 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG20122011-09-21 18:54 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys2011-09-21 18:53 . 2011-09-21 18:53 -------- d-----w- c:\program files\Lavasoft2011-09-21 18:53 . 2011-09-21 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft2011-09-11 12:30 . 2011-09-11 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-01 15:02 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe2011-10-01 04:57 . 2007-11-07 12:12 232960 ----a-w- C:\VC_RED.MSI2011-10-01 02:12 . 2003-10-06 18:16 7700480 ----a-w- c:\windows\system32\nvcpl.dll2011-09-30 22:56 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll2011-09-30 19:19 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe2011-09-29 12:02 . 2011-05-16 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-27 19:32 . 2004-08-04 12:00 142336 ----a-w- c:\windows\system32\nwprovau.dll2011-09-13 10:30 . 2011-07-11 05:13 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2011-08-31 21:00 . 2010-11-07 12:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-19 20:33 . 2011-09-06 00:27 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe2011-08-08 10:08 . 2011-08-08 10:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-07-11 05:14 . 2011-07-11 05:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys2011-07-11 05:14 . 2011-07-11 05:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys2011-07-11 05:14 . 2011-07-11 05:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys2011-07-11 05:14 . 2011-07-11 05:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys2011-07-11 05:14 . 2011-07-11 05:14 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys2011-07-11 05:13 . 2011-07-11 05:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys2010-01-26 14:11 . 2010-11-22 01:06 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe2004-09-12 19:10 . 2010-11-25 01:36 11578 ----a-r- c:\program files\Replacer.cmd2011-09-29 06:53 . 2011-10-02 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit2.dll.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]2011-09-22 15:20 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-22 1451336].[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}].[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}].[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cdloader"="c:\documents and settings\C.Henry.UPGRADE\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-01 7700480]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-20 4393816]"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-22 218440]"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]"nwiz"="nwiz.exe" [2006-10-22 1622016]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TU2011\WinStyler\tu_logonui.exe".[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\WINDOWS\\system32\\mmc.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"="c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"="c:\\Program Files\\KingsIsle Entertainment\\Wizard101\\Wizard101.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Documents and Settings\\C.Henry\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="UpdateSvchost"= c:\\WINDOWS\\optimashit\\svchost.exe"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"="c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"="c:\\Documents and Settings\\C.Henry\\Application Data\\mjusbsp\\magicJack.exe"="c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"="c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"="c:\\Documents and Settings\\C.Henry.UPGRADE\\Application Data\\mjusbsp\\magicJack.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009"20200:UDP"= 20200:UDP:Free Realms tm"20299:UDP"= 20299:UDP:Free Realms tm2"6881:TCP"= 6881:TCP:Port 6881"53952:TCP"= 53952:TCP:port 53952"44191:TCP"= 44191:TCP:Port 44191"86:TCP"= 86:TCP:BroadCam Video Streaming Server TCP/IP Port"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server"20201:UDP"= 20201:UDP:Port 20201"20202:UDP"= 20202:UDP:Port 20202"20203:UDP"= 20203:UDP:Port 20203"20204:UDP"= 20204:UDP:Port 20204"20205:UDP"= 20205:UDP:Port 20205"20206:UDP"= 20206:UDP:Port 20206"20207:UDP"= 20207:UDP:Port 20207"20208:UDP"= 20208:UDP:Port 20208"20209:UDP"= 20209:UDP:Port 20209"20210:UDP"= 20210:UDP:Port 20210"20211:UDP"= 20211:UDP:20211"20212:UDP"= 20212:UDP:Port 20212"20213:UDP"= 20213:UDP:Port 20213"20214:UDP"= 20214:UDP:Port 20214"20215:UDP"= 20215:UDP:Port 20215"20216:UDP"= 20216:UDP:Port 20216"20217:UDP"= 20217:UDP:Port 20217"20218:UDP"= 20218:UDP:Port 20218"20219:UDP"= 20219:UDP:Port 20219"20220:UDP"= 20220:UDP:Port 20220"20221:UDP"= 20221:UDP:Port 20221"20222:UDP"= 20222:UDP:Port 20222"20223:UDP"= 20223:UDP:Port 20223"20224:UDP"= 20224:UDP:Port 20224"20225:UDP"= 20225:UDP:Port 20225"20226:UDP"= 20226:UDP:Port 20226"20227:UDP"= 20227:UDP:Port 20227"20228:UDP"= 20228:UDP:Port 20228"20229:UDP"= 20229:UDP:Port 20229"20230:UDP"= 20230:UDP:Port 20230"20231:UDP"= 20231:UDP:Port 20231"20232:UDP"= 20232:UDP:Port 20232"20233:UDP"= 20233:UDP:Port 20233"20234:UDP"= 20234:UDP:Port 20234"20235:UDP"= 20235:UDP:Port 20235"20236:UDP"= 20236:UDP:Port 20236"20237:UDP"= 20237:UDP:Port 20237"20238:UDP"= 20238:UDP:Port 20238"20239:UDP"= 20239:UDP:Port 20239"20240:UDP"= 20240:UDP:Port 20240"20241:UDP"= 20241:UDP:Port 20241"20242:UDP"= 20242:UDP:Port 20242"20243:UDP"= 20243:UDP:Port 20243"20244:UDP"= 20244:UDP:Port 20244"20245:UDP"= 20245:UDP:Port 20245"20246:UDP"= 20246:UDP:Port 20246"20247:UDP"= 20247:UDP:Port 20247"20248:UDP"= 20248:UDP:Port 20248"20249:UDP"= 20249:UDP:Port 20249"20250:UDP"= 20250:UDP:Port 20250"20251:UDP"= 20251:UDP:Port 20251"20252:UDP"= 20252:UDP:Port 20252"20253:UDP"= 20253:UDP:Port 20253"20254:UDP"= 20254:UDP:Port 20254"20255:UDP"= 20255:UDP:Port 20255"20256:UDP"= 20256:UDP:Port 20256"20257:UDP"= 20257:UDP:Port 20257"20258:UDP"= 20258:UDP:Port 20258"20259:UDP"= 20259:UDP:Port 20259"20260:UDP"= 20260:UDP:Port 20260"20261:UDP"= 20261:UDP:Port 20261"20262:UDP"= 20262:UDP:Port 20262"20263:UDP"= 20263:UDP:Port 20263"20264:UDP"= 20264:UDP:Port 20264"20265:UDP"= 20265:UDP:port 20265"20266:UDP"= 20266:UDP:Port 20266"20267:UDP"= 20267:UDP:Port 20267"20268:UDP"= 20268:UDP:Port 20268"20269:UDP"= 20269:UDP:Port 20269"20270:UDP"= 20270:UDP:Port 20270"20271:UDP"= 20271:UDP:Port 20271"20272:UDP"= 20272:UDP:Port 20272"20273:UDP"= 20273:UDP:Port 20273"20274:UDP"= 20274:UDP:Port 20274"20275:UDP"= 20275:UDP:Port 20275"20276:UDP"= 20276:UDP:port 20276"20277:UDP"= 20277:UDP:Port 20277"20278:UDP"= 20278:UDP:Port 20278"20279:UDP"= 20279:UDP:Port 20279"20280:UDP"= 20280:UDP:Port 20280"20281:UDP"= 20281:UDP:Port 20281"20282:UDP"= 20282:UDP:Port 20282"20283:UDP"= 20283:UDP:Port 20283"20284:UDP"= 20284:UDP:Port 20284"20285:UDP"= 20285:UDP:Port 20285"20286:UDP"= 20286:UDP:Port 20286"20287:UDP"= 20287:UDP:Port 20287"20288:UDP"= 20288:UDP:Port 20288"20289:UDP"= 20289:UDP:Port 20289"20290:UDP"= 20290:UDP:Port 20290"20291:UDP"= 20291:UDP:Port 20291"20292:UDP"= 20292:UDP:Port 20292"20293:UDP"= 20293:UDP:Port 20293"20294:UDP"= 20294:UDP:Port 20294"20296:UDP"= 20296:UDP:Port 20296"20297:UDP"= 20297:UDP:Port 20297"20295:UDP"= 20295:UDP:Port 20295"20298:UDP"= 20298:UDP:Port 20298"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management .R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 32592]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/21/2011 2:54 PM 64512]R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/5/2011 8:27 PM 14776]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [9/5/2011 8:24 PM 328536]R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [9/5/2011 8:26 PM 820568]R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 11:25 AM 26872]R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/15/2011 11:25 AM 488952]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 8:48 AM 366152]R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [7/22/2011 2:26 PM 690472]R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [9/22/2011 11:20 AM 246600]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 8:48 AM 22216]R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [9/5/2011 8:26 PM 30368]R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [9/5/2011 8:26 PM 16080]R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]S1 MpKsl0fa035be;MpKsl0fa035be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys [?]S1 MpKsl0fbb6989;MpKsl0fbb6989;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys [?]S1 MpKsl30d36f72;MpKsl30d36f72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys [?]S1 MpKsl333bf458;MpKsl333bf458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys [?]S1 MpKsl46a99366;MpKsl46a99366;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys [?]S1 MpKsl59e99f45;MpKsl59e99f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys [?]S1 MpKsl681962f3;MpKsl681962f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys [?]S1 MpKsl6fff11b7;MpKsl6fff11b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys [?]S1 MpKsl72ab06f5;MpKsl72ab06f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys [?]S1 MpKsl7385528c;MpKsl7385528c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys [?]S1 MpKsl790e18a0;MpKsl790e18a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys [?]S1 MpKsl836a2924;MpKsl836a2924;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys [?]S1 MpKsl85f9705b;MpKsl85f9705b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys [?]S1 MpKsl8836105c;MpKsl8836105c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys [?]S1 MpKsl9496f593;MpKsl9496f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys [?]S1 MpKsl952967d3;MpKsl952967d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys [?]S1 MpKsl9e395e06;MpKsl9e395e06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys [?]S1 MpKsl9ebaeedb;MpKsl9ebaeedb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys [?]S1 MpKslc8e71ba2;MpKslc8e71ba2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys [?]S1 MpKsle6108664;MpKsle6108664;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys [?]S1 MpKsle7a8409d;MpKsle7a8409d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys [?]S1 MpKslf660ee8d;MpKslf660ee8d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys [?]S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]S2 gupdate1ca2c9565ca07ae;Google Update Service (gupdate1ca2c9565ca07ae);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2151640]S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [11/18/2010 1:53 AM 38976]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [10/16/2010 12:59 PM 1175556]S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [9/5/2011 8:26 PM 239600]S4 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 3:25 PM 15232].--- Other Services/Drivers In Memory ---.*NewlyCreated* - LAVASOFT_KERNEXPLORER*Deregistered* - PAGEDFRG.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM.Contents of the 'Scheduled Tasks' folder.2011-10-08 c:\windows\Tasks\Ad-Aware Scan (everyday protection).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:59].2011-10-08 c:\windows\Tasks\Ad-Aware Scan (Weekly protection).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:59].2011-10-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:59].2011-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57].2011-10-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-09-06 20:40].2011-07-03 c:\windows\Tasks\Defraggler Volume C Task.job- c:\program files\Defraggler\df.exe [2011-09-13 09:45].2011-09-12 c:\windows\Tasks\expressburnShakeIcon.job- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00].2011-06-06 c:\windows\Tasks\expressripShakeIcon.job- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02].2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-06-06 c:\windows\Tasks\pixillionShakeIcon.job- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59].2011-06-06 c:\windows\Tasks\prismDowngrade.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-07-09 c:\windows\Tasks\prismShakeIcon.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-10-08 c:\windows\Tasks\User_Feed_Synchronization-{4D2ABBC6-BA46-42D6-ADD5-C2E6C2D58B6A}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31].2011-10-08 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31].2011-06-06 c:\windows\Tasks\videopadShakeIcon.job- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03].2011-06-06 c:\windows\Tasks\wavepadDowngrade.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01].2011-06-06 c:\windows\Tasks\wavepadShakeIcon.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]..------- Supplementary Scan -------.TCP: DhcpNameServer = 63.245.66.41 63.245.66.42Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dllFF - ProfilePath - c:\documents and settings\C.Henry.UPGRADE\Application Data\Mozilla\Firefox\Profiles\5iierj4b.default\# Mozilla User Preferences/* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467FF - user.js: browser.bookmarks.restore_default_bookmarks - falseFF - user.js: browser.cache.disk.capacity - 1048576FF - user.js: browser.cache.disk.smart_size.first_run - falseFF - user.js: browser.cache.disk.smart_size_cached_value - 640000FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\C.Henry.UPGRADE\\DesktopFF - user.js: browser.download.manager.alertOnEXEOpen - trueFF - user.js: browser.download.useDownloadDir - falseFF - user.js: browser.migration.version - 5FF - user.js: browser.places.smartBookmarksVersion - 2FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - trueFF - user.js: browser.rights.3.shown - trueFF - user.js: browser.startup.homepage_override.buildID - 20110928134238FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1FF - user.js: browser.syncPromoViewsLeft - 2FF - user.js: dom.disable_window_flip - falseFF - user.js: extensions.blocklist.pingCountTotal - 2FF - user.js: extensions.blocklist.pingCountVersion - 2FF - user.js: extensions.bootstrappedAddons - {}FF - user.js: extensions.databaseSchema - 5FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342A-8307-11DF-A508-4AE2DFD72085}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\:{\descriptor\:\c:\\\\Program Files\\\\CheckPoint\\\\ZAForceField\\\\TrustChecker\,\mtime\:1317440292281},\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]FF - user.js: extensions.lastAppVersion - 7.0.1FF - user.js: extensions.lastPlatformVersion - 7.0.1FF - user.js: extensions.pendingOperations - falseFF - user.js: font.internaluseonly.changed - trueFF - user.js: gfx.blacklist.direct2d - 3FF - user.js: gfx.blacklist.layers.direct3d10 - 3FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3FF - user.js: gfx.blacklist.layers.direct3d9 - 3FF - user.js: gfx.blacklist.layers.opengl - 3FF - user.js: gfx.blacklist.webgl.angle - 3FF - user.js: gfx.blacklist.webgl.opengl - 3FF - user.js: idle.lastDailyNotification - 1317649027FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8FF - user.js: network.cookie.prefsMigrated - trueFF - user.js: places.database.lastMaintenance - 1317649027FF - user.js: places.history.expiration.transient_current_max_pages - 42924FF - user.js: pref.advanced.javascript.disable_button.advanced - falseFF - user.js: privacy.sanitize.migrateFx3Prefs - trueFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: storage.vacuum.last.index - 1FF - user.js: storage.vacuum.last.places.sqlite - 1317523296FF - user.js: toolkit.telemetry.prompted - trueFF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - .- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)BHO-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)Toolbar-Locked - (no file)Toolbar-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-08 20:43Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1104)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dllc:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll.- - - - - - - > 'lsass.exe'(1164)c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll.Completion time: 2011-10-08 20:47:08ComboFix-quarantined-files.txt 2011-10-09 00:46.Pre-Run: 50,846,928,896 bytes freePost-Run: 51,049,959,424 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut /TUTag=TXUGW3.- - End Of File - - 2F0DFDB9FD2E979C1FCEE03993E4F1F4I never knew that after running Combofix there would be an automatic DDS scan, but my scans failed numerously when Cfx did its job and it never automatically restored from blanking out the taskbar - luckily I knew about the explorer.exe task in Task manager so that helped but I never got any DDS files after about 20 mins from running Combofix, so I ran one later, right here;.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by C.Henry at 22:00:38 on 2011-10-08Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.679 [GMT -4:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: ZoneAlarm Firewall *Disabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\IObit\Advanced SystemCare 4\ASCService.exeC:\Program Files\AVG\AVG2012\avgwdsvc.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Nero\Update\NASvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exesvchost.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\AVG\AVG2012\avgtray.exeC:\Program Files\AVG Secure Search\vprot.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Documents and Settings\C.Henry\My Documents\Downloads\SoftonicDownloader_for_vdownloader.exeC:\Program Files\AVG\AVG2012\AVGIDSAgent.exeC:\Program Files\AVG\AVG2012\avgnsx.exeC:\Program Files\AVG\AVG2012\avgrsx.exeC:\Program Files\AVG\AVG2012\avgcsrvx.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\explorer.exeC:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Documents and Settings\C.Henry.UPGRADE\Application Data\mjusbsp\magicJack.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\WINDOWS\System32\NOTEPAD.EXE.============== Pseudo HJT Report ===============.mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tu2011\winstyler\tu_logonui.exeBHO: AutorunsDisabled - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dllBHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dllBHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dllBHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No FileBHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dllBHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:\program files\corestreet\spoofstick\SpoofStickBHO.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dllTB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dllTB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dllTB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dlluRun: [cdloader] "c:\documents and settings\c.henry.upgrade\application data\mjusbsp\cdloader2.exe" MAGICJACKmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostartmRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"mRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"mRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290136917968DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282520954890DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 63.245.66.41 63.245.66.42TCP: Interfaces\{031219DC-6F85-4FF2-B3BF-A18390BC98F3} : DhcpNameServer = 63.245.66.41 63.245.66.42TCP: Interfaces\{B0976CA2-33CD-4EFD-AAC2-6DCFB3AB5BF8} : DhcpNameServer = 63.245.66.41 63.245.66.42Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\c.henry.upgrade\application data\mozilla\firefox\profiles\5iierj4b.default\.---- FIREFOX POLICIES ----# Mozilla User Preferences/* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467FF - user.js: browser.bookmarks.restore_default_bookmarks - falseFF - user.js: browser.cache.disk.capacity - 1048576FF - user.js: browser.cache.disk.smart_size.first_run - falseFF - user.js: browser.cache.disk.smart_size_cached_value - 640000FF - user.js: browser.download.lastDir - c:\\documents and settings\\c.henry.upgrade\\DesktopFF - user.js: browser.download.manager.alertOnEXEOpen - trueFF - user.js: browser.download.useDownloadDir - falseFF - user.js: browser.migration.version - 5FF - user.js: browser.places.smartBookmarksVersion - 2FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - trueFF - user.js: browser.rights.3.shown - trueFF - user.js: browser.startup.homepage_override.buildID - 20110928134238FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1FF - user.js: browser.syncPromoViewsLeft - 2FF - user.js: dom.disable_window_flip - falseFF - user.js: extensions.blocklist.pingCountTotal - 2FF - user.js: extensions.blocklist.pingCountVersion - 2FF - user.js: extensions.bootstrappedAddons - {}FF - user.js: extensions.databaseSchema - 5FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342a-8307-11df-a508-4ae2dfd72085}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{ffb96cc1-7eb3-449d-b827-db661701c6bb}\:{\descriptor\:\c:\\\\program files\\\\checkpoint\\\\zaforcefield\\\\trustchecker\,\mtime\:1317440292281},\{1e73965b-8b48-48be-9c8d-68b920abc1c4}\:{\descriptor\:\c:\\\\program files\\\\avg\\\\avg2012\\\\firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]FF - user.js: extensions.lastAppVersion - 7.0.1FF - user.js: extensions.lastPlatformVersion - 7.0.1FF - user.js: extensions.pendingOperations - falseFF - user.js: font.internaluseonly.changed - trueFF - user.js: gfx.blacklist.direct2d - 3FF - user.js: gfx.blacklist.layers.direct3d10 - 3FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3FF - user.js: gfx.blacklist.layers.direct3d9 - 3FF - user.js: gfx.blacklist.layers.opengl - 3FF - user.js: gfx.blacklist.webgl.angle - 3FF - user.js: gfx.blacklist.webgl.opengl - 3FF - user.js: idle.lastDailyNotification - 1317649027FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8FF - user.js: network.cookie.prefsMigrated - trueFF - user.js: places.database.lastMaintenance - 1317649027FF - user.js: places.history.expiration.transient_current_max_pages - 42924FF - user.js: pref.advanced.javascript.disable_button.advanced - falseFF - user.js: privacy.sanitize.migrateFx3Prefs - trueFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: storage.vacuum.last.index - 1FF - user.js: storage.vacuum.last.places.sqlite - 1317523296FF - user.js: toolkit.telemetry.prompted - trueFF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - .============= SERVICES / DRIVERS ===============..=============== Created Last 30 ================..==================== Find3M ====================..============= FINISH: 22:01:51.03 ===============attach.zip Link to post Share on other sites More sharing options...
