Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

anti malware doctor virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 algore 81

algore 81

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 04 August 2010 - 02:45 PM

To whom it may concern

I have experienced problems with my computer ever since I started recieving fake alerts from anti malware doctor. Having use the self help guide on this website, malwarebytes and rkill appear to have resolved the majority of infections, but rootkit.bubnix remains! I have tried running malwarebytes several times to get rid of this bug, but although it is recognised after restart the bug will appear again on malwarebytes( full) scan.

Although the bug does not appear to have severe affects on my computer's performance and speed, I am experiencing internet connection problems. Weirdly when i attempt to connect to the internet on my desktop and then attempt to connect on my unaffected laptop, I cannot get a connection while my infected computer is running.

I would appreciate a quick reply and have attached dds and Gmer logs

Regards

algore 81

Attached Files

  • Attached File  ark.txt   18.14KB   6 downloads
  • Attached File  DDS.txt   18.94KB   7 downloads


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:58 PM

Posted 13 August 2010 - 06:55 AM

Hello algore 81

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 algore 81

algore 81
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 17 August 2010 - 02:52 PM

Hi kahdah

Appreciate the reply, after following your instructions and running OTL these were the results of the logs

OTL LOG:

OTL logfile created on: 15/08/2010 22:59:21 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Alex\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 407.63 Gb Total Space | 279.89 Gb Free Space | 68.66% Space Free | Partition Type: NTFS
Drive D: | 15.02 Gb Total Space | 15.02 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.64 Gb Total Space | 3.31 Gb Free Space | 90.83% Space Free | Partition Type: FAT32

Computer Name: ALEX-PC
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgscanx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgupd.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\wsqmcons.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
PRC - C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Apple Inc.)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Alex\AppData\Local\Temp\catchme.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://m.uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/02/07 21:56:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/04 22:24:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 21:55:42 | 000,000,000 | ---D | M]

[2010/02/07 22:03:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2010/02/05 16:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/25 09:27:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\cilnfc3j.default\extensions
[2010/02/07 22:03:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\cilnfc3j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/07 21:54:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/04 22:24:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/07/04 22:24:49 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/04 22:24:49 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/07/04 22:24:51 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/06/19 20:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/04/25 21:23:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/04/25 21:23:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/04/25 21:23:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/04/25 21:23:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/04/25 21:23:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/04/25 21:23:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/04/25 21:23:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/07/04 22:24:51 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/04 22:24:51 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/04 22:24:51 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/04 22:24:51 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/04 22:24:51 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/04 22:24:51 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/04 22:24:51 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/04 22:24:51 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/27 19:52:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SAFEOEM HotKeys] C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [NCInstallQueue] C:\Windows\System32\netman.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/16 10:18:26 | 000,000,126 | ---- | M] () - J:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/15 22:54:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010/08/03 23:39:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\gmer
[2010/07/27 19:55:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/27 19:52:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/07/27 19:41:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\temp
[2010/07/27 19:33:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/27 19:33:10 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/24 17:42:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/24 17:42:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/24 17:42:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/24 17:42:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/24 17:42:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/23 21:54:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/18 20:15:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\iqmbrybev
[2010/07/17 10:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2010/08/15 23:00:58 | 000,768,000 | ---- | M] () -- C:\Windows\System32\drivers\lbfybnb.sys
[2010/08/15 23:00:47 | 001,835,008 | -HS- | M] () -- C:\Users\Alex\NTUSER.DAT
[2010/08/15 22:56:56 | 000,006,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/15 22:56:56 | 000,006,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/15 22:55:58 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/15 22:55:58 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/15 22:55:58 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/15 22:52:13 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/15 22:49:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/15 22:49:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/15 22:48:56 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/14 22:47:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010/08/04 20:04:13 | 002,269,726 | -H-- | M] () -- C:\Users\Alex\AppData\Local\IconCache.db
[2010/08/03 23:42:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/02 23:36:18 | 000,284,915 | ---- | M] () -- C:\Users\Alex\Desktop\gmer.zip
[2010/07/27 19:52:37 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/27 19:52:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/26 19:14:53 | 062,552,093 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/23 21:55:42 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/23 19:35:16 | 003,742,760 | R--- | M] () -- C:\Users\Alex\Desktop\ComboFix.exe
[2010/07/18 23:13:12 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2010/08/03 23:39:02 | 000,284,915 | ---- | C] () -- C:\Users\Alex\Desktop\gmer.zip
[2010/07/24 17:42:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/24 17:42:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/24 17:42:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/24 17:42:54 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/24 17:42:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/24 17:41:12 | 003,742,760 | R--- | C] () -- C:\Users\Alex\Desktop\ComboFix.exe
[2010/07/23 21:55:08 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/18 20:16:15 | 000,768,000 | ---- | C] () -- C:\Windows\System32\drivers\lbfybnb.sys
[2010/07/04 13:41:56 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1018.dll
[2009/10/04 16:27:39 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/30 13:09:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2010/07/27 19:29:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
[2010/02/07 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Steganos
[2010/02/07 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Trusteer
[2010/07/10 22:47:25 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/02/08 05:46:24 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/27 19:55:19 | 000,022,907 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/15 22:48:56 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/26 23:12:17 | 000,152,671 | ---- | M] () -- C:\M1319.log
[2010/08/15 22:48:59 | 3220,496,384 | -HS- | M] () -- C:\pagefile.sys
[2010/08/03 23:18:26 | 000,000,317 | ---- | M] () -- C:\rkill.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/15 20:37:13 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/03 09:39:05 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/07/15 20:37:17 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/15 23:03:55 | 000,768,000 | ---- | M] () -- C:\Windows\System32\drivers\lbfybnb.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/01/30 17:00:00 | 000,049,152 | ---- | M] (Zenographics, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 10:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 10:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
[2007/12/10 01:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\ZIMFPRNT.DLL