greatkibble Posted October 9, 2011 Author ID:483527 Share Posted October 9, 2011 Sorry to say but AVG came back after its 15 minute timeout while combofix was still scanning and picked up some tracking objects; I'm not sure if this affected Cfx's job in a big way Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 9, 2011 Root Admin ID:483552 Share Posted October 9, 2011 Okay well you have a bit of a mess going on here but we'll get you cleaned up and going well again.STEP 01You currently have 3 different Anti-Virus programs installed which is not good and can cause problems.For now please fully uninstall the following programs. When we're done here you can decide which one you want to use.AVG Anti-Virus Free Edition 2012Lavasoft Ad-Watch Live! Anti-VirusAfter removing AVG from the Add/Remove in Control panel you can also download and run this tool to help finish cleaning up any left over items.AVG Manual Removal ToolThen when that is done please run the following to also finish cleaning up after AVGRemove AVG Anti-Virus WMI RegistrationClick on the Start menu.Select Run...Type wbemtest and click OKClick ConnectType (or copy/paste) root/SecurityCenter in the NameSpace boxClick ConnectClick on QueryType in or copy / paste SELECT * FROM AntiVirusProduct and click on ApplyIf there is more than one result, it means there is more than one Antivirus program installed.Double click on each result to view the properties for that Antivirus product.Identify the product(s) installed and DELETE any records for AVGAlso for now please uninstall the ZoneAlarm FirewallAfter removal from the Add/Remove in Control panel you can use this tool to finish cleaning up any left overs.ZoneAlarm CleanSTEP 02Please download and run this program: unhideSTEP 03After you run Uhide then run the following. Click on START - RUN and type in CMD and click OkayThen in the DOS console type type following one line at a time and press the Enter Key after each.NETSH FIREWALL RESET netsh int ip reset c:\resetlog.txtSTEP 04You may have corrupted files on your disk. Please try running the following.First close ALL Applications as this routine will automatically restart your computer.Click on START - RUN and copy / paste the following entry into the box and click OKCMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30STEP 05Please visit this site and restore Firefox back to the factory default settings. Restore Firefox Default Settings Without Uninstalling ItSTEP 06From within Internet Explorer go to Tools/Internet Options/Advanced and click on the Reset button and then quit Internet Explorer.STEP 07Now delete your current copy of Combofix on the desktop and download a new fresh copy.Combofix downloadThen run Combofix again and post back the new log on your next reply and let me know if any programs have come back and how things look now. Link to post Share on other sites More sharing options...
greatkibble Posted October 9, 2011 Author ID:483663 Share Posted October 9, 2011 Here's the Combo log;ComboFix 11-10-09.01 - C.Henry 10/09/2011 12:19:11.2.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1557 [GMT -4:00]Running from: c:\documents and settings\C.Henry.UPGRADE\Desktop\ComboFix.exeAV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}..((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))..2011-10-09 13:43 . 2011-10-09 13:43 -------- d-----w- c:\program files\LAVASOFT2011-10-08 20:19 . 2011-10-08 20:20 -------- d-----w- c:\program files\Sony Media Go Install2011-10-04 02:50 . 2011-10-09 00:46 -------- d-----w- c:\program files\SPYBOT - SEARCH & DESTROY2011-10-02 06:44 . 2011-09-21 18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe2011-10-02 01:09 . 2011-10-09 14:09 -------- d-----w- c:\documents and settings\C.Henry.UPGRADE2011-10-01 22:25 . 2011-10-09 08:15 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE2011-10-01 17:43 . 2011-10-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB2011-10-01 17:42 . 2011-10-01 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters2011-10-01 17:39 . 2011-10-01 17:39 -------- d-----w- c:\program files\PC Drivers HeadQuarters2011-10-01 04:21 . 2011-10-01 04:21 -------- d-----w- c:\windows\PIF2011-09-30 16:17 . 2011-10-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan2011-09-30 16:16 . 2011-10-01 04:50 -------- d-----w- c:\program files\Security Task Manager2011-09-30 06:45 . 2011-09-30 06:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2011-09-29 15:45 . 2011-09-29 15:45 50688 ----a-w- C:\ATF-Cleaner.exe2011-09-29 01:05 . 2011-09-29 01:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs2011-09-29 01:03 . 2011-09-29 01:04 262 ----a-w- C:\wallpaperviews.vbs2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\program files\SystemRequirementsLab2011-09-27 21:06 . 2011-10-01 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2011-09-24 18:58 . 2011-09-21 18:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2011-09-22 15:58 . 2011-09-22 15:58 -------- d-----w- C:\$AVG2011-09-22 15:20 . 2011-10-09 13:49 -------- d-----w- c:\program files\AVG Secure Search2011-09-22 15:19 . 2011-10-09 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG20122011-09-21 18:54 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys2011-09-21 18:53 . 2011-10-09 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft2011-09-11 12:30 . 2011-09-11 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-01 15:02 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe2011-10-01 04:57 . 2007-11-07 12:12 232960 ----a-w- C:\VC_RED.MSI2011-10-01 02:12 . 2003-10-06 18:16 7700480 ----a-w- c:\windows\system32\nvcpl.dll2011-09-30 22:56 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll2011-09-30 19:19 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe2011-09-29 12:02 . 2011-05-16 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-27 19:32 . 2004-08-04 12:00 142336 ----a-w- c:\windows\system32\nwprovau.dll2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2011-08-31 21:00 . 2010-11-07 12:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-19 20:33 . 2011-09-06 00:27 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-01-26 14:11 . 2010-11-22 01:06 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe2004-09-12 19:10 . 2010-11-25 01:36 11578 ----a-r- c:\program files\Replacer.cmd2011-09-29 06:53 . 2011-10-02 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((( SnapShot@2011-10-09_00.43.50 ))))))))))))))))))))))))))))))))))))))))).- 2004-08-04 12:00 . 2011-10-06 14:20 80870 c:\windows\system32\perfc009.dat+ 2004-08-04 12:00 . 2011-10-09 15:47 80870 c:\windows\system32\perfc009.dat+ 2004-08-04 12:00 . 2011-10-09 15:47 484600 c:\windows\system32\perfh009.dat- 2004-08-04 12:00 . 2011-10-06 14:20 484600 c:\windows\system32\perfh009.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit2.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cdloader"="c:\documents and settings\C.Henry.UPGRADE\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-01 7700480]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-20 4393816]"nwiz"="nwiz.exe" [2006-10-22 1622016]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzMzMTE2NjcyLVQxLVRCOCsyLUZMKzgtQjEtU1QxMkZPSSsxLUREVCswLUVVTEErMS1TVDEyRkFQUCsx∏=90&ver=2012.0.1831&mid=0ae8a13333e4fa283e25609d3cf8a258-4b628844da1f1fb03cf3fccc0e864369d2f26c70" [?].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TU2011\WinStyler\tu_logonui.exe".[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"=.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/21/2011 2:54 PM 64512]R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/5/2011 8:27 PM 14776]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [9/5/2011 8:24 PM 328536]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [9/5/2011 8:26 PM 820568]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 8:48 AM 366152]R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [7/22/2011 2:26 PM 690472]R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 8:48 AM 22216]R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [9/5/2011 8:26 PM 30368]R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [9/5/2011 8:26 PM 16080]S1 MpKsl0fa035be;MpKsl0fa035be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys [?]S1 MpKsl0fbb6989;MpKsl0fbb6989;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys [?]S1 MpKsl30d36f72;MpKsl30d36f72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys [?]S1 MpKsl333bf458;MpKsl333bf458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys [?]S1 MpKsl46a99366;MpKsl46a99366;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys [?]S1 MpKsl59e99f45;MpKsl59e99f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys [?]S1 MpKsl681962f3;MpKsl681962f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys [?]S1 MpKsl6fff11b7;MpKsl6fff11b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys [?]S1 MpKsl72ab06f5;MpKsl72ab06f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys [?]S1 MpKsl7385528c;MpKsl7385528c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys [?]S1 MpKsl790e18a0;MpKsl790e18a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys [?]S1 MpKsl836a2924;MpKsl836a2924;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys [?]S1 MpKsl85f9705b;MpKsl85f9705b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys [?]S1 MpKsl8836105c;MpKsl8836105c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys [?]S1 MpKsl9496f593;MpKsl9496f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys [?]S1 MpKsl952967d3;MpKsl952967d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys [?]S1 MpKsl9e395e06;MpKsl9e395e06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys [?]S1 MpKsl9ebaeedb;MpKsl9ebaeedb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys [?]S1 MpKslc8e71ba2;MpKslc8e71ba2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys [?]S1 MpKsle6108664;MpKsle6108664;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys [?]S1 MpKsle7a8409d;MpKsle7a8409d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys [?]S1 MpKslf660ee8d;MpKslf660ee8d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]S2 gupdate1ca2c9565ca07ae;Google Update Service (gupdate1ca2c9565ca07ae);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [11/18/2010 1:53 AM 38976]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [10/16/2010 12:59 PM 1175556]S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [9/5/2011 8:26 PM 239600].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM.Contents of the 'Scheduled Tasks' folder.2011-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57].2011-10-09 c:\windows\Tasks\ASC4_PerformanceMonitor.job- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-09-06 20:40].2011-07-03 c:\windows\Tasks\Defraggler Volume C Task.job- c:\program files\Defraggler\df.exe [2011-09-13 09:45].2011-09-12 c:\windows\Tasks\expressburnShakeIcon.job- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00].2011-06-06 c:\windows\Tasks\expressripShakeIcon.job- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02].2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-06-06 c:\windows\Tasks\pixillionShakeIcon.job- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59].2011-06-06 c:\windows\Tasks\prismDowngrade.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-07-09 c:\windows\Tasks\prismShakeIcon.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{4D2ABBC6-BA46-42D6-ADD5-C2E6C2D58B6A}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31].2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31].2011-06-06 c:\windows\Tasks\videopadShakeIcon.job- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03].2011-06-06 c:\windows\Tasks\wavepadDowngrade.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01].2011-06-06 c:\windows\Tasks\wavepadShakeIcon.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]..------- Supplementary Scan -------.TCP: DhcpNameServer = 63.245.66.41 63.245.66.42FF - ProfilePath - c:\documents and settings\C.Henry.UPGRADE\Application Data\Mozilla\Firefox\Profiles\5iierj4b.default\# Mozilla User Preferences/* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467FF - user.js: browser.bookmarks.restore_default_bookmarks - falseFF - user.js: browser.cache.disk.capacity - 1048576FF - user.js: browser.cache.disk.smart_size.first_run - falseFF - user.js: browser.cache.disk.smart_size_cached_value - 640000FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\C.Henry.UPGRADE\\DesktopFF - user.js: browser.download.manager.alertOnEXEOpen - trueFF - user.js: browser.download.useDownloadDir - falseFF - user.js: browser.migration.version - 5FF - user.js: browser.places.smartBookmarksVersion - 2FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - trueFF - user.js: browser.rights.3.shown - trueFF - user.js: browser.startup.homepage_override.buildID - 20110928134238FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1FF - user.js: browser.syncPromoViewsLeft - 2FF - user.js: dom.disable_window_flip - falseFF - user.js: extensions.blocklist.pingCountTotal - 2FF - user.js: extensions.blocklist.pingCountVersion - 2FF - user.js: extensions.bootstrappedAddons - {}FF - user.js: extensions.databaseSchema - 5FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342A-8307-11DF-A508-4AE2DFD72085}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\:{\descriptor\:\c:\\\\Program Files\\\\CheckPoint\\\\ZAForceField\\\\TrustChecker\,\mtime\:1317440292281},\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]FF - user.js: extensions.lastAppVersion - 7.0.1FF - user.js: extensions.lastPlatformVersion - 7.0.1FF - user.js: extensions.pendingOperations - falseFF - user.js: font.internaluseonly.changed - trueFF - user.js: gfx.blacklist.direct2d - 3FF - user.js: gfx.blacklist.layers.direct3d10 - 3FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3FF - user.js: gfx.blacklist.layers.direct3d9 - 3FF - user.js: gfx.blacklist.layers.opengl - 3FF - user.js: gfx.blacklist.webgl.angle - 3FF - user.js: gfx.blacklist.webgl.opengl - 3FF - user.js: idle.lastDailyNotification - 1317649027FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8FF - user.js: network.cookie.prefsMigrated - trueFF - user.js: places.database.lastMaintenance - 1317649027FF - user.js: places.history.expiration.transient_current_max_pages - 42924FF - user.js: pref.advanced.javascript.disable_button.advanced - falseFF - user.js: privacy.sanitize.migrateFx3Prefs - trueFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: storage.vacuum.last.index - 1FF - user.js: storage.vacuum.last.places.sqlite - 1317523296FF - user.js: toolkit.telemetry.prompted - trueFF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - .- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)SafeBoot-Lavasoft Ad-Aware Service...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-09 12:26Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(876)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll.- - - - - - - > 'explorer.exe'(3164)c:\windows\system32\WININET.dllc:\windows\system32\msi.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2011-10-09 12:28:49ComboFix-quarantined-files.txt 2011-10-09 16:28ComboFix2.txt 2011-10-09 00:47.Pre-Run: 51,305,500,672 bytes freePost-Run: 51,302,551,552 bytes free.- - End Of File - - 5ECC4A7B9082E36E29D1014E0AF27CB2I did just as you told but there was this part I skipped over, the wbemtest for finding multiple antivirus programs which showed two entries but neither was labelled under AVG so I didn't do anything.None of the shortcuts from my major downfall came back, sadly, but Internet explorer showed up on the desktop.The windows file checker only found one problem - it replaced some bad keys for something I can't really remember.Also the browsers aren't lagging or stalling anymore but I'm still not convinced all is well now is itI'm guessing these were problems from long before these new problems came about, but now I'm questioning whether the windows reinstall is necessary at this point? Link to post Share on other sites More sharing options...
greatkibble Posted October 10, 2011 Author ID:484343 Share Posted October 10, 2011 Hey, the system's performance has increased dramatically, but I guess that should be normal at this stageAny late news? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 10, 2011 Root Admin ID:484357 Share Posted October 10, 2011 STEP 01You may want to reconsider if you really want to use this application on your computer or not. All of these applications or drivers are from iObitIObit Malware FighterSmartDefragDriverAdvanced SystemCare ServiceRegFilterUrlFilterFileMonitorPlease see the following post and make up your own mindSTEP 02Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank linesFile::C:\ATF-Cleaner.exec:\program files\BitTorrentBar\prxtbBit2.dllRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}][-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=-[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"=-Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Disable your Antivirus software. If it has Script Blocking features, please disable these as well. A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit.A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.Post back the Combofix log on your next reply.STEP 03Please uninstall SUPERAntispyware for now and if you wish to use it then download a new fresh copy and install it again when we're finished here.The current version is using very old files.STEP 04You should simply uninstall this very old program from Microsoft as well. Microsoft Security Essentials is the latest Anti-Virus from Microsoft for free.Microsoft AntimalwareSTEP 05You're also using very old files of MBAM a full removal and reinstall of our software should be done.Please do the following:Download and run mbam-clean.exe from here It will ask to restart your computer, please allow it to do so very importantAfter the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from hereNote: You will need to reactivate the program using the license you were sent via email if using the Pro versionLaunch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.STEP 06Double check and make sure you still use and want any of these scheduled tasks. Those of them that are over a year old they may or may not even work so best to make sure you want them still and if not then delete them.Contents of the 'Scheduled Tasks' folder.2011-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57].2011-10-09 c:\windows\Tasks\ASC4_PerformanceMonitor.job- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-09-06 20:40].2011-07-03 c:\windows\Tasks\Defraggler Volume C Task.job- c:\program files\Defraggler\df.exe [2011-09-13 09:45].2011-09-12 c:\windows\Tasks\expressburnShakeIcon.job- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00].2011-06-06 c:\windows\Tasks\expressripShakeIcon.job- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02].2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-06-06 c:\windows\Tasks\pixillionShakeIcon.job- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59].2011-06-06 c:\windows\Tasks\prismDowngrade.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-07-09 c:\windows\Tasks\prismShakeIcon.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{4D2ABBC6-BA46-42D6-ADD5-C2E6C2D58B6A}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31].2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31].2011-06-06 c:\windows\Tasks\videopadShakeIcon.job- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03].2011-06-06 c:\windows\Tasks\wavepadDowngrade.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01].2011-06-06 c:\windows\Tasks\wavepadShakeIcon.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]STEP 07Start MBAM and check for updates and do a Quick Scan and post back that log on your next reply.STEP 08Download DDS and save it to your desktophttp://download.bleepingcomputer.com/sUBs/dds.scrDisable any script blocker if your Anti-Virus/Anti-Malware has it.Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.Then double click dds.scr to run the tool.When done, the DDS.txt will open.Click Yes at the next prompt for Optional Scan.When done, DDS will open two (2) logs:DDS.txtAttach.txtSave both reports to your desktopPlease include the following logs in your next reply: DDS.txt and Attach.txtSTEP 09You also show that Lavasoft Ad-Watch Live! Anti-Virus is still installed. Is that the Anti-Virus that you really want to use now? Just checking so that I know what else might need to be removed or updated.STEP 10Did the disk check from step 04 of the previous post run? How long did it take to run CHKDSK? Link to post Share on other sites More sharing options...