< End of report >

Extras Log

OTL Extras logfile created on: 15/08/2010 22:59:21 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Alex\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 407.63 Gb Total Space | 279.89 Gb Free Space | 68.66% Space Free | Partition Type: NTFS
Drive D: | 15.02 Gb Total Space | 15.02 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.64 Gb Total Space | 3.31 Gb Free Space | 90.83% Space Free | Partition Type: FAT32

Computer Name: ALEX-PC
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE9F7747-0350-4E02-B115-6A2C92F5FA54}" = Corel Home Office
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AVG9Uninstall" = AVG Free 9.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"Rapport_msi" = Rapport
"Spotify" = Spotify
"Veetle TV" = Veetle TV 0.9.16
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

I would appreciate further assistance as soon as possible



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:58 PM

Posted 17 August 2010 - 05:40 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    [2010/07/18 20:15:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\iqmbrybev
    [2010/08/15 23:00:58 | 000,768,000 | ---- | M] () -- C:\Windows\System32\drivers\lbfybnb.sys

    :files
    %WinDir%\System32\drivers\nuxrks.sys    

    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
==========
Then delete your version of Combofix and do the following:
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 algore 81

algore 81
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 18 August 2010 - 02:52 PM

Hey

Have ran OTl and Combofix these were the results:

OTL:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Folder C:\Users\Alex\AppData\Local\iqmbrybev\ not found.
File C:\Windows\System32\drivers\lbfybnb.sys not found.
========== FILES ==========
File/Folder C:\Windows\System32\drivers\nuxrks.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 931 bytes
->Temporary Internet Files folder emptied: 52744 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 202020 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08182010_203223

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Combofix:
ComboFix 10-08-17.04 - Alex 18/08/2010 20:41:04.4.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3071.1830 [GMT 1:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 19:46 . 2010-08-18 19:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-18 19:46 . 2010-08-18 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-18 19:38 . 2010-08-18 19:39 -------- d-----w- C:\32788R22FWJFW
2010-08-18 19:24 . 2010-08-18 19:24 -------- d-----w- C:\_OTL
2010-08-15 22:12 . 2010-08-15 22:12 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-15 22:09 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-15 22:09 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-15 22:09 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-15 22:08 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-15 22:08 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-15 22:08 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-15 22:08 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-15 22:08 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-15 22:08 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-08-15 22:08 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-15 22:08 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-15 22:08 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-15 22:05 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll
2010-07-27 18:41 . 2010-08-18 19:46 -------- d-----w- c:\users\Alex\AppData\Local\temp
2010-07-21 21:50 . 2010-07-21 21:50 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-21 21:50 . 2010-07-21 21:50 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 21:50 . 2010-07-21 21:50 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 19:36 . 2009-10-02 22:27 -------- d-----w- c:\users\Alex\AppData\Roaming\Skype
2010-08-18 19:05 . 2009-10-02 22:30 -------- d-----w- c:\users\Alex\AppData\Roaming\skypePM
2010-08-15 22:13 . 2009-07-30 13:28 -------- d-----w- c:\program files\Microsoft Works
2010-08-15 22:12 . 2009-07-30 13:30 -------- d-----w- c:\programdata\Microsoft Help
2010-07-27 18:29 . 2009-10-02 22:34 -------- d-----w- c:\users\Alex\AppData\Roaming\Spotify
2010-07-23 20:55 . 2009-07-30 14:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-22 21:48 . 2010-02-04 20:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 06:26 . 2009-07-30 14:00 -------- d-----w- c:\program files\Microsoft
2010-07-17 09:25 . 2010-07-17 09:25 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 19:37 . 2010-07-15 19:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:37 . 2009-12-04 23:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:37 . 2009-12-04 23:35 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-04 12:42 . 2010-07-04 12:41 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-04 12:41 . 2010-07-04 12:41 -------- d--h--w- c:\program files\Zenographics
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-03 08:39 . 2009-12-04 23:35 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 07:24 . 2010-06-16 21:15 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-16 21:15 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-24_16.50.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-15 22:08 . 2010-07-29 06:17 82944 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.20767_none_6d1a5a1e52cef174\iccvid.dll
+ 2010-08-15 22:08 . 2010-07-29 06:30 82944 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.16646_none_6ca55ce139a20071\iccvid.dll
+ 2010-08-15 22:08 . 2010-06-19 06:27 37376 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7600.20738_none_0dae9d2b64c07c9d\rtutils.dll
+ 2010-08-15 22:08 . 2010-06-19 06:23 37376 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7600.16617_none_0d399fee4b938b9a\rtutils.dll
+ 2010-08-15 22:05 . 2010-06-23 07:48 16896 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.20741_none_bc3106d6224073e6\iecompat.dll
+ 2010-08-15 22:05 . 2010-06-23 07:48 16896 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.16620_none_bbbc0999091382e3\iecompat.dll
+ 2010-08-15 22:05 . 2010-06-30 06:12 12800 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20745_none_17936e91cc14b92e\msfeedssync.exe
+ 2010-08-15 22:05 . 2010-06-30 06:15 64512 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20745_none_17936e91cc14b92e\msfeedsbs.dll
+ 2010-08-15 22:05 . 2010-06-30 06:19 12800 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16625_none_171f719eb2e6e182\msfeedssync.exe
+ 2010-08-15 22:05 . 2010-06-30 06:22 64512 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16625_none_171f719eb2e6e182\msfeedsbs.dll
+ 2010-08-15 22:05 . 2010-06-30 06:18 68608 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\WininetPlugin.dll
+ 2010-08-15 22:05 . 2010-06-30 06:15 48128 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\jsproxy.dll
+ 2010-08-15 22:05 . 2010-06-30 06:25 68608 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\WininetPlugin.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 48128 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\jsproxy.dll
+ 2010-02-08 20:12 . 2010-08-18 19:35 32430 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-18 19:35 39296 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-08 20:12 . 2010-08-18 19:27 10794 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3952548256-1655230354-2450881779-1000_UserData.bin
- 2009-07-13 23:42 . 2009-07-14 01:14 12800 c:\windows\System32\msfeedssync.exe
+ 2010-08-15 22:05 . 2010-06-30 06:19 12800 c:\windows\System32\msfeedssync.exe
- 2010-06-16 21:16 . 2010-05-06 12:41 64512 c:\windows\System32\msfeedsbs.dll
+ 2010-08-15 22:05 . 2010-06-30 06:22 64512 c:\windows\System32\msfeedsbs.dll
- 2010-06-16 21:16 . 2010-05-21 05:18 68608 c:\windows\System32\migration\WininetPlugin.dll
+ 2010-08-15 22:05 . 2010-06-30 06:25 68608 c:\windows\System32\migration\WininetPlugin.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 48128 c:\windows\System32\jsproxy.dll
- 2010-06-16 21:16 . 2010-05-21 05:14 48128 c:\windows\System32\jsproxy.dll
+ 2010-02-07 20:51 . 2010-08-18 19:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-07 20:51 . 2010-07-24 16:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-07 20:51 . 2010-07-24 16:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 20:51 . 2010-08-18 19:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-08-18 19:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-07-24 16:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-07 21:19 . 2010-08-18 19:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-07 21:19 . 2010-07-24 16:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-08-18 19:09 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-02-07 21:19 . 2010-07-24 16:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 21:19 . 2010-08-18 19:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 21:19 . 2010-08-18 19:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-07 21:19 . 2010-07-24 16:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-07 21:21 . 2010-07-24 16:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-07 21:21 . 2010-08-18 19:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-08 00:13 . 2010-08-18 19:24 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-08 00:13 . 2010-07-24 15:51 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-08 00:13 . 2010-08-18 19:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-08 00:13 . 2010-07-24 15:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-08 00:13 . 2010-07-24 15:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-02-08 00:13 . 2010-08-18 19:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-02-07 21:21 . 2010-08-18 19:34 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-07 21:21 . 2010-07-24 16:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 21:21 . 2010-08-18 19:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-07 21:21 . 2010-07-24 16:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-30 13:32 . 2010-06-16 22:38 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-07-30 13:32 . 2010-08-15 22:10 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-30 13:32 . 2010-06-16 22:38 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-30 13:32 . 2010-08-15 22:10 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-30 13:32 . 2010-06-16 22:38 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-30 13:32 . 2010-08-15 22:10 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-06-16 22:37 . 2010-06-16 22:37 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-08-15 22:10 . 2010-08-15 22:10 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-07-30 13:29 . 2010-08-15 22:13 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