greatkibble Posted October 11, 2011 Author ID:484566 Share Posted October 11, 2011 1: Interesting post; I honestly never knew there was a security risk with that program overall. Sadly I'll miss some features I really liked from it, such as the uninstaller app; it was much more powerful than the standard add/remove program - is there an alternative to the app?The first three programs I'm familiar with but the last three, such as file monitor, I was completely unaware of. o:2: ComboFix 11-10-09.01 - C.Henry 10/11/2011 10:11:02.3.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1594 [GMT -4:00]Running from: c:\documents and settings\C.Henry.UPGRADE\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\C.Henry.UPGRADE\Desktop\CFscript.txtAV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.FILE ::"C:\ATF-Cleaner.exe""c:\program files\BitTorrentBar\prxtbBit2.dll"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\ATF-Cleaner.exec:\program files\BitTorrentBar\prxtbBit2.dll..((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))..2011-10-10 04:07 . 2011-10-10 04:07 -------- d-----w- c:\windows\LastGood2011-10-09 13:43 . 2011-10-09 13:43 -------- d-----w- c:\program files\LAVASOFT2011-10-08 20:19 . 2011-10-08 20:20 -------- d-----w- c:\program files\Sony Media Go Install2011-10-04 02:50 . 2011-10-09 00:46 -------- d-----w- c:\program files\SPYBOT - SEARCH & DESTROY2011-10-02 06:44 . 2011-09-21 18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe2011-10-02 01:09 . 2011-10-09 14:09 -------- d-----w- c:\documents and settings\C.Henry.UPGRADE2011-10-01 22:25 . 2011-10-09 08:15 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE2011-10-01 17:43 . 2011-10-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB2011-10-01 17:42 . 2011-10-01 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters2011-10-01 04:21 . 2011-10-01 04:21 -------- d-----w- c:\windows\PIF2011-09-30 16:17 . 2011-10-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan2011-09-30 16:16 . 2011-10-01 04:50 -------- d-----w- c:\program files\Security Task Manager2011-09-30 06:45 . 2011-09-30 06:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2011-09-29 01:05 . 2011-09-29 01:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs2011-09-29 01:03 . 2011-09-29 01:04 262 ----a-w- C:\wallpaperviews.vbs2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\program files\SystemRequirementsLab2011-09-27 21:06 . 2011-10-01 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2011-09-24 18:58 . 2011-09-21 18:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2011-09-22 15:58 . 2011-09-22 15:58 -------- d-----w- C:\$AVG2011-09-22 15:20 . 2011-10-09 13:49 -------- d-----w- c:\program files\AVG Secure Search2011-09-22 15:19 . 2011-10-09 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG20122011-09-21 18:54 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys2011-09-21 18:53 . 2011-10-09 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-01 15:02 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe2011-10-01 04:57 . 2007-11-07 12:12 232960 ----a-w- C:\VC_RED.MSI2011-10-01 02:12 . 2003-10-06 18:16 7700480 ----a-w- c:\windows\system32\nvcpl.dll2011-09-30 22:56 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll2011-09-30 19:19 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe2011-09-29 12:02 . 2011-05-16 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-27 19:32 . 2004-08-04 12:00 142336 ----a-w- c:\windows\system32\nwprovau.dll2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2011-08-31 21:00 . 2010-11-07 12:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-01-26 14:11 . 2010-11-22 01:06 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe2004-09-12 19:10 . 2010-11-25 01:36 11578 ----a-r- c:\program files\Replacer.cmd2011-09-29 06:53 . 2011-10-02 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((( SnapShot@2011-10-09_00.43.50 ))))))))))))))))))))))))))))))))))))))))).- 2004-08-04 12:00 . 2011-10-06 14:20 80870 c:\windows\system32\perfc009.dat+ 2004-08-04 12:00 . 2011-10-09 15:47 80870 c:\windows\system32\perfc009.dat+ 2004-08-04 12:00 . 2011-10-09 15:47 484600 c:\windows\system32\perfh009.dat- 2004-08-04 12:00 . 2011-10-06 14:20 484600 c:\windows\system32\perfh009.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cdloader"="c:\documents and settings\C.Henry.UPGRADE\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-01 7700480]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]"nwiz"="nwiz.exe" [2006-10-22 1622016]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TU2011\WinStyler\tu_logonui.exe".[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Documents and Settings\\C.Henry.UPGRADE\\Application Data\\mjusbsp\\magicJack.exe"=.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/21/2011 2:54 PM 64512]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 8:48 AM 366152]R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [7/22/2011 2:26 PM 690472]R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 8:48 AM 22216]S1 MpKsl0fa035be;MpKsl0fa035be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys [?]S1 MpKsl0fbb6989;MpKsl0fbb6989;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys [?]S1 MpKsl30d36f72;MpKsl30d36f72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys [?]S1 MpKsl333bf458;MpKsl333bf458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys [?]S1 MpKsl46a99366;MpKsl46a99366;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys [?]S1 MpKsl59e99f45;MpKsl59e99f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys [?]S1 MpKsl681962f3;MpKsl681962f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys [?]S1 MpKsl6fff11b7;MpKsl6fff11b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys [?]S1 MpKsl72ab06f5;MpKsl72ab06f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys [?]S1 MpKsl7385528c;MpKsl7385528c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys [?]S1 MpKsl790e18a0;MpKsl790e18a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys [?]S1 MpKsl836a2924;MpKsl836a2924;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys [?]S1 MpKsl85f9705b;MpKsl85f9705b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys [?]S1 MpKsl8836105c;MpKsl8836105c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys [?]S1 MpKsl9496f593;MpKsl9496f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys [?]S1 MpKsl952967d3;MpKsl952967d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys [?]S1 MpKsl9e395e06;MpKsl9e395e06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys [?]S1 MpKsl9ebaeedb;MpKsl9ebaeedb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys [?]S1 MpKslc8e71ba2;MpKslc8e71ba2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys [?]S1 MpKsle6108664;MpKsle6108664;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys [?]S1 MpKsle7a8409d;MpKsle7a8409d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys [?]S1 MpKslf660ee8d;MpKslf660ee8d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]S2 gupdate1ca2c9565ca07ae;Google Update Service (gupdate1ca2c9565ca07ae);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [11/18/2010 1:53 AM 38976]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [10/16/2010 12:59 PM 1175556].--- Other Services/Drivers In Memory ---.*Deregistered* - SmartDefragDriver.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM.Contents of the 'Scheduled Tasks' folder.2011-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57].2011-07-03 c:\windows\Tasks\Defraggler Volume C Task.job- c:\program files\Defraggler\df.exe [2011-09-13 09:45].2011-09-12 c:\windows\Tasks\expressburnShakeIcon.job- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00].2011-06-06 c:\windows\Tasks\expressripShakeIcon.job- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02].2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-06-06 c:\windows\Tasks\pixillionShakeIcon.job- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59].2011-06-06 c:\windows\Tasks\prismDowngrade.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-07-09 c:\windows\Tasks\prismShakeIcon.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-10-11 c:\windows\Tasks\User_Feed_Synchronization-{4D2ABBC6-BA46-42D6-ADD5-C2E6C2D58B6A}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31].2011-10-11 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31].2011-06-06 c:\windows\Tasks\videopadShakeIcon.job- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03].2011-06-06 c:\windows\Tasks\wavepadDowngrade.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01].2011-06-06 c:\windows\Tasks\wavepadShakeIcon.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]..------- Supplementary Scan -------.TCP: DhcpNameServer = 63.245.66.41 63.245.66.42FF - ProfilePath - c:\documents and settings\C.Henry.UPGRADE\Application Data\Mozilla\Firefox\Profiles\5iierj4b.default\# Mozilla User Preferences/* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467FF - user.js: browser.bookmarks.restore_default_bookmarks - falseFF - user.js: browser.cache.disk.capacity - 1048576FF - user.js: browser.cache.disk.smart_size.first_run - falseFF - user.js: browser.cache.disk.smart_size_cached_value - 640000FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\C.Henry.UPGRADE\\DesktopFF - user.js: browser.download.manager.alertOnEXEOpen - trueFF - user.js: browser.download.useDownloadDir - falseFF - user.js: browser.migration.version - 5FF - user.js: browser.places.smartBookmarksVersion - 2FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - trueFF - user.js: browser.rights.3.shown - trueFF - user.js: browser.startup.homepage_override.buildID - 20110928134238FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1FF - user.js: browser.syncPromoViewsLeft - 2FF - user.js: dom.disable_window_flip - falseFF - user.js: extensions.blocklist.pingCountTotal - 2FF - user.js: extensions.blocklist.pingCountVersion - 2FF - user.js: extensions.bootstrappedAddons - {}FF - user.js: extensions.databaseSchema - 5FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342A-8307-11DF-A508-4AE2DFD72085}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\:{\descriptor\:\c:\\\\Program Files\\\\CheckPoint\\\\ZAForceField\\\\TrustChecker\,\mtime\:1317440292281},\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]FF - user.js: extensions.lastAppVersion - 7.0.1FF - user.js: extensions.lastPlatformVersion - 7.0.1FF - user.js: extensions.pendingOperations - falseFF - user.js: font.internaluseonly.changed - trueFF - user.js: gfx.blacklist.direct2d - 3FF - user.js: gfx.blacklist.layers.direct3d10 - 3FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3FF - user.js: gfx.blacklist.layers.direct3d9 - 3FF - user.js: gfx.blacklist.layers.opengl - 3FF - user.js: gfx.blacklist.webgl.angle - 3FF - user.js: gfx.blacklist.webgl.opengl - 3FF - user.js: idle.lastDailyNotification - 1317649027FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8FF - user.js: network.cookie.prefsMigrated - trueFF - user.js: places.database.lastMaintenance - 1317649027FF - user.js: places.history.expiration.transient_current_max_pages - 42924FF - user.js: pref.advanced.javascript.disable_button.advanced - falseFF - user.js: privacy.sanitize.migrateFx3Prefs - trueFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: storage.vacuum.last.index - 1FF - user.js: storage.vacuum.last.places.sqlite - 1317523296FF - user.js: toolkit.telemetry.prompted - trueFF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - ..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-11 10:18Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(876)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll.Completion time: 2011-10-11 10:20:08ComboFix-quarantined-files.txt 2011-10-11 14:20ComboFix2.txt 2011-10-09 16:28ComboFix3.txt 2011-10-09 00:47.Pre-Run: 50,925,932,544 bytes freePost-Run: 50,910,756,864 bytes free.- - End Of File - - CE2E735A347B2C30AF676DCCEAD96D623 & 4: Uninstalled5: Followed instructions successfully.6: I edited these tasks to my favor. There are a few I seldom use but I do plan on using in the future.7: Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 7923Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870210/11/2011 12:07:42 PMmbam-log-2011-10-11 (12-07-42).txtScan type: Quick scanObjects scanned: 108120Time elapsed: 7 minute(s), 14 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)8: DDS log .DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by C.Henry at 12:20:44 on 2011-10-11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1545 [GMT -4:00].AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Nero\Update\NASvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\devldr32.exeC:\Documents and Settings\C.Henry.UPGRADE\Application Data\mjusbsp\magicJack.exeC:\WINDOWS\System32\NOTEPAD.EXEC:\WINDOWS\System32\NOTEPAD.EXE.============== Pseudo HJT Report ===============.mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tu2011\winstyler\tu_logonui.exeBHO: AutorunsDisabled - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dllBHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:\program files\corestreet\spoofstick\SpoofStickBHO.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dlluRun: [cdloader] "c:\documents and settings\c.henry.upgrade\application data\mjusbsp\cdloader2.exe" MAGICJACKmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290136917968DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282520954890DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\c.henry.upgrade\application data\mozilla\firefox\profiles\5iierj4b.default\.---- FIREFOX POLICIES ----# Mozilla User Preferences/* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467FF - user.js: browser.bookmarks.restore_default_bookmarks - falseFF - user.js: browser.cache.disk.capacity - 1048576FF - user.js: browser.cache.disk.smart_size.first_run - falseFF - user.js: browser.cache.disk.smart_size_cached_value - 640000FF - user.js: browser.download.lastDir - c:\\documents and settings\\c.henry.upgrade\\DesktopFF - user.js: browser.download.manager.alertOnEXEOpen - trueFF - user.js: browser.download.useDownloadDir - falseFF - user.js: browser.migration.version - 5FF - user.js: browser.places.smartBookmarksVersion - 2FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - trueFF - user.js: browser.rights.3.shown - trueFF - user.js: browser.startup.homepage_override.buildID - 20110928134238FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1FF - user.js: browser.syncPromoViewsLeft - 2FF - user.js: dom.disable_window_flip - falseFF - user.js: extensions.blocklist.pingCountTotal - 2FF - user.js: extensions.blocklist.pingCountVersion - 2FF - user.js: extensions.bootstrappedAddons - {}FF - user.js: extensions.databaseSchema - 5FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342a-8307-11df-a508-4ae2dfd72085}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{ffb96cc1-7eb3-449d-b827-db661701c6bb}\:{\descriptor\:\c:\\\\program files\\\\checkpoint\\\\zaforcefield\\\\trustchecker\,\mtime\:1317440292281},\{1e73965b-8b48-48be-9c8d-68b920abc1c4}\:{\descriptor\:\c:\\\\program files\\\\avg\\\\avg2012\\\\firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]FF - user.js: extensions.lastAppVersion - 7.0.1FF - user.js: extensions.lastPlatformVersion - 7.0.1FF - user.js: extensions.pendingOperations - falseFF - user.js: font.internaluseonly.changed - trueFF - user.js: gfx.blacklist.direct2d - 3FF - user.js: gfx.blacklist.layers.direct3d10 - 3FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3FF - user.js: gfx.blacklist.layers.direct3d9 - 3FF - user.js: gfx.blacklist.layers.opengl - 3FF - user.js: gfx.blacklist.webgl.angle - 3FF - user.js: gfx.blacklist.webgl.opengl - 3FF - user.js: idle.lastDailyNotification - 1317649027FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8FF - user.js: network.cookie.prefsMigrated - trueFF - user.js: places.database.lastMaintenance - 1317649027FF - user.js: places.history.expiration.transient_current_max_pages - 42924FF - user.js: pref.advanced.javascript.disable_button.advanced - falseFF - user.js: privacy.sanitize.migrateFx3Prefs - trueFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: storage.vacuum.last.index - 1FF - user.js: storage.vacuum.last.places.sqlite - 1317523296FF - user.js: toolkit.telemetry.prompted - trueFF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - .============= SERVICES / DRIVERS ===============..=============== Created Last 30 ================..==================== Find3M ====================..============= FINISH: 12:21:31.17 ===============Attach log: attach.txt9: Actually no I did try uninstally Ad-aware but it doesn't seem it's gone; I did try removing it from regedit recently but I'm not sure if it's gone now.10: Yes the CHKDSK scan was successful after the restart and it only took 20-25 mins, I think. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 11, 2011 Root Admin ID:484584 Share Posted October 11, 2011 STEP 01Please visit this site for help on removing Lavasoft Ad-WatchHow to uninstall Ad-Aware 9.xSTEP 02Please visit this site and restore Firefox back to the factory default settings. Restore Firefox Default Settings Without Uninstalling ItSTEP 03Please download Javara and run it to fully remove all version of Java. When done we can install the latest version again.STEP 04Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank linesSecCenter::{A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Disable your Antivirus software. If it has Script Blocking features, please disable these as well. A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit.A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.Post back the Combofix log on your next reply.Do you have any missing files or shortcuts in the start menu or any other indications of an infection still? Link to post Share on other sites More sharing options...