- 2009-07-30 13:29 . 2009-07-30 14:29 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2010-08-17 18:44 . 2010-08-17 18:44 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\527736f4c4da58f8c8c6fbb94bfe6fee\WindowsLiveWriter.ni.exe
+ 2010-08-17 18:44 . 2010-08-17 18:44 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4c305fd7c8eec3dfa0238446b21b229f\WindowsLive.Writer.Api.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a06f86c78df5896fab27ef63a467f757\UIAutomationProvider.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\101740bb080b93dcd57cca0b49561b5b\System.Windows.Presentation.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\55d21368f4ac5f01a2b5b3c2a06ef811\System.Web.DynamicData.Design.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\4f643751eda6cafe890f0884a6ec7392\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\89a9ddc116df21673f60cc7d1ed63e4b\System.AddIn.Contract.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\c0609e0a5700bea77d81ba5240c2a972\stdole.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\cda6307ec359333afe51ed90f61db564\PresentationFontCache.ni.exe
+ 2010-08-17 18:39 . 2010-08-17 18:39 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\e117973434189b11c49b65513d458a41\PresentationCFFRasterizer.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\b9b098b8dad203aa7fdfaa6976bcfa8d\napcrypt.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\80feaa74c880469ddc54e7708b2e8d7e\napcrypt.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\70c3c3c19342043f2cc3a206aa74e37a\Microsoft.WSMan.Runtime.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\9b6716c352f7004b86f4c35b4513a13f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\976de9ec4c99b0ef317a57d76f3a1fbc\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\82d40129a13601e4838e17aca1db8ec0\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6bdeaf57d38696f68d160e90cdb6beaa\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4b6134d905d751a3042b7518fa25bc21\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\327d654b6c42b863acc07646977bf20a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\00a681c820369841bd03932d449cb706\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\246d74010afa232d3853e4f49c7a38eb\Microsoft.Vsa.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\190adbaf753e7744782406a71e7dcd7e\Microsoft.VisualC.ni.dll
+ 2010-08-17 18:45 . 2010-08-17 18:45 95232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5cd3613c86a19852e91eb066f36bafe2\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\380c330cdccc21935d6a4800ed5acf8b\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\37320799550691a787e6574b6899d0ee\Microsoft.Build.Framework.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\27dbf2aba276101442ddbe86a8665057\Microsoft.Build.Framework.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft-Windows-H#\a04a3004fb49fc2279ef45798938db55\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\LoadMxf\217c55606e2aaa5d8654a6535702e5ce\LoadMxf.ni.exe
+ 2010-08-17 18:44 . 2010-08-17 18:44 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ef5fbf785736915b65eb5ce54e301b4d\ehiUserXp.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUPnP\fddbfe6c3475fe8642eaf22d8a41f146\ehiUPnP.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiTVMSMusic\d633e90dafd83c1230be7aa2482a2bfc\ehiTVMSMusic.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 82432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiiTv\a2869c539b5d125e3b84e911bf97fd0a\ehiiTv.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 33792 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiBmlDataCarousel\2afc39edbeea505de69abb56de685162\ehiBmlDataCarousel.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiActivScp\cb91654e0a271c4e3b631e5ff0647eba\ehiActivScp.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a0fb35ff977ffedbdb27f7262c979d3e\dfsvc.ni.exe
+ 2010-08-17 18:39 . 2010-08-17 18:39 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.20728_none_891219a11113f34b\msxml3r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16605_none_889b1bcff7e8cf9a\msxml3r.dll
+ 2010-08-18 19:33 . 2010-08-18 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-24 16:36 . 2010-07-24 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-18 19:33 . 2010-08-18 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-07-24 16:36 . 2010-07-24 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-15 22:08 . 2010-05-20 22:43 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7600.20717_none_d1a2369ed0d2b389\SOS.dll
+ 2010-08-15 22:08 . 2010-05-20 22:49 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7600.16597_none_e877dfd2b7241dea\SOS.dll
+ 2010-08-15 22:08 . 2010-05-20 22:43 995672 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.1.7600.20717_none_e8d3eedddcddd774\mscordacwks.dll
+ 2010-08-15 22:08 . 2010-05-20 22:49 995160 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.1.7600.16597_none_ffa99811c32f41d5\mscordacwks.dll
+ 2010-08-15 22:08 . 2010-07-29 06:17 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.20767_none_6d1a5a1e52cef174\ir32_32.dll
+ 2010-08-15 22:08 . 2010-07-29 06:30 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7600.16646_none_6ca55ce139a20071\ir32_32.dll
+ 2009-07-13 23:12 . 2009-07-14 01:20 187472 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\FWPKCLNT.SYS
+ 2009-07-13 23:12 . 2009-07-14 01:20 187472 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\FWPKCLNT.SYS
+ 2010-08-15 22:08 . 2010-06-22 02:45 307200 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20740_none_da72d04d70d0f1ff\srv2.sys
+ 2010-08-15 22:08 . 2010-06-22 02:47 307200 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16619_none_da12a5e05792e271\srv2.sys
+ 2010-08-15 22:08 . 2010-06-22 02:45 311296 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20740_none_da7da03970c8d60e\srv.sys
+ 2010-08-15 22:08 . 2010-06-22 02:47 310784 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16619_none_da1d75cc578ac680\srv.sys
+ 2010-08-15 22:08 . 2010-06-22 02:44 113664 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20740_none_045c65128a7c54f0\srvnet.sys
+ 2010-08-15 22:08 . 2010-06-22 02:47 113664 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16619_none_03fc3aa5713e4562\srvnet.sys
+ 2010-08-15 22:09 . 2010-06-16 05:58 224256 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.20735_none_22ac534acf8b77bc\schannel.dll
+ 2010-08-15 22:09 . 2010-06-16 05:48 224256 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16612_none_22355579b660540b\schannel.dll
+ 2010-08-15 22:05 . 2010-06-30 06:14 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20745_none_7fe7ec279f71beb2\ieui.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16625_none_7f73ef348643e706\ieui.dll
+ 2010-08-15 22:05 . 2010-06-30 06:14 163328 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.20745_none_ab7463e73be351ce\ieproxy.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 163328 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.16625_none_ab0066f422b57a22\ieproxy.dll
+ 2010-08-15 22:05 . 2010-06-30 06:14 859648 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.7600.20745_none_56ea8c5831291390\iedvtool.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 859648 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.7600.16625_none_56768f6517fb3be4\iedvtool.dll
+ 2010-08-15 22:05 . 2010-06-30 06:14 186368 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7600.20745_none_58090436e3608fb1\iepeers.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 185856 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7600.16625_none_57950743ca32b805\iepeers.dll
+ 2010-08-15 22:05 . 2010-06-30 06:14 381440 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.20745_none_8f95ec0148cfe816\iedkcs32.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 381440 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.16625_none_8f21ef0e2fa2106a\iedkcs32.dll
+ 2010-08-15 22:05 . 2010-06-30 06:18 980480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll
+ 2010-08-15 22:05 . 2010-06-30 06:25 978432 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll
+ 2010-08-15 22:05 . 2010-06-30 06:15 606208 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.20745_none_fc0b262c6dc5602b\mstime.dll
+ 2010-08-15 22:05 . 2010-06-30 06:22 606208 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.16625_none_fb9729395497887f\mstime.dll
- 2009-07-14 02:05 . 2010-07-24 16:43 619206 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-18 19:38 619206 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-18 19:38 107388 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-07-24 16:43 107388 c:\windows\System32\perfc009.dat
- 2010-06-16 21:16 . 2010-05-06 12:41 606208 c:\windows\System32\mstime.dll
+ 2010-08-15 22:05 . 2010-06-30 06:22 606208 c:\windows\System32\mstime.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 176640 c:\windows\System32\ieui.dll
- 2009-07-13 23:26 . 2009-07-14 01:15 176640 c:\windows\System32\ieui.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 185856 c:\windows\System32\iepeers.dll
- 2010-06-16 21:16 . 2010-05-06 12:41 381440 c:\windows\System32\iedkcs32.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 381440 c:\windows\System32\iedkcs32.dll
+ 2009-07-14 04:33 . 2010-08-17 18:38 435480 c:\windows\System32\FNTCACHE.DAT
- 2009-07-14 04:33 . 2010-06-16 22:52 435480 c:\windows\System32\FNTCACHE.DAT
+ 2010-08-17 18:39 . 2010-08-18 19:47 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-07 21:19 . 2010-08-17 18:41 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-15 22:08 . 2010-05-20 22:49 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-08-15 22:08 . 2010-05-20 22:49 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-07-30 13:32 . 2010-06-16 22:38 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-30 13:32 . 2010-08-15 22:10 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-30 13:32 . 2010-08-15 22:10 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-30 13:32 . 2010-06-16 22:38 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-30 13:32 . 2010-08-15 22:10 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-07-30 13:32 . 2010-06-16 22:38 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-30 13:32 . 2010-08-15 22:10 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-30 13:32 . 2010-06-16 22:38 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-07-30 13:29 . 2010-08-15 22:13 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2009-07-30 13:29 . 2009-07-30 14:29 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2009-07-30 13:29 . 2009-07-30 14:29 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
+ 2009-07-30 13:29 . 2010-08-15 22:13 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2009-07-30 13:29 . 2009-07-30 14:29 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2009-07-30 13:29 . 2010-08-15 22:13 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2007-06-20 21:04 . 2007-06-20 21:04 173408 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F378_WkProof.dll
+ 2007-06-21 21:48 . 2007-06-21 21:48 972128 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20987_wkwpqd.dll
+ 2007-06-20 21:04 . 2007-06-20 21:04 161120 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20985_wkwpqrtf.dll
+ 2010-08-17 18:54 . 2010-08-17 18:54 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\1eab6ceaf2bc688df423255ff9490d60\WsatConfig.ni.exe
+ 2010-08-17 18:44 . 2010-08-17 18:44 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\c04f947d29abd77000220583856fb959\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ef8eb9449f42f5c29f5b17018d8ed1d4\WindowsLive.Writer.Controls.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e47fcfdccdbb531bd1f0cebd0caea98d\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\de7133bc3c07962229a913565ee38ae4\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dbeffee82298993a8f8a07b1cbc8bf6d\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d134e6c17fe53dfbd51acb4f7e4a1ad7\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c8d3f0888495a168c9663a31e3270184\WindowsLive.Writer.Interop.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c30c3d78c239928fe2d7e5919ff4d8e5\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9230f423fe8e01e8266f4f41e06a67b2\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88bfb22e0828991bd27db66764c97bca\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\453bc8c952d87b3ac9a06ac94b927be1\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\40f287c5b7f2775066750c9906ecbf43\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2ffb132bdf0c5b7bd1074fa823903445\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b8a9c553b8de69e4eb95157b09e609b\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\16da07fcd286886ba75e6f0d29ea6077\WindowsLive.Writer.Localization.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0dbe95ae3e81e0f32643061fd83bb966\WindowsLive.Writer.Passport.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\46cd6b9c18daa9bdfbf932cf45180d52\WindowsLive.Client.ni.dll
+ 2010-08-17 18:54 . 2010-08-17 18:54 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3ab00af09cebaa9eeef352712b6f6bf\WindowsFormsIntegration.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f050ef6d97c0102333ded4d8d58ffa4e\UIAutomationTypes.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\b3fbd794181d7b93b807a5e74991b0f9\UIAutomationClient.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\715293cb97f01847aafffeff1c834e17\TaskScheduler.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\3118353bd1e1ba3f065418d837bd479e\TaskScheduler.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\cc523d58068d01f874b18e665d49eb67\System.Xml.Linq.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\2f84c918be2ff7e390120c18237443c9\System.Web.Routing.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\be061062b2a6666ead57322f7fb7206f\System.Web.RegularExpressions.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\601a34c1001a27c2da41d78b6b5b40a3\System.Web.Extensions.Design.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\19fefac6b36bd2522901f7703e001fce\System.Web.Entity.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\62d687b818bd0195618e632016c7dbf7\System.Web.Entity.Design.