greatkibble Posted October 11, 2011 Author ID:484635 Share Posted October 11, 2011 ComboFix 11-10-09.01 - C.Henry 10/11/2011 17:40:12.4.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1547 [GMT -4:00]Running from: c:\documents and settings\C.Henry.UPGRADE\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\C.Henry.UPGRADE\Desktop\CFscript.txtAV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}..((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))..2011-10-11 20:05 . 2011-10-11 20:05 -------- d-----w- c:\program files\VS Revo Group2011-10-11 14:59 . 2011-10-11 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-10-11 14:59 . 2011-10-11 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-10-11 14:59 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-09 13:43 . 2011-10-09 13:43 -------- d-----w- c:\program files\LAVASOFT2011-10-08 20:19 . 2011-10-08 20:20 -------- d-----w- c:\program files\Sony Media Go Install2011-10-04 02:50 . 2011-10-09 00:46 -------- d-----w- c:\program files\SPYBOT - SEARCH & DESTROY2011-10-02 06:44 . 2011-09-21 18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe2011-10-02 01:09 . 2011-10-09 14:09 -------- d-----w- c:\documents and settings\C.Henry.UPGRADE2011-10-01 17:43 . 2011-10-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB2011-10-01 17:42 . 2011-10-01 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters2011-10-01 04:21 . 2011-10-01 04:21 -------- d-----w- c:\windows\PIF2011-09-30 16:17 . 2011-10-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan2011-09-30 16:16 . 2011-10-01 04:50 -------- d-----w- c:\program files\Security Task Manager2011-09-30 06:45 . 2011-09-30 06:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2011-09-29 01:05 . 2011-09-29 01:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs2011-09-29 01:03 . 2011-09-29 01:04 262 ----a-w- C:\wallpaperviews.vbs2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\program files\SystemRequirementsLab2011-09-27 21:06 . 2011-10-01 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2011-09-24 18:58 . 2011-09-21 18:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2011-09-22 15:58 . 2011-09-22 15:58 -------- d-----w- C:\$AVG2011-09-22 15:20 . 2011-10-09 13:49 -------- d-----w- c:\program files\AVG Secure Search2011-09-22 15:19 . 2011-10-09 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG20122011-09-21 18:54 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys2011-09-21 18:53 . 2011-10-09 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-01 15:02 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe2011-10-01 04:57 . 2007-11-07 12:12 232960 ----a-w- C:\VC_RED.MSI2011-10-01 02:12 . 2003-10-06 18:16 7700480 ----a-w- c:\windows\system32\nvcpl.dll2011-09-30 22:56 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll2011-09-30 19:19 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe2011-09-29 12:02 . 2011-05-16 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-27 19:32 . 2004-08-04 12:00 142336 ----a-w- c:\windows\system32\nwprovau.dll2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-01-26 14:11 . 2010-11-22 01:06 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe2004-09-12 19:10 . 2010-11-25 01:36 11578 ----a-r- c:\program files\Replacer.cmd2011-09-29 06:53 . 2011-10-02 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((( SnapShot@2011-10-09_00.43.50 ))))))))))))))))))))))))))))))))))))))))).- 2004-08-04 12:00 . 2011-10-06 14:20 80870 c:\windows\system32\perfc009.dat+ 2004-08-04 12:00 . 2011-10-11 15:08 80870 c:\windows\system32\perfc009.dat+ 2004-08-04 12:00 . 2011-10-11 15:08 484600 c:\windows\system32\perfh009.dat- 2004-08-04 12:00 . 2011-10-06 14:20 484600 c:\windows\system32\perfh009.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cdloader"="c:\documents and settings\C.Henry.UPGRADE\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-01 7700480]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]"nwiz"="nwiz.exe" [2006-10-22 1622016]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TU2011\WinStyler\tu_logonui.exe".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"="c:\\Documents and Settings\\C.Henry.UPGRADE\\Application Data\\mjusbsp\\magicJack.exe"=.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/21/2011 2:54 PM 64512]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/11/2011 10:59 AM 366152]R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [7/22/2011 2:26 PM 690472]R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/11/2011 10:59 AM 22216]S1 MpKsl0fa035be;MpKsl0fa035be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys [?]S1 MpKsl0fbb6989;MpKsl0fbb6989;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl0fbb6989.sys [?]S1 MpKsl30d36f72;MpKsl30d36f72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKsl30d36f72.sys [?]S1 MpKsl333bf458;MpKsl333bf458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF64B81-051C-4A17-A0DF-5014C91D8C89}\MpKsl333bf458.sys [?]S1 MpKsl46a99366;MpKsl46a99366;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl46a99366.sys [?]S1 MpKsl59e99f45;MpKsl59e99f45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3444D5-D97D-4C84-B260-2863EE3F72A7}\MpKsl59e99f45.sys [?]S1 MpKsl681962f3;MpKsl681962f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B11A087-0284-4EC3-8390-CF08E2DC4C8F}\MpKsl681962f3.sys [?]S1 MpKsl6fff11b7;MpKsl6fff11b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsl6fff11b7.sys [?]S1 MpKsl72ab06f5;MpKsl72ab06f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl72ab06f5.sys [?]S1 MpKsl7385528c;MpKsl7385528c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl7385528c.sys [?]S1 MpKsl790e18a0;MpKsl790e18a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3C1CB2-5A1D-4308-9148-4BE14BA90448}\MpKsl790e18a0.sys [?]S1 MpKsl836a2924;MpKsl836a2924;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl836a2924.sys [?]S1 MpKsl85f9705b;MpKsl85f9705b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F521C242-9B9D-472F-A80F-B2597F7B4809}\MpKsl85f9705b.sys [?]S1 MpKsl8836105c;MpKsl8836105c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{711C98D2-67B7-4852-8CB3-4C94E0E24226}\MpKsl8836105c.sys [?]S1 MpKsl9496f593;MpKsl9496f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4883059C-6725-46A6-9EE1-704195679FEE}\MpKsl9496f593.sys [?]S1 MpKsl952967d3;MpKsl952967d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{644D7768-315E-4178-8CA8-6DB4B17078F3}\MpKsl952967d3.sys [?]S1 MpKsl9e395e06;MpKsl9e395e06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC23C9E-9C99-4174-960D-09E094C0ECAB}\MpKsl9e395e06.sys [?]S1 MpKsl9ebaeedb;MpKsl9ebaeedb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BC9E516-D6D4-4A47-9E62-23878CDF10FF}\MpKsl9ebaeedb.sys [?]S1 MpKslc8e71ba2;MpKslc8e71ba2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F17E62F-BAD0-4663-A601-49565D71DCF7}\MpKslc8e71ba2.sys [?]S1 MpKsle6108664;MpKsle6108664;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CE9007E-53A4-4783-B0C4-32250B67F340}\MpKsle6108664.sys [?]S1 MpKsle7a8409d;MpKsle7a8409d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB14A9C9-4980-42A1-B067-366D25A21ECB}\MpKsle7a8409d.sys [?]S1 MpKslf660ee8d;MpKslf660ee8d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{157D2A1D-4E1F-4B01-9D65-618127A0C4BF}\MpKslf660ee8d.sys [?]S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]S2 gupdate1ca2c9565ca07ae;Google Update Service (gupdate1ca2c9565ca07ae);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [11/18/2010 1:53 AM 38976]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [10/16/2010 12:59 PM 1175556].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM.Contents of the 'Scheduled Tasks' folder.2011-10-11 c:\windows\Tasks\Defraggler Volume C Task.job- c:\program files\Defraggler\df.exe [2011-09-13 09:45].2011-10-11 c:\windows\Tasks\expressburnShakeIcon.job- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00].2011-10-11 c:\windows\Tasks\expressripShakeIcon.job- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02].2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-10-11 c:\windows\Tasks\pixillionShakeIcon.job- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59].2011-10-11 c:\windows\Tasks\prismDowngrade.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-10-11 c:\windows\Tasks\prismShakeIcon.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-10-11 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31].2011-10-11 c:\windows\Tasks\videopadShakeIcon.job- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03].2011-10-11 c:\windows\Tasks\wavepadDowngrade.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01].2011-10-11 c:\windows\Tasks\wavepadShakeIcon.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]..------- Supplementary Scan -------.TCP: DhcpNameServer = 63.245.66.41 63.245.66.42FF - ProfilePath - c:\documents and settings\C.Henry.UPGRADE\Application Data\Mozilla\Firefox\Profiles\5iierj4b.default\# Mozilla User Preferences/* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467FF - user.js: browser.bookmarks.restore_default_bookmarks - falseFF - user.js: browser.cache.disk.capacity - 1048576FF - user.js: browser.cache.disk.smart_size.first_run - falseFF - user.js: browser.cache.disk.smart_size_cached_value - 640000FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\C.Henry.UPGRADE\\DesktopFF - user.js: browser.download.manager.alertOnEXEOpen - trueFF - user.js: browser.download.useDownloadDir - falseFF - user.js: browser.migration.version - 5FF - user.js: browser.places.smartBookmarksVersion - 2FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - trueFF - user.js: browser.rights.3.shown - trueFF - user.js: browser.startup.homepage_override.buildID - 20110928134238FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1FF - user.js: browser.syncPromoViewsLeft - 2FF - user.js: dom.disable_window_flip - falseFF - user.js: extensions.blocklist.pingCountTotal - 2FF - user.js: extensions.blocklist.pingCountVersion - 2FF - user.js: extensions.bootstrappedAddons - {}FF - user.js: extensions.databaseSchema - 5FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342A-8307-11DF-A508-4AE2DFD72085}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\:{\descriptor\:\c:\\\\Program Files\\\\CheckPoint\\\\ZAForceField\\\\TrustChecker\,\mtime\:1317440292281},\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]FF - user.js: extensions.lastAppVersion - 7.0.1FF - user.js: extensions.lastPlatformVersion - 7.0.1FF - user.js: extensions.pendingOperations - falseFF - user.js: font.internaluseonly.changed - trueFF - user.js: gfx.blacklist.direct2d - 3FF - user.js: gfx.blacklist.layers.direct3d10 - 3FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3FF - user.js: gfx.blacklist.layers.direct3d9 - 3FF - user.js: gfx.blacklist.layers.opengl - 3FF - user.js: gfx.blacklist.webgl.angle - 3FF - user.js: gfx.blacklist.webgl.opengl - 3FF - user.js: idle.lastDailyNotification - 1317649027FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8FF - user.js: network.cookie.prefsMigrated - trueFF - user.js: places.database.lastMaintenance - 1317649027FF - user.js: places.history.expiration.transient_current_max_pages - 42924FF - user.js: pref.advanced.javascript.disable_button.advanced - falseFF - user.js: privacy.sanitize.migrateFx3Prefs - trueFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: storage.vacuum.last.index - 1FF - user.js: storage.vacuum.last.places.sqlite - 1317523296FF - user.js: toolkit.telemetry.prompted - trueFF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - ..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-11 17:47Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(2404)c:\windows\system32\WININET.dllc:\windows\system32\msi.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2011-10-11 17:50:10ComboFix-quarantined-files.txt 2011-10-11 21:50ComboFix2.txt 2011-10-11 14:20ComboFix3.txt 2011-10-09 16:28ComboFix4.txt 2011-10-09 00:47.Pre-Run: 51,322,662,912 bytes freePost-Run: 51,318,202,368 bytes free.- - End Of File - - 2D8B93701439B47E995D93BFDD752DA8Everything seems to be working 'ok' but one thing that's kinda bothering me is that Malwarebytes keeps informing me of this Ip address it keeps blocking from an incoming source, and it seems to try every hour once or twice.This one is the one who's regularly trying - 200.98.197.93This one, well I've only seen this today - 91.223.89.134Also is it ok to download updates for Combofix cause it said there was a newer version available but I only continued with the scanning. Is it ok to download updates from Microsoft as well? I fear its too late Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 11, 2011 Root Admin ID:484642 Share Posted October 11, 2011 STEP 01Well a couple things. The log shows that you did not reset Firefox back to factory default settings and it does have entries in it that can be causing your issue possibly.STEP 02Yes, please delete your current copy of Combofix and download a new fresh copy.Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank linesdriver::MpKsl0fa035befile::c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sysfolder::c:\documents and settings\All Users\Application Data\Microsoft\Microsoft AntimalwareOpen a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Disable your Antivirus software. If it has Script Blocking features, please disable these as well. A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit.A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.Post back the Combofix log on your next reply.STEP 03Please download and run the following tdsskiller scanner from KasperskyPost back the log file on your next replyBy default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.Logs have names like: UtilityName.Version_Date_Time_log.txt.E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt Link to post Share on other sites More sharing options...
greatkibble Posted October 12, 2011 Author ID:484982 Share Posted October 12, 2011 Part 1 of Combofix log:ComboFix 11-10-11.05 - C.Henry 10/12/2011 7:03.5.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1409 [GMT -4:00]Running from: c:\documents and settings\C.Henry.UPGRADE\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\C.Henry.UPGRADE\Desktop\CFscript.txtAV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.FILE ::"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8A1D-9F19-4916-8D31-F596B03764FF}\MpKsl0fa035be.sys"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_MPKSL0FA035BE-------\Service_MpKsl0fa035be-------\Legacy_MpKsl0fbb6989-------\Legacy_MpKsl30d36f72-------\Legacy_MpKsl333bf458-------\Legacy_MpKsl46a99366-------\Legacy_MpKsl59e99f45-------\Legacy_MpKsl681962f3-------\Legacy_MpKsl6fff11b7-------\Legacy_MpKsl72ab06f5-------\Legacy_MpKsl7385528c-------\Legacy_MpKsl790e18a0-------\Legacy_MpKsl836a2924-------\Legacy_MpKsl85f9705b-------\Legacy_MpKsl8836105c-------\Legacy_MpKsl9496f593-------\Legacy_MpKsl952967d3-------\Legacy_MpKsl9e395e06-------\Legacy_MpKsl9ebaeedb-------\Legacy_MpKslc8e71ba2-------\Legacy_MpKsle7a8409d-------\Legacy_MpKslf660ee8d-------\Service_MpKsl0fbb6989-------\Service_MpKsl30d36f72-------\Service_MpKsl333bf458-------\Service_MpKsl46a99366-------\Service_MpKsl59e99f45-------\Service_MpKsl681962f3-------\Service_MpKsl6fff11b7-------\Service_MpKsl72ab06f5-------\Service_MpKsl7385528c-------\Service_MpKsl790e18a0-------\Service_MpKsl836a2924-------\Service_MpKsl85f9705b-------\Service_MpKsl8836105c-------\Service_MpKsl9496f593-------\Service_MpKsl952967d3-------\Service_MpKsl9e395e06-------\Service_MpKsl9ebaeedb-------\Service_MpKslc8e71ba2-------\Service_MpKsle6108664-------\Service_MpKsle7a8409d-------\Service_MpKslf660ee8d..((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))..2011-10-11 20:05 . 2011-10-11 20:05 -------- d-----w- c:\program files\VS Revo Group2011-10-11 14:59 . 2011-10-11 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-10-11 14:59 . 2011-10-11 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-10-11 14:59 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-09 13:43 . 2011-10-09 13:43 -------- d-----w- c:\program files\LAVASOFT2011-10-08 20:19 . 2011-10-08 20:20 -------- d-----w- c:\program files\Sony Media Go Install2011-10-04 02:50 . 2011-10-09 00:46 -------- d-----w- c:\program files\SPYBOT - SEARCH & DESTROY2011-10-02 06:44 . 2011-09-21 18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe2011-10-02 01:09 . 2011-10-09 14:09 -------- d-----w- c:\documents and settings\C.Henry.UPGRADE2011-10-01 17:43 . 2011-10-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB2011-10-01 17:42 . 2011-10-01 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters2011-10-01 04:21 . 2011-10-01 04:21 -------- d-----w- c:\windows\PIF2011-09-30 16:17 . 2011-10-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan2011-09-30 16:16 . 2011-10-01 04:50 -------- d-----w- c:\program files\Security Task Manager2011-09-30 06:45 . 2011-09-30 06:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2011-09-29 01:05 . 2011-09-29 01:05 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs2011-09-29 01:03 . 2011-09-29 01:04 262 ----a-w- C:\wallpaperviews.vbs2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\program files\SystemRequirementsLab2011-09-27 21:06 . 2011-10-01 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2011-09-24 18:58 . 2011-09-21 18:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2011-09-22 15:58 . 2011-09-22 15:58 -------- d-----w- C:\$AVG2011-09-22 15:20 . 2011-10-09 13:49 -------- d-----w- c:\program files\AVG Secure Search2011-09-22 15:19 . 2011-10-09 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG20122011-09-21 18:54 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys2011-09-21 18:53 . 2011-10-09 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-01 15:02 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe2011-10-01 04:57 . 2007-11-07 12:12 232960 ----a-w- C:\VC_RED.MSI2011-10-01 02:12 . 2003-10-06 18:16 7700480 ----a-w- c:\windows\system32\nvcpl.dll2011-09-30 22:56 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll2011-09-30 19:19 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe2011-09-29 12:02 . 2011-05-16 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-27 19:32 . 2004-08-04 12:00 142336 ----a-w- c:\windows\system32\nwprovau.dll2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-08-22 23:48 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-01-26 14:11 . 2010-11-22 01:06 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe2004-09-12 19:10 . 2010-11-25 01:36 11578 ----a-r- c:\program files\Replacer.cmd2011-09-29 06:53 . 2011-10-02 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll.. Link to post Share on other sites More sharing options...
greatkibble Posted October 12, 2011 Author ID:484983 Share Posted October 12, 2011 Part 2 of Combofix log:((((((((((((((((((((((((((((( SnapShot@2011-10-09_00.43.50 ))))))))))))))))))))))))))))))))))))))))).+ 2004-08-04 12:00 . 2011-10-12 11:17 80870 c:\windows\system32\perfc009.dat- 2004-08-04 12:00 . 2011-10-06 14:20 80870 c:\windows\system32\perfc009.dat+ 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll- 2004-08-04 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll+ 2009-03-08 09:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll- 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll- 2004-08-04 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll- 2010-11-19 02:48 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll+ 2010-11-19 02:48 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll+ 2004-08-04 12:00 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll- 2004-08-04 12:00 . 2009-10-08 18:56 20480 c:\windows\system32\dllcache\oleaccrc.dll- 2004-08-04 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll+ 2010-11-19 02:48 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll- 2010-11-19 02:48 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll- 2004-08-04 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll- 2004-08-04 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll- 2011-05-17 13:27 . 2011-05-17 13:27 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll+ 2011-07-09 13:30 . 2011-07-09 13:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll+ 2011-07-08 18:00 . 2011-07-08 18:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll- 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll+ 2011-07-07 16:04 . 2011-07-07 16:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll- 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll- 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll+ 2011-07-07 16:04 . 2011-07-07 16:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll- 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll+ 2011-07-07 16:03 . 2011-07-07 16:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll- 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe+ 2011-07-07 17:09 . 2011-07-07 17:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe- 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll+ 2011-07-07 17:09 . 2011-07-07 17:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll- 2011-09-06 05:40 . 2011-09-06 05:40 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll- 2011-09-06 05:40 . 2011-09-06 05:40 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll- 2011-09-06 05:40 . 2011-09-06 05:40 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll- 2011-09-06 05:40 . 2011-09-06 05:40 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll- 2011-09-06 05:40 . 2011-09-06 05:40 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll- 2011-09-06 05:40 . 2011-09-06 05:40 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll- 2011-09-06 05:39 . 2011-09-06 05:39 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll- 2011-09-06 05:40 . 2011-09-06 05:40 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll- 2011-09-06 05:39 . 2011-09-06 05:39 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll- 2011-09-06 05:39 . 2011-09-06 05:39 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll- 2011-09-06 05:39 . 2011-09-06 05:39 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll- 2011-09-06 05:39 . 2011-09-06 05:39 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll- 2011-09-06 05:39 . 2011-09-06 05:39 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll- 2011-09-06 05:39 . 2011-09-06 05:39 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll- 2011-09-06 05:39 . 2011-09-06 05:39 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll- 2011-09-06 05:39 . 2011-09-06 05:39 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll+ 2011-10-11 22:23 . 2011-10-11 22:23 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll- 2011-09-06 05:39 . 2011-09-06 05:39 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll- 2011-09-06 05:39 . 2011-09-06 05:39 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll- 2011-09-06 05:39 . 2011-09-06 05:39 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll- 2011-09-06 05:39 . 2011-09-06 05:39 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll+ 2010-08-23 05:22 . 2011-10-11 22:40 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll- 2010-08-23 05:22 . 2011-06-15 13:14 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll+ 2011-10-11 22:21 . 2011-10-11 22:21 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7ed3f3eb\System.Drawing.Design.dll+ 2011-10-11 22:21 . 2011-10-11 22:21 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c36a2929\CustomMarshalers.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\1c177e9aa7a1661ddec16c2f9f30947c\UIAutomationProvider.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\e4f0e0d45a1739bad6cc96377c9dd7f2\System.Windows.Presentation.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\385b56be2d617548e4b731dd050a1f32\System.Web.ApplicationServices.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e08ecf530f270cd45c72318b67826cb1\System.ServiceModel.Channels.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\117b65133fc00228bc249d1c61c387ea\System.AddIn.Contract.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\432eb09604ab71ee1aa4622bfbc4afee\Microsoft.VisualC.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\06ac8d640d2dfa7d4bb23c03584304ef\Accessibility.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\1ee639a35730f580f0266d2466d3976d\WindowsLiveWriter.ni.exe+ 2011-10-11 23:08 . 2011-10-11 23:08 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4490f2c7ba373caac054470763d7081d\WindowsLive.Writer.Api.ni.dll+ 2011-10-11 22:55 . 2011-10-11 22:55 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll+ 2011-10-11 22:46 . 2011-10-11 22:46 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe+ 2011-10-11 22:45 . 2011-10-11 22:45 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\a615508098c5f4f5a34e89d22527c9de\Microsoft.WSMan.Runtime.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\17fc30ccabf04ef1cf60a571067bc6dc\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe+ 2011-10-11 23:05 . 2011-10-11 23:05 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll- 2011-08-12 04:03 . 2011-08-12 04:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll- 2011-08-12 04:03 . 2011-08-12 04:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll- 2011-08-12 04:03 . 2011-08-12 04:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll- 2011-08-12 04:03 . 2011-08-12 04:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll- 2011-08-12 04:03 . 2011-08-12 04:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll- 2011-08-12 04:03 . 2011-08-12 04:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll- 2011-08-12 04:03 . 2011-08-12 04:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll- 2011-08-12 04:03 . 2011-08-12 04:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll- 2011-08-12 04:03 . 2011-08-12 04:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll- 2011-08-12 04:03 . 2011-08-12 04:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll- 2011-08-12 04:03 . 2011-08-12 04:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll- 2011-08-12 04:03 . 2011-08-12 04:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll- 2011-08-12 04:03 . 2011-08-12 04:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll+ 2011-10-11 22:21 . 2011-10-11 22:21 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll- 2011-07-25 15:07 . 2011-07-25 15:07 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll- 2011-08-12 04:03 . 2011-08-12 04:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\3a2ab56bb224b871516526753985ff69\System.Xml.Serialization.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\5cc246adea1b07b9c2a76bbe86fbfe2e\dfsvc.ni.exe- 2011-08-12 04:03 . 2011-08-12 04:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll- 2011-08-12 04:03 . 2011-08-12 04:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll+ 2011-10-11 22:36 . 2011-10-11 22:36 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll+ 2011-10-11 22:37 . 2011-10-11 22:37 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll- 2011-08-12 04:03 . 2011-08-12 04:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll- 2011-08-12 04:03 . 2011-08-12 04:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll- 2011-09-06 05:39 . 2011-09-06 05:39 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll- 2011-09-06 05:39 . 2011-09-06 05:39 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll- 2011-08-12 04:03 . 2011-08-12 04:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll- 2011-08-12 04:03 . 2011-08-12 04:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll- 2004-08-04 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll+ 2004-08-04 12:00 . 2011-10-12 11:17 484600 c:\windows\system32\perfh009.dat- 2004-08-04 12:00 . 2011-10-06 14:20 484600 c:\windows\system32\perfh009.dat+ 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll- 2004-08-04 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll- 2004-08-04 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll+ 2009-03-08 09:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll- 2009-03-08 09:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll- 2004-08-04 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll- 2004-08-04 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll+ 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe+ 2009-08-31 18:21 . 2011-10-11 22:42 283720 c:\windows\system32\FNTCACHE.DAT- 2009-08-31 18:21 . 2011-10-01 01:45 283720 c:\windows\system32\FNTCACHE.DAT+ 2004-08-04 12:00 . 2011-08-22 23:48 916480 c:\windows\system32\dllcache\wininet.dll- 2004-08-04 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll- 2004-08-04 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll- 2004-08-04 12:00 . 2009-10-08 18:57 220160 c:\windows\system32\dllcache\oleacc.dll+ 2004-08-04 12:00 . 2011-09-26 15:41 220160 c:\windows\system32\dllcache\oleacc.dll- 2004-08-04 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll- 2004-08-04 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll+ 2010-11-19 02:48 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll- 2010-11-19 02:48 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll+ 2010-11-19 02:48 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll- 2010-11-19 02:48 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll- 2004-08-04 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll- 2010-11-19 02:48 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll+ 2010-11-19 02:48 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll- 2004-08-04 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll+ 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe- 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys- 2011-05-17 13:27 . 2011-05-17 13:27 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll+ 2011-07-09 13:30 . 2011-07-09 13:30 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll- 2011-05-17 13:27 . 2011-05-17 13:27 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll+ 2011-07-09 13:30 . 2011-07-09 13:30 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll- 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll+ 2011-07-07 09:18 . 2011-07-07 09:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll+ 2011-07-07 09:18 . 2011-07-07 09:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll- 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll+ 2011-07-07 16:04 . 2011-07-07 16:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll- 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll+ 2011-07-07 16:01 . 2011-07-07 16:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll- 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll- 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll+ 2011-07-07 17:09 . 2011-07-07 17:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll- 2011-09-06 05:40 . 2011-09-06 05:40 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll- 2011-09-06 05:40 . 2011-09-06 05:40 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll- 2011-09-06 05:39 . 2011-09-06 05:39 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll- 2011-09-06 05:40 . 2011-09-06 05:40 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll- 2011-09-06 05:40 . 2011-09-06 05:40 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll- 2011-09-06 05:40 . 2011-09-06 05:40 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll- 2011-09-06 05:39 . 2011-09-06 05:39 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll- 2011-09-06 05:40 . 2011-09-06 05:40 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll- 2011-09-06 05:40 . 2011-09-06 05:40 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll- 2011-09-06 05:40 . 2011-09-06 05:40 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll- 2011-09-06 05:39 . 2011-09-06 05:39 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll- 2011-09-06 05:40 . 2011-09-06 05:40 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll- 2011-09-06 05:40 . 2011-09-06 05:40 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll- 2011-09-06 05:39 . 2011-09-06 05:39 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll- 2011-09-06 05:39 . 2011-09-06 05:39 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll- 2011-09-06 05:40 . 2011-09-06 05:40 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll- 2011-09-06 05:39 . 2011-09-06 05:39 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll- 2011-09-06 05:39 . 2011-09-06 05:39 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll- 2011-09-06 05:39 . 2011-09-06 05:39 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll- 2011-09-06 05:39 . 2011-09-06 05:39 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll- 2011-09-06 05:39 . 2011-09-06 05:39 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll- 2011-09-06 05:39 . 2011-09-06 05:39 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll- 2011-09-06 05:39 . 2011-09-06 05:39 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll- 2011-09-06 05:39 . 2011-09-06 05:39 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll- 2011-09-06 05:39 . 2011-09-06 05:39 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll- 2011-09-06 05:39 . 2011-09-06 05:39 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll- 2011-09-06 05:39 . 2011-09-06 05:39 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll- 2011-09-06 05:39 . 2011-09-06 05:39 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll- 2011-09-06 05:39 . 2011-09-06 05:39 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll- 2011-09-06 05:39 . 2011-09-06 05:39 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll- 2011-09-06 05:39 . 2011-09-06 05:39 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll- 2011-09-06 05:39 . 2011-09-06 05:39 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll- 2011-09-06 05:39 . 2011-09-06 05:39 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll- 2011-09-06 05:39 . 2011-09-06 05:39 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll- 2011-09-06 05:39 . 2011-09-06 05:39 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll- 2011-09-06 05:39 . 2011-09-06 05:39 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll- 2011-09-06 05:40 . 2011-09-06 05:40 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll- 2011-09-06 05:40 . 2011-09-06 05:40 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll- 2011-09-06 05:40 . 2011-09-06 05:40 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll- 2011-09-06 05:40 . 2011-09-06 05:40 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll- 2011-09-06 05:40 . 2011-09-06 05:40 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll- 2011-09-06 05:40 . 2011-09-06 05:40 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll- 2011-09-06 05:39 . 2011-09-06 05:39 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll- 2011-09-06 05:39 . 2011-09-06 05:39 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll- 2011-09-06 05:39 . 2011-09-06 05:39 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll- 2011-09-06 05:39 . 2011-09-06 05:39 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll- 2011-09-06 05:39 . 2011-09-06 05:39 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll- 2011-09-06 05:40 . 2011-09-06 05:40 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll- 2011-09-06 05:40 . 2011-09-06 05:40 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll- 2011-09-06 05:39 . 2011-09-06 05:39 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll- 2011-09-06 05:39 . 2011-09-06 05:39 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll- 2011-09-06 05:39 . 2011-09-06 05:39 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll+ 2011-10-11 22:29 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll+ 2011-10-11 22:29 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe+ 2011-10-11 22:29 . 2011-06-23 18:36 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll+ 2011-10-11 22:29 . 2011-06-23 12:05 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe+ 2011-10-11 22:22 . 2011-10-11 22:22 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_98a85068\System.Drawing.dll Link to post Share on other sites More sharing options...
greatkibble Posted October 12, 2011 Author ID:484984 Share Posted October 12, 2011 Part 3 of Combofix log:+ 2011-10-11 22:23 . 2011-10-11 22:23 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e3da2ca4\System.Drawing.Design.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2eefdbb9\CustomMarshalers.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\962b04386ebf18f5871d5ceefa83ba4b\WindowsFormsIntegration.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5b96ee4992d9559ba5483c769bc5c889\UIAutomationTypes.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\1c29539a07226b411e0a1a47aed57183\UIAutomationClient.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\dcad72e49476386b76a81d2df187c32c\System.Windows.Input.Manipulations.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\caf1d94cb89859c72d6c8cd8774068d3\System.Transactions.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bd104bb2f798661c5a972249582b5441\System.ServiceModel.Routing.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\aecd169d75edbcbe626d2a222a02e9f3\System.Security.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\bed774dde4b62ed1d2d55c2d1769d600\System.Runtime.Serialization.Formatters.Soap.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\97126244f88693adb36f94116d8d0dda\System.Numerics.ni.dll+ 2011-10-12 03:32 . 2011-10-12 03:32 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56fe9070b1d56613fd5cf7c73ec3b26f\System.Net.ni.dll+ 2011-10-12 03:32 . 2011-10-12 03:32 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\420c9d9b271bc26d1b6f437f1f4913a9\System.Messaging.ni.dll+ 2011-10-12 02:15 . 2011-10-12 02:15 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\b71ea67c5bfa5b660efc12eb1c6ea4af\System.Management.Instrumentation.ni.dll+ 2011-10-12 02:15 . 2011-10-12 02:15 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\267d7dbdbe126590fba4a11c1ab12926\System.IO.Log.ni.dll+ 2011-10-12 02:15 . 2011-10-12 02:15 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\4ca1f130cbacf72beedf13da42b93e75\System.IdentityModel.Selectors.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd4f85af43b2c177c8d085a8ba3f4993\System.EnterpriseServices.Wrapper.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd4f85af43b2c177c8d085a8ba3f4993\System.EnterpriseServices.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\b806ef4a19c8157e7858e0a15f9cf48d\System.Dynamic.ni.dll+ 2011-10-12 02:15 . 2011-10-12 02:15 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\4178d8536c67896ab77af36a48ee7ec4\System.DirectoryServices.Protocols.ni.dll+ 2011-10-12 02:15 . 2011-10-12 02:15 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\324617c0a492d6acc64325c836553f2c\System.DirectoryServices.AccountManagement.ni.dll+ 2011-10-12 02:15 . 2011-10-12 02:15 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\ca25f888c067fa170d8bba824efa2ca8\System.Device.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\282487a15f595c199b6cc640ea8995e8\System.Data.DataSetExtensions.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\06f71e66b9913a24c22f85a0caef3ae4\System.Configuration.Install.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\fa608e0882b98981cb6fd6e0754bdff8\System.ComponentModel.DataAnnotations.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a91d48ec926171da7de01cf2a10b1dfc\System.ComponentModel.Composition.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\f407937d4694c46537c470007a1df957\System.AddIn.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\80347a66af30b5c14c0114baee4c64f8\System.Activities.DurableInstancing.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\fcbb4a33ebdc8562603bc7f725a088ce\SMSvcHost.ni.exe+ 2011-10-12 02:12 . 2011-10-12 02:12 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\398a52caf1e9fd1a6ea9dd589b0f6e68\SMDiagnostics.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d2d4bdbd9e2196e04dcdd68994a1f952\PresentationFramework.Royale.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\6e48fb2ce01b4758a68f61651d6461d8\PresentationFramework.Luna.ni.dll+ 2011-10-11 22:27 . 2011-10-11 22:27 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\351819dc653a07a310cf1387b3266936\PresentationFramework.Classic.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\edec5402d5424967ba20de137835ed2a\Microsoft.VisualBasic.Compatibility.Data.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\f4ab32c177d931f26072a14c27efc3b5\Microsoft.Transactions.Bridge.Dtc.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\48ad8351ab66166c853d410d3282a408\CustomMarshalers.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe+ 2011-10-11 23:08 . 2011-10-11 23:08 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\8d9744364ead927be159ddaca5c73b6a\WindowsLiveLocal.WriterPlugin.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f3247ee4c8974dcb21978a283ca5dd37\WindowsLive.Writer.Interop.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\de41662d8b5a65327eb32e4601b29734\WindowsLive.Writer.Interop.Mshtml.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c3eeef28ef5d1fe19442fb127106e180\WindowsLive.Writer.HtmlEditor.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb87acb24dd38a2a35c460e960909f26\WindowsLive.Writer.Passport.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b9c42f04581b04b23db07d4d29e47a1d\WindowsLive.Writer.SpellChecker.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\71caec3c513d97567d5196a72ee57ef0\WindowsLive.Writer.BrowserControl.