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ca2575f5c34b0abf8e8e23b7f390e611\System.Web.DynamicData.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\8b4af536857e71fca6a33bc24b8b89d2\System.Web.Abstractions.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c744f0f95227e75796b8689801740d4b\System.Transactions.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6b8b76b26be7d7f4c3d1cb644811a2ef\System.ServiceProcess.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5025c0c5e7134226b2fc0c4bdabf67ef\System.Security.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d35d360c6e410684be7ea9fd0a8e6b53\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6728ef6a4c4b41eec6af6f48a7109457\System.Runtime.Remoting.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\c9c7532609177f639fac55991c882d1f\System.Net.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\50583e3d9a03c78b8107b826068f4541\System.Messaging.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\758e0ce53c80a7ad7cf76a4910d27762\System.Management.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\9d42bf7e1d49e083bf8ca3dc44ee2b19\System.Management.Instrumentation.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8dd494a51a34de9bb8dc459287fe01bc\System.IO.Log.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\1a8dbe792bff04609faff69f9327630f\System.IdentityModel.Selectors.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.Wrapper.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\0964202aa721ad3fc6f4d3d9d93dbf52\System.Drawing.Design.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\cd5561592e50ed277e3b1a45d529c1a4\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\689d9df56dfa4978b2593c43d4e94cdd\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1d2e67b4b6908a0119966021363b7dc\System.Data.Services.Design.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b7d5d32033299d1e34180f80aeb71748\System.Data.Services.Client.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f9230f56cf1a71f9af2e9b4e8f823d1a\System.Data.Entity.Design.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b35e8ee9e538de0ce43719f73aca5833\System.Data.DataSetExtensions.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\69cfb623bd8b1bc7dbad276f82019dcb\System.Configuration.Install.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\85b263ee17ce8086d74c45fed21c1180\System.AddIn.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\999b0b3c1e99cdf46f6afbb7daf1ae49\sysglobl.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\cb96e1d6de2c7a0c2d518761d6d139b2\SMSvcHost.ni.exe
+ 2010-08-17 18:44 . 2010-08-17 18:44 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9de488bf62eebca425759ea94d9a70e8\SMDiagnostics.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\894321ecb848c6ce6f802103207d5cb5\ServiceModelReg.ni.exe
+ 2010-08-17 18:40 . 2010-08-17 18:40 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9da2c4ccbf8dead2507879555e600ab7\PresentationFramework.Classic.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\645eac5513e6a5587dd3f334d9fab4c2\PresentationFramework.Royale.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aa86db18e6c85f0b6144ca8b6de9b52\PresentationFramework.Luna.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\cfd58c55ec0b01c5544eb380a6a23841\napsnap.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\c26b8bd37831c8ec8e74365a91492fc5\napsnap.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\31d4aa4ab7644c761f3282fef4dbc5e7\napinit.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\1ce01a7f6894b570af6060c839d9352f\napinit.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\85e4bdb3f0fdb42a933e74c8fe55fbf0\naphlpr.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\05238736304f9b2c5f451607ab71ae18\naphlpr.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\b6e1a1590a2fcf08ed4145fb92357391\MSBuild.ni.exe
+ 2010-08-17 18:51 . 2010-08-17 18:51 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\02600010d899e4abfd49e6dd18b94738\MMCFxCommon.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 531456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ea8b88af652eb8082578cdca393a4bcf\Microsoft.WSMan.Management.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\528fb7c1f755e446a1ed500d1b58ebd4\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f6348b0de59c9de42d5d6ae71d511763\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c16b32cadfcc2b5caf6259693655a740\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b9a59377784c8283d217f4ca65b3ac9b\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b83901768935aa231c768dd1a72dcdb7\Microsoft.PowerShell.Security.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f2d57e89dbdc62cffb0e7a0e15bf58b\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-08-17 18:45 . 2010-08-17 18:45 849920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\e6f9e2231f38135bca640268cb97bbf1\Microsoft.MediaCenter.Shell.ni.dll
+ 2010-08-17 18:45 . 2010-08-17 18:45 740864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\bcb5dd83610f0529b940f33563b96f0f\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2010-08-17 18:45 . 2010-08-17 18:45 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\b0d222cd6486fe42a37c40d8c545b674\Microsoft.MediaCenter.Playback.ni.dll
+ 2010-08-17 18:45 . 2010-08-17 18:45 229888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\a9af9bb9c0a753244770d35085613341\Microsoft.MediaCenter.iTv.ni.dll
+ 2010-08-17 18:45 . 2010-08-17 18:45 142848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8afecd0f80ba53c117b540e682df3cec\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 105472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\3f77b7a25454bea3881ba1e01f5dffdb\Microsoft.MediaCenter.Mheg.ni.dll
+ 2010-08-17 18:45 . 2010-08-17 18:45 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\3d79f49402afb52ffec9478cfc4fc733\Microsoft.MediaCenter.Interop.ni.dll
+ 2010-08-17 18:45 . 2010-08-17 18:45 705024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\2812c9f9721dce7adfa4e8ff5c93c06a\Microsoft.MediaCenter.Sports.ni.dll
+ 2010-08-17 18:51 . 2010-08-17 18:51 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\117653722679370f9b5da66807886739\Microsoft.ManagementConsole.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\757d1a493508c965f98e23807e226f72\Microsoft.Build.Utilities.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6466be199d39a2af445708e711095775\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8f3a62f35106a0a83f7b1be20142f5b6\Microsoft.Build.Engine.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0f63bf412ade976b62296fe9b9bec6f4\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-17 18:45 . 2010-08-17 18:45 250880 c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\1f8f66772bddf57999819178e765fe94\Mcx2Dvcs.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 380928 c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\9261114d00ee997da8867f4d41043dbf\mcupdate.ni.exe
+ 2010-08-17 18:44 . 2010-08-17 18:44 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\8db5f1bdfd98e7697887a3d9e46e593c\mcstoredb.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 371712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcplayerinterop\47703804d2a510901a050f6dca204326\mcplayerinterop.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\mcGlidHostObj\b0aecf70489f5b5ae91225265323c9fb\mcGlidHostObj.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 107520 c:\windows\assembly\NativeImages_v2.0.50727_32\MCESidebarCtrl\ed36972cdaf4ff2a66a76b67f5282044\MCESidebarCtrl.ni.dll