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6adb0eaf9a145a2ba81619e49b1c4480\WindowsLive.Writer.Extensibility.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\599239bb43737ad8063b7e9620a4c16e\WindowsLive.Writer.FileDestinations.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\49ab3a63512d9d028cc4fa800c1c3d2f\WindowsLive.Writer.Localization.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3ae7eae306c355e1efb728fac33b3965\WindowsLive.Writer.Interop.SHDocVw.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1fbb3941992cd85018b7c64a68dce3f8\WindowsLive.Writer.BlogClient.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\14ddbf463c0b9b17f98d8f048777784a\WindowsLive.Writer.Instrumentation.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0c0afa682f30eb3e75011f1c92b04129\WindowsLive.Writer.Controls.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\097baf70e23eed55818deec43d26c44a\WindowsLive.Writer.Mshtml.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\04473507f11eea12b260ab8b2707d423\WindowsLive.Writer.HtmlParser.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\a295b8cfd7c63e29f4972592e2b7ef4b\WindowsLive.Client.ni.dll+ 2011-10-11 22:55 . 2011-10-11 22:55 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll+ 2011-10-11 22:55 . 2011-10-11 22:55 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll+ 2011-10-11 22:55 . 2011-10-11 22:55 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll+ 2011-10-11 23:05 . 2011-10-11 23:05 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll+ 2011-10-11 23:05 . 2011-10-11 23:05 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll+ 2011-10-11 22:51 . 2011-10-11 22:51 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\fee1a48b769a8c4beb335ee5ce006091\System.Data.Entity.Design.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe+ 2011-10-11 22:46 . 2011-10-11 22:46 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll+ 2011-10-11 22:46 . 2011-10-11 22:46 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll+ 2011-10-11 22:46 . 2011-10-11 22:46 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll+ 2011-10-11 22:46 . 2011-10-11 22:46 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe+ 2011-10-11 23:09 . 2011-10-11 23:09 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a976a4b51c81150402b0abee38f41ab1\Microsoft.WSMan.Management.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4a7b6bc850621fa2d38fb08f910ef7\Microsoft.PowerShell.Security.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b3d3d76cfc8350587616860fb0f64ccc\Microsoft.PowerShell.ConsoleHost.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6f6b54b6cebab6867dafeb6db1b98ab1\Microsoft.PowerShell.GraphicalHost.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\592e4b99037ec91cd4201d1ee28895b7\Microsoft.PowerShell.Commands.Management.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3a03ec48148fa16aa65fd9ba5df49cb8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe+ 2011-10-11 23:05 . 2011-10-11 23:05 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll- 2011-08-12 04:03 . 2011-08-12 04:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll- 2011-08-12 04:03 . 2011-08-12 04:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll- 2011-08-12 04:03 . 2011-08-12 04:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll- 2011-08-12 04:03 . 2011-08-12 04:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll- 2011-08-12 04:03 . 2011-08-12 04:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll- 2011-08-12 04:03 . 2011-08-12 04:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll- 2011-08-12 04:03 . 2011-08-12 04:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll- 2011-08-12 04:03 . 2011-08-12 04:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll- 2011-08-12 04:03 . 2011-08-12 04:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll- 2011-08-12 04:03 . 2011-08-12 04:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll- 2011-08-12 04:03 . 2011-08-12 04:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll- 2011-08-12 04:03 . 2011-08-12 04:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll- 2011-08-12 04:03 . 2011-08-12 04:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll- 2011-08-12 04:03 . 2011-08-12 04:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll- 2011-08-12 04:03 . 2011-08-12 04:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll- 2011-08-12 04:03 . 2011-08-12 04:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll- 2011-08-12 04:03 . 2011-08-12 04:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll- 2011-08-12 04:03 . 2011-08-12 04:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll- 2011-08-12 04:03 . 2011-08-12 04:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll- 2011-08-12 04:03 . 2011-08-12 04:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll- 2011-08-12 04:03 . 2011-08-12 04:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll+ 2011-10-11 22:35 . 2011-10-11 22:35 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll- 2011-08-12 04:03 . 2011-08-12 04:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll- 2011-08-12 04:03 . 2011-08-12 04:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll- 2011-08-12 04:03 . 2011-08-12 04:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll- 2011-08-12 04:03 . 2011-08-12 04:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll+ 2011-10-11 22:35 . 2011-10-11 22:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll- 2011-08-12 04:03 . 2011-08-12 04:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll- 2004-08-04 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll+ 2004-08-04 12:00 . 2011-10-03 08:35 5971456 c:\windows\system32\mshtml.dll+ 2009-03-08 09:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll- 2010-08-31 13:42 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys+ 2010-08-31 13:42 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys- 2004-08-04 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll+ 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll+ 2004-08-04 12:00 . 2011-10-03 08:35 5971456 c:\windows\system32\dllcache\mshtml.dll+ 2010-11-19 02:48 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll- 2011-05-17 13:27 . 2011-05-17 13:27 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll+ 2011-07-09 13:30 . 2011-07-09 13:30 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll- 2011-05-17 13:27 . 2011-05-17 13:27 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll+ 2011-07-09 13:30 . 2011-07-09 13:30 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll+ 2011-07-09 13:30 . 2011-07-09 13:30 6724424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll- 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll+ 2011-07-07 09:18 . 2011-07-07 09:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll- 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll+ 2011-07-07 09:18 . 2011-07-07 09:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll- 2010-09-23 19:55 . 2010-09-23 19:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll+ 2011-07-08 17:59 . 2011-07-08 17:59 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll+ 2011-07-08 17:59 . 2011-07-08 17:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll- 2010-09-23 19:55 . 2010-09-23 19:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll- 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll+ 2011-07-07 16:02 . 2011-07-07 16:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll+ 2011-07-07 16:02 . 2011-07-07 16:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll+ 2011-07-08 17:59 . 2011-07-08 17:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll- 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll- 2011-09-06 05:40 . 2011-09-06 05:40 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll- 2011-09-06 05:39 . 2011-09-06 05:39 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll- 2011-09-06 05:39 . 2011-09-06 05:39 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll- 2011-09-06 05:39 . 2011-09-06 05:39 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll- 2011-09-06 05:39 . 2011-09-06 05:39 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll- 2011-09-06 05:39 . 2011-09-06 05:39 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll- 2011-09-06 05:39 . 2011-09-06 05:39 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll- 2011-09-06 05:39 . 2011-09-06 05:39 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll- 2011-09-06 05:39 . 2011-09-06 05:39 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll- 2011-09-06 05:39 . 2011-09-06 05:39 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll- 2011-09-06 05:39 . 2011-09-06 05:39 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll- 2011-09-06 05:40 . 2011-09-06 05:40 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll- 2011-09-06 05:39 . 2011-09-06 05:39 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll- 2011-09-06 05:40 . 2011-09-06 05:40 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll- 2011-09-06 05:39 . 2011-09-06 05:39 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll- 2011-09-06 05:39 . 2011-09-06 05:39 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll+ 2011-10-11 22:29 . 2011-07-25 15:17 5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll+ 2011-10-11 22:29 . 2011-06-23 18:36 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c0e1e388\System.dll+ 2011-10-11 22:21 . 2011-10-11 22:21 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_491bab64\System.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_71930867\System.Xml.dll+ 2011-10-11 22:22 . 2011-10-11 22:22 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2f31e28d\System.Xml.dll+ 2011-10-11 22:22 . 2011-10-11 22:22 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c1da05d2\System.Windows.Forms.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7b64e910\System.Windows.Forms.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f1ddcd92\System.Drawing.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c474f20f\System.Design.dll+ 2011-10-11 22:22 . 2011-10-11 22:22 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_471f98df\System.Design.dll+ 2011-10-11 22:22 . 2011-10-11 22:22 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7b64ec5d\mscorlib.dll+ 2011-10-11 22:23 . 2011-10-11 22:23 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5ece3ab9\mscorlib.dll+ 2011-10-11 22:26 . 2011-10-11 22:26 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\ac9379a0db1d8da11fbc46f09da411db\UIAutomationClientsideProviders.ni.dll+ 2011-10-11 22:25 . 2011-10-11 22:25 9086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll+ 2011-10-11 22:25 . 2011-10-11 22:25 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e3a0483820fafd51c8cd4576de6eb45f\System.Windows.Forms.DataVisualization.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4cbc10b8a84a7ef0fcf9d2885bfe9832\System.Web.Services.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\6663f8ba0327399c1a5b313707cff36f\System.Speech.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a19563d781ccd0807a41d27701d485c6\System.ServiceModel.Activities.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9be7f7f68d488eb02161d3f0663a61a4\System.ServiceModel.Discovery.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0a30a201408744c5315446aef7fb3d5a\System.Printing.ni.dll+ 2011-10-12 02:15 . 2011-10-12 02:15 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll+ 2011-10-12 02:15 . 2011-10-12 02:15 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll+ 2011-10-11 22:27 . 2011-10-11 22:27 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\83a815291644645a3ab1ce55452e1e61\System.DirectoryServices.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\1c2d038775f2c9d42468261118019e6b\System.Deployment.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\14d8a7579839b11151cd901b846d0afb\System.Data.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\05f8ccf31515e720b1663e710e992211\System.Data.SqlXml.ni.dll+ 2011-10-12 02:15 . 2011-10-12 02:15 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\c05998cb3411b039bdfb5d852e1413be\System.Data.Services.Client.ni.dll+ 2011-10-11 22:25 . 2011-10-11 22:25 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\d622a2c40d37cfdb88e4eea7315a323e\System.Data.Linq.ni.dll+ 2011-10-11 22:25 . 2011-10-11 22:25 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\e69e487d338ceb3883b7d175885f0794\System.Activities.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\cc25c620acedf02fd6b5c46238643cab\System.Activities.Presentation.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\49577d8acbf16b6091f5466feae43403\System.Activities.Core.Presentation.ni.dll+ 2011-10-12 02:13 . 2011-10-12 02:13 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\2d23bb6dd81b41002c8f927b95b7b226\ReachFramework.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\ec64d7c99f7e030d39c355ce7a968600\PresentationUI.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c7dd3d91f33a79c70db8bd805a483f4b\Microsoft.VisualBasic.Activities.Compiler.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\596251e8604d886f1edfcd2671a2f371\Microsoft.VisualBasic.Compatibility.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\51df2ad80d91a7669dd1856a9c1061f9\Microsoft.VisualBasic.ni.dll+ 2011-10-12 02:12 . 2011-10-12 02:12 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\477c9b916a9aee0a8beb041ee00a5fcb\Microsoft.Transactions.Bridge.ni.dll+ 2011-10-12 03:32 . 2011-10-12 03:32 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\614f6f698d269e2c56bf23feba58551c\Microsoft.JScript.ni.dll+ 2011-10-11 22:28 . 2011-10-11 22:28 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\f03a7f8f2393a04fac7fecc1c55bd02e\Microsoft.CSharp.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ea9639305271fc22aa925a7356d7db6\WindowsLive.Writer.ApplicationFramework.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b947518f29c960e94304bce3bc2c0d2\WindowsLive.Writer.CoreServices.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3203e91891cafbbb289bcde65e6a8389\WindowsLive.Writer.PostEditor.ni.dll+ 2011-10-11 22:45 . 2011-10-11 22:45 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll+ 2011-10-11 22:55 . 2011-10-11 22:55 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll+ 2011-10-11 22:45 . 2011-10-11 22:45 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll+ 2011-10-11 22:55 . 2011-10-11 22:55 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll+ 2011-10-11 22:52 . 2011-10-11 22:52 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll+ 2011-10-12 02:11 . 2011-10-12 02:11 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll+ 2011-10-11 23:05 . 2011-10-11 23:05 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll+ 2011-10-11 22:51 . 2011-10-11 22:51 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\3959e9012ee532343861eb35c6c72b24\System.Management.Automation.ni.dll+ 2011-10-11 23:05 . 2011-10-11 23:05 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll+ 2011-10-11 22:51 . 2011-10-11 22:51 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll+ 2011-10-11 22:48 . 2011-10-11 22:48 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5d5aa4b926ae422607ea833d934665c2\System.Data.OracleClient.ni.dll+ 2011-10-11 22:49 . 2011-10-11 22:49 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll+ 2011-10-11 23:10 . 2011-10-11 23:10 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\b70adfee3b5ed7e0688d13f24cbec556\System.Data.Entity.ni.dll+ 2011-10-11 22:48 . 2011-10-11 22:48 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll+ 2011-10-11 22:47 . 2011-10-11 22:47 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll+ 2011-10-11 22:47 . 2011-10-11 22:47 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll+ 2011-10-11 22:45 . 2011-10-11 22:45 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\37fd70ad5f3726031995041b246fe862\PresentationBuildTasks.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fba2661cffd923f17dbfa6662adf5ce3\Microsoft.PowerShell.GPowerShell.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eb5b6ad2dc6e2ecbdbb1ce1bf754b32e\Microsoft.PowerShell.Editor.ni.dll+ 2011-10-11 23:09 . 2011-10-11 23:09 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7c0df343514ab15e0fe9b11e9b013b11\Microsoft.PowerShell.Commands.Utility.ni.dll+ 2011-10-12 01:45 . 2011-10-12 01:45 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll+ 2011-10-11 23:08 . 2011-10-11 23:08 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll- 2011-08-12 04:03 . 2011-08-12 04:03 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll- 2011-08-12 04:03 . 2011-08-12 04:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll- 2011-08-12 04:03 . 2011-08-12 04:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll- 2011-08-12 04:03 . 2011-08-12 04:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll+ 2011-10-11 22:35 . 2011-10-11 22:35 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll- 2011-08-12 04:03 . 2011-08-12 04:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll- 2011-08-12 04:03 . 2011-08-12 04:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll+ 2011-10-11 22:37 . 2011-10-11 22:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll+ 2011-10-11 22:36 . 2011-10-11 22:36 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll- 2011-08-12 04:03 . 2011-08-12 04:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll+ 2011-10-11 22:21 . 2011-10-11 22:21 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll- 2011-07-25 15:07 . 2011-07-25 15:07 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll- 2011-07-25 15:07 . 2011-07-25 15:07 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll+ 2011-10-11 22:21 . 2011-10-11 22:21 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll+ 2009-08-31 23:58 . 2011-10-11 22:30 48324552 c:\windows\system32\MRT.exe- 2009-03-08 09:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll+ 2009-03-08 09:39 . 2011-08-23 21:48 11081728 c:\windows\system32\ieframe.dll- 2010-11-19 02:48 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll+ 2010-11-19 02:48 . 2011-08-23 21:48 11081728 c:\windows\system32\dllcache\ieframe.dll+ 2011-07-13 02:49 . 2011-07-13 02:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp+ 2011-10-11 22:39 . 2011-10-11 22:39 20333568 c:\windows\Installer\190854e.msp+ 2011-07-12 00:43 . 2011-07-12 00:43 11641344 c:\windows\Installer\1908542.msp+ 2011-07-11 21:19 . 2011-07-11 21:19 10619904 c:\windows\Installer\1908538.msp+ 2011-07-12 19:50 . 2011-07-12 19:50 17555968 c:\windows\Installer\190852b.msp+ 2011-10-11 22:29 . 2011-06-23 18:36 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll+ 2011-10-11 22:27 . 2011-10-11 22:27 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll+ 2011-10-12 03:33 . 2011-10-12 03:33 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll+ 2011-10-12 02:15 . 2011-10-12 02:15 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\78afce4e1bd3d345ef1fff004659191c\System.Data.Entity.ni.dll+ 2011-10-11 22:27 . 2011-10-11 22:27 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll+ 2011-10-11 22:26 . 2011-10-11 22:26 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll+ 2011-10-11 22:24 . 2011-10-11 22:24 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll+ 2011-10-11 22:55 . 2011-10-11 22:55 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll+ 2011-10-11 23:07 . 2011-10-11 23:07 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll+ 2011-10-11 22:50 . 2011-10-11 22:50 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll+ 2011-10-11 22:46 . 2011-10-11 22:46 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll+ 2011-10-11 22:45 . 2011-10-11 22:45 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll+ 2011-10-11 22:44 . 2011-10-11 22:44 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll.-- Snapshot reset to current date -- Link to post Share on other sites More sharing options...
greatkibble Posted October 12, 2011 Author ID:484985 Share Posted October 12, 2011 Part 4 of Combofix log:.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cdloader"="c:\documents and settings\C.Henry.UPGRADE\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-01 7700480]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]"nwiz"="nwiz.exe" [2006-10-22 1622016]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].c:\documents and settings\C.Henry.UPGRADE\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TU2011\WinStyler\tu_logonui.exe".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"="c:\\Documents and Settings\\C.Henry.UPGRADE\\Application Data\\mjusbsp\\magicJack.exe"=.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/21/2011 2:54 PM 64512]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/11/2011 10:59 AM 366152]R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [7/22/2011 2:26 PM 690472]R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/11/2011 10:59 AM 22216]S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]S2 gupdate1ca2c9565ca07ae;Google Update Service (gupdate1ca2c9565ca07ae);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 8:52 AM 133104]S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [11/18/2010 1:53 AM 38976]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [10/16/2010 12:59 PM 1175556].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM.Contents of the 'Scheduled Tasks' folder.2011-10-11 c:\windows\Tasks\Defraggler Volume C Task.job- c:\program files\Defraggler\df.exe [2011-09-13 09:45].2011-10-11 c:\windows\Tasks\expressburnShakeIcon.job- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-23 07:00].2011-10-11 c:\windows\Tasks\expressripShakeIcon.job- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-09-23 07:02].2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 12:52].2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003Core.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-688789844-682003330-1003UA.job- c:\documents and settings\C.Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 15:16].2011-10-11 c:\windows\Tasks\pixillionShakeIcon.job- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-10-16 16:59].2011-10-11 c:\windows\Tasks\prismDowngrade.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-10-12 c:\windows\Tasks\prismShakeIcon.job- c:\program files\NCH Software\Prism\prism.exe [2010-09-23 16:59].2011-10-12 c:\windows\Tasks\User_Feed_Synchronization-{6AADCA7F-9D09-413E-B8D5-3FB647C74798}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31].2011-10-11 c:\windows\Tasks\videopadShakeIcon.job- c:\program files\NCH Software\VideoPad\videopad.exe [2010-09-23 07:03].2011-10-11 c:\windows\Tasks\wavepadDowngrade.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01].2011-10-11 c:\windows\Tasks\wavepadShakeIcon.job- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-23 07:01]..------- Supplementary Scan -------.TCP: DhcpNameServer = 63.245.66.41 63.245.66.42FF - ProfilePath - c:\documents and settings\C.Henry.UPGRADE\Application Data\Mozilla\Firefox\Profiles\5iierj4b.default\# Mozilla User Preferences/* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467FF - user.js: browser.bookmarks.restore_default_bookmarks - falseFF - user.js: browser.cache.disk.capacity - 1048576FF - user.js: browser.cache.disk.smart_size.first_run - falseFF - user.js: browser.cache.disk.smart_size_cached_value - 640000FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\C.Henry.UPGRADE\\DesktopFF - user.js: browser.download.manager.alertOnEXEOpen - trueFF - user.js: browser.download.useDownloadDir - falseFF - user.js: browser.migration.version - 5FF - user.js: browser.places.smartBookmarksVersion - 2FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - trueFF - user.js: browser.rights.3.shown - trueFF - user.js: browser.startup.homepage_override.buildID - 20110928134238FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1FF - user.js: browser.syncPromoViewsLeft - 2FF - user.js: dom.disable_window_flip - falseFF - user.js: extensions.blocklist.pingCountTotal - 2FF - user.js: extensions.blocklist.pingCountVersion - 2FF - user.js: extensions.bootstrappedAddons - {}FF - user.js: extensions.databaseSchema - 5FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342A-8307-11DF-A508-4AE2DFD72085}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\:{\descriptor\:\c:\\\\Program Files\\\\CheckPoint\\\\ZAForceField\\\\TrustChecker\,\mtime\:1317440292281},\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]FF - user.js: extensions.lastAppVersion - 7.0.1FF - user.js: extensions.lastPlatformVersion - 7.0.1FF - user.js: extensions.pendingOperations - falseFF - user.js: font.internaluseonly.changed - trueFF - user.js: gfx.blacklist.direct2d - 3FF - user.js: gfx.blacklist.layers.direct3d10 - 3FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3FF - user.js: gfx.blacklist.layers.direct3d9 - 3FF - user.js: gfx.blacklist.layers.opengl - 3FF - user.js: gfx.blacklist.webgl.angle - 3FF - user.js: gfx.blacklist.webgl.opengl - 3FF - user.js: idle.lastDailyNotification - 1317649027FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8FF - user.js: network.cookie.prefsMigrated - trueFF - user.js: places.database.lastMaintenance - 1317649027FF - user.js: places.history.expiration.transient_current_max_pages - 42924FF - user.js: pref.advanced.javascript.disable_button.advanced - falseFF - user.js: privacy.sanitize.migrateFx3Prefs - trueFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: storage.vacuum.last.index - 1FF - user.js: storage.vacuum.last.places.sqlite - 1317523296FF - user.js: toolkit.telemetry.prompted - trueFF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - ..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-12 07:13Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(3504)c:\windows\system32\WININET.dllc:\windows\system32\msi.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\nvsvc32.exec:\windows\system32\wscntfy.exec:\windows\system32\RUNDLL32.EXEc:\windows\system32\devldr32.exec:\program files\OpenOffice.org 3\program\soffice.exec:\program files\OpenOffice.org 3\program\soffice.bin.**************************************************************************.Completion time: 2011-10-12 07:19:38 - machine was rebootedComboFix-quarantined-files.txt 2011-10-12 11:19ComboFix2.txt 2011-10-11 21:50ComboFix3.txt 2011-10-11 14:20ComboFix4.txt 2011-10-09 16:28ComboFix5.txt 2011-10-12 11:02.Pre-Run: 50,298,290,176 bytes freePost-Run: 50,167,074,816 bytes free.- - End Of File - - C558B7DEDA0FB7CAF83013A32F0D1684TDSS log:07:29:30.0156 2540 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:5407:29:31.0031 2540 ============================================================07:29:31.0031 2540 Current date / time: 2011/10/12 07:29:31.003107:29:31.0031 2540 SystemInfo:07:29:31.0031 2540 07:29:31.0031 2540 OS Version: 5.1.2600 ServicePack: 3.007:29:31.0031 2540 Product type: Workstation07:29:31.0031 2540 ComputerName: UPGRADE07:29:31.0031 2540 UserName: C.Henry07:29:31.0031 2540 Windows directory: C:\WINDOWS07:29:31.0031 2540 System windows directory: C:\WINDOWS07:29:31.0031 2540 Processor architecture: Intel x8607:29:31.0031 2540 Number of processors: 107:29:31.0031 2540 Page size: 0x100007:29:31.0031 2540 Boot type: Normal boot07:29:31.0031 2540 ============================================================07:29:32.0171 2540 Initialize success07:29:55.0000 3664 ============================================================07:29:55.0000 3664 Scan started07:29:55.0000 3664 Mode: Manual; 07:29:55.0000 3664 ============================================================07:29:55.0593 3664 Abiosdsk - ok07:29:55.0656 3664 abp480n5 - ok07:29:55.0750 3664 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys07:29:55.0750 3664 ACPI - ok07:29:55.0843 3664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys07:29:55.0843 3664 ACPIEC - ok07:29:55.0921 3664 adpu160m - ok07:29:56.0000 3664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys07:29:56.0015 3664 aec - ok07:29:56.0109 3664 AegisP (8d155386b3b032ea7513e19f8c8f80a7) C:\WINDOWS\system32\DRIVERS\AegisP.sys07:29:56.0109 3664 AegisP - ok07:29:56.0234 3664 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys07:29:56.0234 3664 AFD - ok07:29:56.0343 3664 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys07:29:56.0343 3664 agp440 - ok07:29:56.0406 3664 Aha154x - ok07:29:56.0453 3664 aic78u2 - ok07:29:56.0515 3664 aic78xx - ok07:29:56.0578 3664 AliIde - ok07:29:56.0640 3664 amsint - ok07:29:56.0703 3664 asc - ok07:29:56.0765 3664 asc3350p - ok07:29:56.0812 3664 asc3550 - ok07:29:56.0921 3664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys07:29:56.0921 3664 AsyncMac - ok07:29:57.0031 3664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys07:29:57.0031 3664 atapi - ok07:29:57.0125 3664 Atdisk - ok07:29:57.0281 3664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys07:29:57.0281 3664 Atmarpc - ok07:29:57.0390 3664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys07:29:57.0390 3664 audstub - ok07:29:57.0500 3664 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS07:29:57.0500 3664 BCM42RLY - ok07:29:57.0625 3664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys07:29:57.0625 3664 Beep - ok07:29:57.0656 3664 catchme - ok07:29:57.0750 3664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys07:29:57.0750 3664 cbidf2k - ok07:29:57.0828 3664 cd20xrnt - ok07:29:57.0921 3664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys07:29:57.0921 3664 Cdaudio - ok07:29:58.0015 3664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys07:29:58.0031 3664 Cdfs - ok07:29:58.0140 3664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys07:29:58.0140 3664 Cdrom - ok07:29:58.0250 3664 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys07:29:58.0250 3664 cercsr6 - ok07:29:58.0359 3664 CmdIde - ok07:29:58.0437 3664 Cpqarray - ok07:29:58.0531 3664 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys07:29:58.0531 3664 ctljystk - ok07:29:58.0609 3664 dac2w2k - ok07:29:58.0671 3664 dac960nt - ok07:29:58.0781 3664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys07:29:58.0781 3664 Disk - ok07:29:58.0875 3664 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS07:29:58.0875 3664 DM9102 - ok07:29:59.0015 3664 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys07:29:59.0046 3664 dmboot - ok07:29:59.0156 3664 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys07:29:59.0171 3664 dmio - ok07:29:59.0281 3664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys07:29:59.0281 3664 dmload - ok07:29:59.0390 3664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys07:29:59.0390 3664 DMusic - ok07:29:59.0468 3664 dpti2o - ok07:29:59.0562 3664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys07:29:59.0562 3664 drmkaud - ok07:29:59.0703 3664 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys07:29:59.0718 3664 emu10k - ok07:29:59.0812 3664 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys07:29:59.0812 3664 emu10k1 - ok07:29:59.0937 3664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys07:29:59.0937 3664 Fastfat - ok07:30:00.0062 3664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys07:30:00.0062 3664 Fdc - ok07:30:00.0171 3664 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys07:30:00.0171 3664 Fips - ok07:30:00.0281 3664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys07:30:00.0296 3664 Flpydisk - ok07:30:00.0390 3664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys07:30:00.0390 3664 FltMgr - ok07:30:00.0484 3664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys07:30:00.0484 3664 Fs_Rec - ok07:30:00.0593 3664 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys07:30:00.0593 3664 Ftdisk - ok07:30:00.0687 3664 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys07:30:00.0687 3664 gameenum - ok07:30:00.0796 3664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys07:30:00.0796 3664 Gpc - ok07:30:00.0906 3664 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys07:30:00.0906 3664 hidusb - ok07:30:00.0968 3664 hpn - ok07:30:01.0062 3664 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys07:30:01.0062 3664 HPZid412 - ok07:30:01.0156 3664 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys07:30:01.0156 3664 HPZipr12 - ok07:30:01.0281 3664 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys07:30:01.0281 3664 HPZius12 - ok07:30:01.0406 3664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys07:30:01.0406 3664 HTTP - ok07:30:01.0468 3664 i2omp - ok07:30:01.0562 3664 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys07:30:01.0578 3664 i8042prt - ok07:30:01.0687 3664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys07:30:01.0687 3664 Imapi - ok07:30:01.0750 3664 ini910u - ok07:30:01.0859 3664 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys07:30:01.0859 3664 IntelIde - ok07:30:01.0953 3664 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys07:30:01.0953 3664 intelppm - ok07:30:02.0046 3664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys07:30:02.0046 3664 Ip6Fw - ok07:30:02.0156 3664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys07:30:02.0156 3664 IpFilterDriver - ok07:30:02.0281 3664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys07:30:02.0281 3664 IpInIp - ok07:30:02.0390 3664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys07:30:02.0390 3664 IpNat - ok07:30:02.0500 3664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys07:30:02.0500 3664 IPSec - ok07:30:02.0593 3664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys07:30:02.0593 3664 IRENUM - ok07:30:02.0703 3664 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys07:30:02.0703 3664 isapnp - ok07:30:02.0812 3664 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys07:30:02.0812 3664 Kbdclass - ok07:30:02.0890 3664 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys07:30:02.0906 3664 kbdhid - ok07:30:03.0000 3664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys07:30:03.0000 3664 kmixer - ok07:30:03.0093 3664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys07:30:03.0109 3664 KSecDD - ok07:30:03.0218 3664 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys07:30:03.0218 3664 Lbd - ok07:30:03.0328 3664 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys07:30:03.0328 3664 MBAMProtector - ok07:30:03.0453 3664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys07:30:03.0453 3664 mnmdd - ok07:30:03.0546 3664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys07:30:03.0546 3664 Modem - ok07:30:03.0656 3664 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys07:30:03.0656 3664 Mouclass - ok07:30:03.0765 3664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys07:30:03.0765 3664 mouhid - ok07:30:03.0859 3664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys07:30:03.0859 3664 MountMgr - ok07:30:03.0921 3664 mraid35x - ok07:30:04.0031 3664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys07:30:04.0046 3664 MRxDAV - ok07:30:04.0156 3664 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys07:30:04.0187 3664 MRxSmb - ok07:30:04.0343 3664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys07:30:04.0343 3664 Msfs - ok07:30:04.0437 3664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys07:30:04.0437 3664 MSKSSRV - ok07:30:04.0546 3664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys07:30:04.0546 3664 MSPCLOCK - ok07:30:04.0640 3664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys07:30:04.0640 3664 MSPQM - ok07:30:04.0734 3664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys07:30:04.0734 3664 mssmbios - ok07:30:04.0843 3664 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys07:30:04.0859 3664 Mup - ok07:30:04.0984 3664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys07:30:05.0000 3664 NDIS - ok07:30:05.0109 3664 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys07:30:05.0109 3664 NdisTapi - ok07:30:05.0203 3664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys07:30:05.0203 3664 Ndisuio - ok07:30:05.0328 3664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys07:30:05.0328 3664 NdisWan - ok07:30:05.0421 3664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys07:30:05.0421 3664 NDProxy - ok07:30:05.0531 3664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys07:30:05.0531 3664 NetBIOS - ok07:30:05.0625 3664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys07:30:05.0640 3664 NetBT - ok07:30:05.0765 3664 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys07:30:05.0765 3664 npf - ok07:30:05.0859 3664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys07:30:05.0859 3664 Npfs - ok07:30:05.0984 3664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys07:30:06.0000 3664 Ntfs - ok07:30:06.0125 3664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys07:30:06.0125 3664 Null - ok07:30:06.0406 3664 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys07:30:06.0531 3664 nv - ok07:30:06.0656 3664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys07:30:06.0656 3664 NwlnkFlt - ok07:30:06.0750 3664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys07:30:06.0750 3664 NwlnkFwd - ok07:30:06.0859 3664 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys07:30:06.0875 3664 NwlnkIpx - ok07:30:06.0953 3664 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys07:30:06.0953 3664 NwlnkNb - ok07:30:07.0078 3664 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys07:30:07.0078 3664 NwlnkSpx - ok07:30:07.0203 3664 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys07:30:07.0203 3664 Parport - ok07:30:07.0312 3664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys07:30:07.0312 3664 PartMgr - ok07:30:07.0406 3664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys07:30:07.0406 3664 ParVdm - ok07:30:07.0515 3664 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys07:30:07.0515 3664 PCI - ok07:30:07.0578 3664 PCIDump - ok07:30:07.0656 3664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys07:30:07.0656 3664 PCIIde - ok07:30:07.0750 3664 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys07:30:07.0765 3664 Pcmcia - ok07:30:07.0828 3664 perc2 - ok07:30:07.0890 3664 perc2hib - ok07:30:08.0015 3664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys07:30:08.0015 3664 PptpMiniport - ok07:30:08.0125 3664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys07:30:08.0140 3664 PSched - ok07:30:08.0234 3664 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\WINDOWS\system32\Drivers\pssdk42.sys07:30:08.0234 3664 PSSDK42 - ok07:30:08.0359 3664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys07:30:08.0359 3664 Ptilink - ok07:30:08.0468 3664 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys07:30:08.0468 3664 PxHelp20 - ok07:30:08.0531 3664 ql1080 - ok07:30:08.0578 3664 Ql10wnt - ok07:30:08.0640 3664 ql12160 - ok07:30:08.0687 3664 ql1240 - ok07:30:08.0750 3664 ql1280 - ok07:30:08.0828 3664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys07:30:08.0828 3664 RasAcd - ok07:30:08.0937 3664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys07:30:08.0937 3664 Rasl2tp - ok07:30:09.0046 3664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys07:30:09.0062 3664 RasPppoe - ok07:30:09.0156 3664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys07:30:09.0156 3664 Raspti - ok07:30:09.0281 3664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys07:30:09.0281 3664 Rdbss - ok07:30:09.0390 3664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys07:30:09.0390 3664 RDPCDD - ok07:30:09.0484 3664 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys07:30:09.0500 3664 rdpdr - ok07:30:09.0625 3664 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys07:30:09.0625 3664 RDPWD - ok07:30:09.0750 3664 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys07:30:09.0750 3664 redbook - ok07:30:09.0843 3664 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys07:30:09.0859 3664 RimUsb - ok07:30:09.0984 3664 RT2500 (4b6f7b6c966e90a55102daa107f44934) C:\WINDOWS\system32\DRIVERS\RT2500.sys07:30:10.0000 3664 RT2500 - ok07:30:10.0062 3664 SASKUTIL - ok07:30:10.0187 3664 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys07:30:10.0187 3664 SCDEmu - ok07:30:10.0296 3664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys07:30:10.0296 3664 Secdrv - ok07:30:10.0406 3664 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys07:30:10.0406 3664 serenum - ok07:30:10.0515 3664 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys07:30:10.0515 3664 Serial - ok07:30:10.0656 3664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys07:30:10.0656 3664 Sfloppy - ok07:30:10.0750 3664 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys07:30:10.0750 3664 sfman - ok07:30:10.0828 3664 Simbad - ok07:30:10.0890 3664 Sparrow - ok07:30:10.0984 3664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys07:30:11.0000 3664 splitter - ok07:30:11.0109 3664 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys07:30:11.0109 3664 sr - ok07:30:11.0250 3664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys07:30:11.0281 3664 Srv - ok07:30:11.0406 3664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys07:30:11.0406 3664 swenum - ok07:30:11.0500 3664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys07:30:11.0515 3664 swmidi - ok07:30:11.0578 3664 symc810 - ok07:30:11.0656 3664 symc8xx - ok07:30:11.0703 3664 sym_hi - ok07:30:11.0765 3664 sym_u3 - ok07:30:11.0843 3664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys07:30:11.0843 3664 sysaudio - ok07:30:11.0968 3664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys07:30:11.0984 3664 Tcpip - ok07:30:12.0109 3664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys07:30:12.0109 3664 TDPIPE - ok07:30:12.0218 3664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys07:30:12.0218 3664 TDTCP - ok07:30:12.0328 3664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys07:30:12.0328 3664 TermDD - ok07:30:12.0406 3664 TosIde - ok07:30:12.0515 3664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys07:30:12.0515 3664 Udfs - ok07:30:12.0593 3664 ultra - ok07:30:12.0703 3664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys07:30:12.0718 3664 Update - ok07:30:12.0875 3664 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys07:30:12.0875 3664 usbaudio - ok07:30:12.0968 3664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys07:30:12.0968 3664 usbccgp - ok07:30:13.0093 3664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys07:30:13.0093 3664 usbehci - ok07:30:13.0203 3664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys07:30:13.0203 3664 usbhub - ok07:30:13.0296 3664 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys07:30:13.0296 3664 usbprint - ok07:30:13.0390 3664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys07:30:13.0406 3664 usbscan - ok07:30:13.0515 3664 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS07:30:13.0515 3664 USBSTOR - ok07:30:13.0609 3664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys07:30:13.0609 3664 usbuhci - ok07:30:13.0718 3664 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys07:30:13.0718 3664 USB_RNDIS - ok07:30:13.0828 3664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys07:30:13.0828 3664 VgaSave - ok07:30:13.0890 3664 ViaIde - ok07:30:14.0000 3664 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys07:30:14.0000 3664 VolSnap - ok07:30:14.0109 3664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys07:30:14.0125 3664 Wanarp - ok07:30:14.0234 3664 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys07:30:14.0265 3664 Wdf01000 - ok07:30:14.0390 3664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys07:30:14.0390 3664 wdmaud - ok07:30:14.0531 3664 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys07:30:14.0531 3664 WinUSB - ok07:30:14.0703 3664 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys07:30:14.0703 3664 WudfPf - ok07:30:14.0812 3664 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys07:30:14.0812 3664 WudfRd - ok07:30:14.0875 3664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR007:30:15.0000 3664 \Device\Harddisk0\DR0 - ok07:30:15.0015 3664 Boot (0x1200) (ce0b9a7473c6f11317dff6310a225bad) \Device\Harddisk0\DR0\Partition007:30:15.0015 3664 \Device\Harddisk0\DR0\Partition0 - ok07:30:15.0046 3664 Boot (0x1200) (3dc0a3373deda7f2aab27762dd21a599) \Device\Harddisk0\DR0\Partition107:30:15.0046 3664 \Device\Harddisk0\DR0\Partition1 - ok07:30:15.0046 3664 ============================================================07:30:15.0046 3664 Scan finished07:30:15.0046 3664 ============================================================07:30:15.0078 3856 Detected object count: 007:30:15.0078 3856 Actual detected object count: 0Does Firefox still need to be restored to defaults, I don't know what else I could do to help there. I disabled the add-ons.I still have the spybot program installed, should I remove it? Link to post Share on other sites More sharing options...
greatkibble Posted October 12, 2011 Author ID:484987 Share Posted October 12, 2011 Hey I did another TDSS scan with the first of the additional options added this time and I got this entry;"Physical drive: \Device\Harddisk0\DR0"It's classified as a medium threat object, what should I do about it cause I haven't take any actions yet.Also I guess that the combofix log is that long because of a recent update, sorry for the trouble Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 12, 2011 Root Admin ID:485010 Share Posted October 12, 2011 Yes, please reset Firefox.Yes for now please uninstall SUPERAntispyware and Spybot SD (we can reinstall fresh if you want when we are done)Download a new fresh copy of TDSSKILLER and temporarily disable your Anti-Virus and run it again now and post back the new one. Link to post Share on other sites More sharing options...