+ 2010-08-17 18:51 . 2010-08-17 18:51 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\a19346462fbc57a1f768822f8a426509\EventViewer.ni.dll
+ 2010-08-17 18:51 . 2010-08-17 18:51 538112 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\86751a06b1c7eb0f79f1189c621a4de2\EventViewer.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\547cffc5ba398241f6ee02bee82e21c8\ehRecObj.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 202752 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\383bac4c0ccf08b1d29cee81bed3ceac\ehiWUapi.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 340480 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\57ac449b151cd332165d5b6bfd74c0ad\ehiwmp.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\e3eee4794703cc5b617f27172df1ee10\ehiVidCtl.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\ada5e4f7f382d574dd0b1ebdd1dcd8b6\ehiProxy.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\1cdffc23520c3688e9ac6fafdf18f0ae\ehiExtens.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 257536 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\118280a4259f58ab46f2583c0563bff6\ehExtHost.ni.exe
+ 2010-08-17 18:44 . 2010-08-17 18:44 223744 c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\9f4a441b157b4ee850a46392791d6cdc\ehCIR.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\149c74602e3720d5e12fd34691793f45\CustomMarshalers.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\0026d2a5ef652dd0f2ffafc5c6be0e5a\ComSvcConfig.ni.exe
+ 2010-08-17 18:44 . 2010-08-17 18:44 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\f5a64e44170e235bc89a46b4129deaad\BDATunePIA.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\9950d80cbdcff8521c7a46d5da53a68b\AspNetMMCExt.ni.dll
+ 2010-08-15 22:08 . 2010-05-20 22:43 5822800 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7600.20717_none_f00fcbf704dccba1\mscorwks.dll
+ 2010-08-15 22:08 . 2010-05-20 22:49 5816656 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7600.16597_none_06e5752aeb2e3602\mscorwks.dll
+ 2010-08-15 22:08 . 2010-05-20 22:43 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7600.20717_none_8568fd099755671c\mscorlib.dll
+ 2010-08-15 22:08 . 2010-05-20 22:49 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7600.16597_none_9c3ea63d7da6d17d\mscorlib.dll
+ 2010-08-15 22:08 . 2010-06-19 04:13 2327552 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20738_none_b98c82d514ccb6c0\win32k.sys
+ 2010-08-15 22:08 . 2010-06-19 04:07 2326016 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_b9178597fb9fc5bd\win32k.sys
+ 2010-08-15 22:08 . 2010-06-14 06:06 1288576 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
+ 2010-08-15 22:08 . 2010-06-14 06:12 1286016 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
+ 2010-08-15 22:09 . 2010-06-19 06:37 3909512 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
+ 2010-08-15 22:09 . 2010-06-19 06:37 3964800 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntkrnlpa.exe
+ 2010-08-15 22:09 . 2010-06-19 06:33 3899784 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
+ 2010-08-15 22:09 . 2010-06-19 06:33 3955080 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntkrnlpa.exe
+ 2010-08-15 22:08 . 2010-06-08 05:00 1233920 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.20728_none_891219a11113f34b\msxml3.dll
+ 2010-08-15 22:08 . 2010-06-08 06:02 1233920 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16605_none_889b1bcff7e8cf9a\msxml3.dll
+ 2010-08-15 22:05 . 2010-06-30 06:15 5972992 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_2e889224137c3085\mshtml.dll
+ 2010-08-15 22:05 . 2010-06-30 06:22 5971456 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_2e149530fa4e58d9\mshtml.dll
+ 2010-08-15 22:05 . 2010-06-30 06:18 1227264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.20745_none_d0289763c81ca0bc\urlmon.dll
+ 2010-08-15 22:05 . 2010-06-30 06:25 1226240 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.16625_none_cfb49a70aeeec910\urlmon.dll
+ 2010-08-15 22:05 . 2010-06-30 06:25 1226240 c:\windows\System32\urlmon.dll
+ 2009-07-14 02:03 . 2010-08-18 19:45 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-08-15 22:05 . 2010-06-30 06:22 5971456 c:\windows\System32\mshtml.dll
- 2009-07-14 04:34 . 2010-07-03 16:28 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2010-08-17 18:48 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-08-15 22:08 . 2010-05-20 22:49 5816656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-08-15 22:08 . 2010-05-20 22:49 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-07-09 16:28 . 2010-07-09 16:28 2151424 c:\windows\Installer\138521.msp
+ 2010-07-26 15:00 . 2010-07-26 15:00 5010944 c:\windows\Installer\13850b.msp
+ 2010-07-10 19:14 . 2010-07-10 19:14 2850816 c:\windows\Installer\1384cc.msp
+ 2009-07-30 13:32 . 2010-08-15 22:10 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-07-30 13:32 . 2010-06-16 22:38 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-02 21:54 . 2010-08-15 22:12 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-11-02 21:54 . 2010-07-14 17:01 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-07-30 13:29 . 2010-08-15 22:13 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2009-07-30 13:29 . 2009-07-30 14:29 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2009-07-30 13:29 . 2009-07-30 14:29 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2009-07-30 13:29 . 2010-08-15 22:13 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2007-06-21 21:44 . 2007-06-21 21:44 2901344 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22194_wksssdb.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ecd4fc39e5fadd027f133395fd2b9cf5\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5aa466ec698fb4dcbaed35f73a490614\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0e138118c856ff170f586a4a7a20c630\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll
+ 2010-08-17 18:54 . 2010-08-17 18:54 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\316d55123fabfb1b92b6364d294ccf65\UIAutomationClientsideProviders.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 7949312 c:\windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\db5e1eda18f1fe201916f197f88cf819\System.WorkflowServices.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6cbcd0f5f64db318f682ee3be29df125\System.Workflow.Runtime.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\7f793e614c5430e51ed902a5c71c2982\System.Workflow.ComponentModel.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54c2b168fd76ce84666c0a5241a9d0fa\System.Workflow.Activities.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ee24fe21a061801bb923bdc23c96388d\System.Web.Services.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\50766874720f812ab8f37c45940b1640\System.Web.Mobile.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 2400768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\0119cf02155b33d89fca6687c3e03705\System.Web.Extensions.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d9d7b2b31f2139f7f8ec4679a21bcdb0\System.Speech.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5f1a3bdc51fdea45f367be500582ab41\System.ServiceModel.Web.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\86d34fbd2a7c582105eb53cbbd55c29e\System.Runtime.Serialization.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\86e1b89eec4df3c10e5ed8bf20b80ebd\System.Printing.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 8871936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1f989227a5dc6c495b2062f59be3610e\System.Management.Automation.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1fe7db1174c0c3269ce34d949e201ad0\System.IdentityModel.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 1586688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\86d99a77ba6496b2300d9e347373fdd9\System.DirectoryServices.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\17acef277a65333d0cd2003266af184d\System.Deployment.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 6618624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f7e995e1a099c38dacf8f2aac311e14b\System.Data.SqlXml.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\77726e357d83ad9a52bfa585f13b05cb\System.Data.Services.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\bb7f3d86b4b443ee73293fa666a5f7ab\System.Data.OracleClient.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\6e6ded3ee35572638262578c00afd4dc\System.Data.Linq.ni.dll