greatkibble Posted October 12, 2011 Author ID:485049 Share Posted October 12, 2011 14:29:28.0296 2284 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:5414:29:29.0015 2284 ============================================================14:29:29.0015 2284 Current date / time: 2011/10/12 14:29:29.001514:29:29.0015 2284 SystemInfo:14:29:29.0015 2284 14:29:29.0015 2284 OS Version: 5.1.2600 ServicePack: 3.014:29:29.0015 2284 Product type: Workstation14:29:29.0015 2284 ComputerName: UPGRADE14:29:29.0015 2284 UserName: C.Henry14:29:29.0015 2284 Windows directory: C:\WINDOWS14:29:29.0031 2284 System windows directory: C:\WINDOWS14:29:29.0031 2284 Processor architecture: Intel x8614:29:29.0031 2284 Number of processors: 114:29:29.0031 2284 Page size: 0x100014:29:29.0031 2284 Boot type: Normal boot14:29:29.0031 2284 ============================================================14:29:30.0078 2284 Initialize success14:29:34.0484 3596 ============================================================14:29:34.0484 3596 Scan started14:29:34.0484 3596 Mode: Manual; 14:29:34.0484 3596 ============================================================14:29:35.0656 3596 Abiosdsk - ok14:29:35.0687 3596 abp480n5 - ok14:29:35.0765 3596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys14:29:35.0765 3596 ACPI - ok14:29:35.0859 3596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys14:29:35.0859 3596 ACPIEC - ok14:29:35.0921 3596 adpu160m - ok14:29:36.0015 3596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys14:29:36.0031 3596 aec - ok14:29:36.0125 3596 AegisP (8d155386b3b032ea7513e19f8c8f80a7) C:\WINDOWS\system32\DRIVERS\AegisP.sys14:29:36.0125 3596 AegisP - ok14:29:36.0234 3596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys14:29:36.0234 3596 AFD - ok14:29:36.0359 3596 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys14:29:36.0359 3596 agp440 - ok14:29:36.0421 3596 Aha154x - ok14:29:36.0453 3596 aic78u2 - ok14:29:36.0500 3596 aic78xx - ok14:29:36.0546 3596 AliIde - ok14:29:36.0578 3596 amsint - ok14:29:36.0625 3596 asc - ok14:29:36.0656 3596 asc3350p - ok14:29:36.0687 3596 asc3550 - ok14:29:36.0781 3596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys14:29:36.0781 3596 AsyncMac - ok14:29:36.0890 3596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys14:29:36.0890 3596 atapi - ok14:29:36.0953 3596 Atdisk - ok14:29:37.0031 3596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys14:29:37.0031 3596 Atmarpc - ok14:29:37.0140 3596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys14:29:37.0140 3596 audstub - ok14:29:37.0250 3596 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS14:29:37.0250 3596 BCM42RLY - ok14:29:37.0359 3596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys14:29:37.0359 3596 Beep - ok14:29:37.0390 3596 catchme - ok14:29:37.0484 3596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys14:29:37.0484 3596 cbidf2k - ok14:29:37.0546 3596 cd20xrnt - ok14:29:37.0640 3596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys14:29:37.0640 3596 Cdaudio - ok14:29:37.0734 3596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys14:29:37.0734 3596 Cdfs - ok14:29:37.0828 3596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys14:29:37.0828 3596 Cdrom - ok14:29:37.0921 3596 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys14:29:37.0921 3596 cercsr6 - ok14:29:38.0015 3596 CmdIde - ok14:29:38.0078 3596 Cpqarray - ok14:29:38.0203 3596 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys14:29:38.0203 3596 ctljystk - ok14:29:38.0296 3596 dac2w2k - ok14:29:38.0359 3596 dac960nt - ok14:29:38.0453 3596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys14:29:38.0453 3596 Disk - ok14:29:38.0562 3596 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS14:29:38.0562 3596 DM9102 - ok14:29:38.0718 3596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys14:29:38.0718 3596 dmboot - ok14:29:38.0843 3596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys14:29:38.0843 3596 dmio - ok14:29:38.0953 3596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys14:29:38.0953 3596 dmload - ok14:29:39.0078 3596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys14:29:39.0078 3596 DMusic - ok14:29:39.0156 3596 dpti2o - ok14:29:39.0234 3596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys14:29:39.0234 3596 drmkaud - ok14:29:39.0343 3596 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys14:29:39.0343 3596 emu10k - ok14:29:39.0453 3596 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys14:29:39.0453 3596 emu10k1 - ok14:29:39.0562 3596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys14:29:39.0562 3596 Fastfat - ok14:29:39.0671 3596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys14:29:39.0671 3596 Fdc - ok14:29:39.0765 3596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys14:29:39.0765 3596 Fips - ok14:29:39.0859 3596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys14:29:39.0859 3596 Flpydisk - ok14:29:39.0984 3596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys14:29:39.0984 3596 FltMgr - ok14:29:40.0093 3596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys14:29:40.0093 3596 Fs_Rec - ok14:29:40.0203 3596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys14:29:40.0203 3596 Ftdisk - ok14:29:40.0296 3596 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys14:29:40.0296 3596 gameenum - ok14:29:40.0390 3596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys14:29:40.0390 3596 Gpc - ok14:29:40.0515 3596 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys14:29:40.0515 3596 hidusb - ok14:29:40.0578 3596 hpn - ok14:29:40.0671 3596 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys14:29:40.0671 3596 HPZid412 - ok14:29:40.0765 3596 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys14:29:40.0765 3596 HPZipr12 - ok14:29:40.0859 3596 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys14:29:40.0859 3596 HPZius12 - ok14:29:40.0984 3596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys14:29:40.0984 3596 HTTP - ok14:29:41.0046 3596 i2omp - ok14:29:41.0140 3596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys14:29:41.0140 3596 i8042prt - ok14:29:41.0265 3596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys14:29:41.0265 3596 Imapi - ok14:29:41.0328 3596 ini910u - ok14:29:41.0421 3596 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys14:29:41.0421 3596 IntelIde - ok14:29:41.0515 3596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys14:29:41.0515 3596 intelppm - ok14:29:41.0609 3596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys14:29:41.0609 3596 Ip6Fw - ok14:29:41.0718 3596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys14:29:41.0718 3596 IpFilterDriver - ok14:29:41.0812 3596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys14:29:41.0812 3596 IpInIp - ok14:29:41.0921 3596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys14:29:41.0921 3596 IpNat - ok14:29:42.0031 3596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys14:29:42.0031 3596 IPSec - ok14:29:42.0140 3596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys14:29:42.0140 3596 IRENUM - ok14:29:42.0234 3596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys14:29:42.0234 3596 isapnp - ok14:29:42.0343 3596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys14:29:42.0343 3596 Kbdclass - ok14:29:42.0437 3596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys14:29:42.0437 3596 kbdhid - ok14:29:42.0531 3596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys14:29:42.0531 3596 kmixer - ok14:29:42.0640 3596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys14:29:42.0640 3596 KSecDD - ok14:29:42.0734 3596 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys14:29:42.0734 3596 Lbd - ok14:29:42.0843 3596 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys14:29:42.0843 3596 MBAMProtector - ok14:29:42.0968 3596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys14:29:42.0968 3596 mnmdd - ok14:29:43.0078 3596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys14:29:43.0078 3596 Modem - ok14:29:43.0187 3596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys14:29:43.0187 3596 Mouclass - ok14:29:43.0296 3596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys14:29:43.0296 3596 mouhid - ok14:29:43.0421 3596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys14:29:43.0421 3596 MountMgr - ok14:29:43.0515 3596 mraid35x - ok14:29:43.0593 3596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys14:29:43.0609 3596 MRxDAV - ok14:29:43.0734 3596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys14:29:43.0734 3596 MRxSmb - ok14:29:43.0890 3596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys14:29:43.0890 3596 Msfs - ok14:29:43.0984 3596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys14:29:43.0984 3596 MSKSSRV - ok14:29:44.0109 3596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys14:29:44.0109 3596 MSPCLOCK - ok14:29:44.0203 3596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys14:29:44.0203 3596 MSPQM - ok14:29:44.0312 3596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys14:29:44.0312 3596 mssmbios - ok14:29:44.0421 3596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys14:29:44.0421 3596 Mup - ok14:29:44.0531 3596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys14:29:44.0531 3596 NDIS - ok14:29:44.0625 3596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys14:29:44.0625 3596 NdisTapi - ok14:29:44.0734 3596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys14:29:44.0750 3596 Ndisuio - ok14:29:44.0843 3596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys14:29:44.0843 3596 NdisWan - ok14:29:44.0953 3596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys14:29:44.0953 3596 NDProxy - ok14:29:45.0093 3596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys14:29:45.0109 3596 NetBIOS - ok14:29:45.0234 3596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys14:29:45.0250 3596 NetBT - ok14:29:45.0375 3596 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys14:29:45.0375 3596 npf - ok14:29:45.0468 3596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys14:29:45.0468 3596 Npfs - ok14:29:45.0593 3596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys14:29:45.0593 3596 Ntfs - ok14:29:45.0734 3596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys14:29:45.0734 3596 Null - ok14:29:46.0000 3596 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys14:29:46.0031 3596 nv - ok14:29:46.0156 3596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys14:29:46.0156 3596 NwlnkFlt - ok14:29:46.0250 3596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys14:29:46.0250 3596 NwlnkFwd - ok14:29:46.0359 3596 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys14:29:46.0359 3596 NwlnkIpx - ok14:29:46.0453 3596 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys14:29:46.0453 3596 NwlnkNb - ok14:29:46.0562 3596 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys14:29:46.0562 3596 NwlnkSpx - ok14:29:46.0671 3596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys14:29:46.0671 3596 Parport - ok14:29:46.0765 3596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys14:29:46.0765 3596 PartMgr - ok14:29:46.0875 3596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys14:29:46.0875 3596 ParVdm - ok14:29:47.0015 3596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys14:29:47.0015 3596 PCI - ok14:29:47.0093 3596 PCIDump - ok14:29:47.0218 3596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys14:29:47.0218 3596 PCIIde - ok14:29:47.0328 3596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys14:29:47.0328 3596 Pcmcia - ok14:29:47.0406 3596 perc2 - ok14:29:47.0453 3596 perc2hib - ok14:29:47.0578 3596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys14:29:47.0578 3596 PptpMiniport - ok14:29:47.0671 3596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys14:29:47.0687 3596 PSched - ok14:29:47.0781 3596 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\WINDOWS\system32\Drivers\pssdk42.sys14:29:47.0781 3596 PSSDK42 - ok14:29:47.0875 3596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys14:29:47.0875 3596 Ptilink - ok14:29:47.0984 3596 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys14:29:47.0984 3596 PxHelp20 - ok14:29:48.0078 3596 ql1080 - ok14:29:48.0171 3596 Ql10wnt - ok14:29:48.0250 3596 ql12160 - ok14:29:48.0343 3596 ql1240 - ok14:29:48.0437 3596 ql1280 - ok14:29:48.0562 3596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys14:29:48.0562 3596 RasAcd - ok14:29:48.0671 3596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys14:29:48.0671 3596 Rasl2tp - ok14:29:48.0781 3596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys14:29:48.0781 3596 RasPppoe - ok14:29:48.0890 3596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys14:29:48.0890 3596 Raspti - ok14:29:49.0031 3596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys14:29:49.0031 3596 Rdbss - ok14:29:49.0140 3596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys14:29:49.0140 3596 RDPCDD - ok14:29:49.0281 3596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys14:29:49.0281 3596 rdpdr - ok14:29:49.0375 3596 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys14:29:49.0375 3596 RDPWD - ok14:29:49.0500 3596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys14:29:49.0500 3596 redbook - ok14:29:49.0593 3596 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys14:29:49.0593 3596 RimUsb - ok14:29:49.0718 3596 RT2500 (4b6f7b6c966e90a55102daa107f44934) C:\WINDOWS\system32\DRIVERS\RT2500.sys14:29:49.0718 3596 RT2500 - ok14:29:49.0812 3596 SASKUTIL - ok14:29:49.0921 3596 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys14:29:49.0921 3596 SCDEmu - ok14:29:50.0046 3596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys14:29:50.0046 3596 Secdrv - ok14:29:50.0171 3596 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys14:29:50.0171 3596 serenum - ok14:29:50.0281 3596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys14:29:50.0281 3596 Serial - ok14:29:50.0406 3596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys14:29:50.0406 3596 Sfloppy - ok14:29:50.0515 3596 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys14:29:50.0515 3596 sfman - ok14:29:50.0578 3596 Simbad - ok14:29:50.0656 3596 Sparrow - ok14:29:50.0734 3596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys14:29:50.0734 3596 splitter - ok14:29:50.0843 3596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys14:29:50.0843 3596 sr - ok14:29:50.0984 3596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys14:29:50.0984 3596 Srv - ok14:29:51.0109 3596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys14:29:51.0109 3596 swenum - ok14:29:51.0218 3596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys14:29:51.0218 3596 swmidi - ok14:29:51.0296 3596 symc810 - ok14:29:51.0343 3596 symc8xx - ok14:29:51.0406 3596 sym_hi - ok14:29:51.0453 3596 sym_u3 - ok14:29:51.0546 3596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys14:29:51.0546 3596 sysaudio - ok14:29:51.0687 3596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys14:29:51.0687 3596 Tcpip - ok14:29:51.0812 3596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys14:29:51.0812 3596 TDPIPE - ok14:29:51.0906 3596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys14:29:51.0921 3596 TDTCP - ok14:29:52.0031 3596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys14:29:52.0031 3596 TermDD - ok14:29:52.0109 3596 TosIde - ok14:29:52.0203 3596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys14:29:52.0203 3596 Udfs - ok14:29:52.0281 3596 ultra - ok14:29:52.0390 3596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys14:29:52.0390 3596 Update - ok14:29:52.0531 3596 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys14:29:52.0531 3596 usbaudio - ok14:29:52.0625 3596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys14:29:52.0625 3596 usbccgp - ok14:29:52.0734 3596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys14:29:52.0734 3596 usbehci - ok14:29:52.0843 3596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys14:29:52.0843 3596 usbhub - ok14:29:52.0937 3596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys14:29:52.0937 3596 usbprint - ok14:29:53.0046 3596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys14:29:53.0046 3596 usbscan - ok14:29:53.0156 3596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS14:29:53.0156 3596 USBSTOR - ok14:29:53.0281 3596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys14:29:53.0281 3596 usbuhci - ok14:29:53.0406 3596 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys14:29:53.0406 3596 USB_RNDIS - ok14:29:53.0500 3596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys14:29:53.0500 3596 VgaSave - ok14:29:53.0578 3596 ViaIde - ok14:29:53.0656 3596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys14:29:53.0656 3596 VolSnap - ok14:29:53.0765 3596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys14:29:53.0765 3596 Wanarp - ok14:29:53.0875 3596 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys14:29:53.0890 3596 Wdf01000 - ok14:29:54.0000 3596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys14:29:54.0015 3596 wdmaud - ok14:29:54.0203 3596 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys14:29:54.0203 3596 WinUSB - ok14:29:54.0359 3596 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys14:29:54.0359 3596 WudfPf - ok14:29:54.0453 3596 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys14:29:54.0453 3596 WudfRd - ok14:29:54.0515 3596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR014:29:54.0640 3596 \Device\Harddisk0\DR0 - ok14:29:54.0656 3596 Boot (0x1200) (ce0b9a7473c6f11317dff6310a225bad) \Device\Harddisk0\DR0\Partition014:29:54.0656 3596 \Device\Harddisk0\DR0\Partition0 - ok14:29:54.0671 3596 Boot (0x1200) (3dc0a3373deda7f2aab27762dd21a599) \Device\Harddisk0\DR0\Partition114:29:54.0671 3596 \Device\Harddisk0\DR0\Partition1 - ok14:29:54.0671 3596 ============================================================14:29:54.0671 3596 Scan finished14:29:54.0671 3596 ============================================================14:29:54.0687 3532 Detected object count: 014:29:54.0687 3532 Actual detected object count: 0Ok I went a little advanced now and I think Firefox is restored to defaults.I deleted as much traces of the other two I could find; if there are more traces, I don't know where to look. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 12, 2011 Root Admin ID:485073 Share Posted October 12, 2011 Good, The TDSSKILLER log looks okay.14:29:54.0671 3596 \Device\Harddisk0\DR0\Partition1 - okAre there any signs of an infection still ?Please post one more new DDS scan log and see where we're at now. Thanks Link to post Share on other sites More sharing options...
greatkibble Posted October 12, 2011 Author ID:485080 Share Posted October 12, 2011 Things do seem optimistic infection wise. I can't see any obvious signs of infection but who knows if I still am. DDS log;.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by C.Henry at 16:15:53 on 2011-10-12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1255 [GMT -4:00].AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Nero\Update\NASvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\WINDOWS\explorer.exeC:\Documents and Settings\C.Henry.UPGRADE\Application Data\mjusbsp\magicJack.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exe.============== Pseudo HJT Report ===============.mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tu2011\winstyler\tu_logonui.exeBHO: AutorunsDisabled - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dllBHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:\program files\corestreet\spoofstick\SpoofStickBHO.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dlluRun: [cdloader] "c:\documents and settings\c.henry.upgrade\application data\mjusbsp\cdloader2.exe" MAGICJACKuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290136917968DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282520954890DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 63.245.66.41 63.245.66.42TCP: Interfaces\{031219DC-6F85-4FF2-B3BF-A18390BC98F3} : DhcpNameServer = 63.245.66.41 63.245.66.42TCP: Interfaces\{B0976CA2-33CD-4EFD-AAC2-6DCFB3AB5BF8} : DhcpNameServer = 63.245.66.41 63.245.66.42Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\c.henry.upgrade\application data\mozilla\firefox\profiles\5iierj4b.default\.---- FIREFOX POLICIES ----# Mozilla User Preferences/* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1317645442FF - user.js: app.update.lastUpdateTime.background-update-timer - 1317645682FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1317645562FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1317680467FF - user.js: browser.bookmarks.restore_default_bookmarks - falseFF - user.js: browser.cache.disk.capacity - 1048576FF - user.js: browser.cache.disk.smart_size.first_run - falseFF - user.js: browser.cache.disk.smart_size_cached_value - 640000FF - user.js: browser.download.lastDir - c:\\documents and settings\\c.henry.upgrade\\DesktopFF - user.js: browser.download.manager.alertOnEXEOpen - trueFF - user.js: browser.download.useDownloadDir - falseFF - user.js: browser.migration.version - 5FF - user.js: browser.places.smartBookmarksVersion - 2FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - trueFF - user.js: browser.rights.3.shown - trueFF - user.js: browser.startup.homepage_override.buildID - 20110928134238FF - user.js: browser.startup.homepage_override.mstone - rv:7.0.1FF - user.js: browser.syncPromoViewsLeft - 2FF - user.js: dom.disable_window_flip - falseFF - user.js: extensions.blocklist.pingCountTotal - 2FF - user.js: extensions.blocklist.pingCountVersion - 2FF - user.js: extensions.bootstrappedAddons - {}FF - user.js: extensions.databaseSchema - 5FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806,{972ce4c6-7e08-4474-a285-3208198ce6fd}:7.0.1FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\html5video\,\mtime\:1302093671134},\{6904342a-8307-11df-a508-4ae2dfd72085}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\wpa\,\mtime\:1302093671822},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1287015690781},\{ffb96cc1-7eb3-449d-b827-db661701c6bb}\:{\descriptor\:\c:\\\\program files\\\\checkpoint\\\\zaforcefield\\\\trustchecker\,\mtime\:1317440292281},\{1e73965b-8b48-48be-9c8d-68b920abc1c4}\:{\descriptor\:\c:\\\\program files\\\\avg\\\\avg2012\\\\firefox4\,\mtime\:1316704857625}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1317527281437}}}]FF - user.js: extensions.lastAppVersion - 7.0.1FF - user.js: extensions.lastPlatformVersion - 7.0.1FF - user.js: extensions.pendingOperations - falseFF - user.js: font.internaluseonly.changed - trueFF - user.js: gfx.blacklist.direct2d - 3FF - user.js: gfx.blacklist.layers.direct3d10 - 3FF - user.js: gfx.blacklist.layers.direct3d10-1 - 3FF - user.js: gfx.blacklist.layers.direct3d9 - 3FF - user.js: gfx.blacklist.layers.opengl - 3FF - user.js: gfx.blacklist.webgl.angle - 3FF - user.js: gfx.blacklist.webgl.opengl - 3FF - user.js: idle.lastDailyNotification - 1317649027FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8FF - user.js: network.cookie.prefsMigrated - trueFF - user.js: places.database.lastMaintenance - 1317649027FF - user.js: places.history.expiration.transient_current_max_pages - 42924FF - user.js: pref.advanced.javascript.disable_button.advanced - falseFF - user.js: privacy.sanitize.migrateFx3Prefs - trueFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: storage.vacuum.last.index - 1FF - user.js: storage.vacuum.last.places.sqlite - 1317523296FF - user.js: toolkit.telemetry.prompted - trueFF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1320113089FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - .============= SERVICES / DRIVERS ===============..=============== Created Last 30 ================..==================== Find3M ====================..============= FINISH: 16:16:10.62 ===============attach.zip Link to post <
Recommended Posts