+ 2010-08-17 18:53 . 2010-08-17 18:53 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6e9445f6c035f07b31a86296f4e2be3f\System.Data.Entity.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\05460c4c17dba17e4c3c81ae4a42bf8a\ReachFramework.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a7cea5d83f3ae698470a1393a30242db\PresentationUI.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 1449984 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a3bcad5eb6d5b5dd1942f2ce44a67b5b\PresentationBuildTasks.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\8afd1170ffaa4644f114d3392f18d536\Narrator.ni.exe
+ 2010-08-17 18:52 . 2010-08-17 18:52 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\4295b54ee21bfef1e972e14000ed2039\Narrator.ni.exe
+ 2010-08-17 18:52 . 2010-08-17 18:52 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\87b1ca611b5c770217555e9d78ff726f\MMCEx.ni.dll
+ 2010-08-17 18:51 . 2010-08-17 18:51 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\9a681a81acd5e696d4315ebfa51a359a\MIGUIControls.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\72d87531f055ba39b1fc43d6efbd2a0e\Microsoft.VisualBasic.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\976f7d50a8d1d8bbe74b11679e784185\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ddabdd83f2727a3d37001ca299cf8a87\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 1705472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9b72e5e5525c410c2964199aa4bf4dd0\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\60fc2cef7a33dd1b62b6c23bb713b942\Microsoft.PowerShell.Editor.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 1125376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\6e56e6ce312a5b8f3953edb6a34edd96\Microsoft.MediaCenter.Bml.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\65ad4440cc44e031d7f3c3035e47ac4d\Microsoft.MediaCenter.UI.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\049a14f41fb305aa47e5c91d43f0d613\Microsoft.MediaCenter.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 2332672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\0972a4acf48e3732ede5a7f13745f517\Microsoft.JScript.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\5196e176b6eade8e55e30404f6842a48\Microsoft.Ink.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a6e90a53a09e50dda9122b432f48e275\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-17 18:52 . 2010-08-17 18:52 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\0d33e9ce3f1f04cf48bff4c2dfb9f4eb\Microsoft.Build.Tasks.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ff7ebb17690b1ccc7ee8c6cfa2d107b8\Microsoft.Build.Engine.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 2031104 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\b177c57b6d37399f5695495c433f5aee\mcstore.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 3319296 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\45f49dabb3d9c8cb8d9c8d365dc6f1f2\mcepg.ni.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-15 22:08 . 2010-05-20 22:49 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-15 22:09 . 2010-07-27 13:59 12869120 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.20765_none_6c9ec3568c5ce28d\shell32.dll
+ 2010-08-15 22:09 . 2010-07-27 14:03 12867584 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16644_none_6c29c619732ff18a\shell32.dll
+ 2010-08-15 22:05 . 2010-06-30 06:14 10986496 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20745_none_7fe7ec279f71beb2\ieframe.dll
+ 2010-08-15 22:05 . 2010-06-30 06:21 10985472 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16625_none_7f73ef348643e706\ieframe.dll
+ 2009-07-14 07:18 . 2010-08-15 22:08 70699678 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
+ 2010-08-15 22:09 . 2010-07-27 14:03 12867584 c:\windows\System32\shell32.dll
+ 2010-03-02 10:13 . 2010-08-03 18:09 35962312 c:\windows\System32\MRT.exe
+ 2010-08-15 22:05 . 2010-06-30 06:21 10985472 c:\windows\System32\ieframe.dll
+ 2010-07-10 19:06 . 2010-07-10 19:06 10120192 c:\windows\Installer\1384b1.msp
+ 2010-08-17 18:39 . 2010-08-17 18:39 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 11804160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\064483cd86ddba6c78dd32732f6fd351\System.Web.ni.dll
+ 2010-08-17 18:44 . 2010-08-17 18:44 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\5a355674c42773b646b5238853a2015d\System.ServiceModel.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\cadfe0acc38aa5a20b52ddf22917688c\System.Design.ni.dll
+ 2010-08-17 18:40 . 2010-08-17 18:40 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll
+ 2010-08-17 18:39 . 2010-08-17 18:39 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
+ 2010-08-17 18:45 . 2010-08-17 18:45 18684416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\7bee3e2eeda21704a2bda64ee3087316\ehshell.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-02 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"SAFEOEM HotKeys"="c:\program files\Steganos Safe OEM\SteganosHotKeyService.exe" [2008-12-11 26112]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MRT"="c:\windows\system32\MRT.exe" [2010-08-03 35962312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 efrybxan;efrybxan;c:\windows\system32\drivers\efrybxan.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-03 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-01 390528]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-01 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-01 166632]
S1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\Sleen16.sys [2008-10-01 13:24 79104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-25 734208]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


--- Other Services/Drivers In Memory ---

*Deregistered* - lbfybnb
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 12:17]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 12:17]

2010-02-07 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2009-06-26 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\cilnfc3j.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.uk.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lbfybnb]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(16824)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
.
Completion time: 2010-08-18 20:48:26
ComboFix-quarantined-files.txt 2010-08-18 19:48
ComboFix2.txt 2010-07-27 18:55
ComboFix3.txt 2010-07-25 08:08
ComboFix4.txt 2010-07-24 16:51

Pre-Run: 299,749,527,552 bytes free
Post-Run: 299,705,819,136 bytes free

- - End Of File - - 01E2EA6D4291F3000316CA3BF07A4118



#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:58 PM

Posted 19 August 2010 - 06:29 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :Services
    efrybxan
    lbfybnb

    :Files
    c:\windows\system32\drivers\efrybxan.sys

    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:58 PM

Posted 22 November 2010 - 07:44 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users