Rogue.FakeEset Removed IE Will Still Not Launch

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Rogue.FakeEset Removed IE Will Still Not Launch27th May 2011, 7:50 pm

I am working on my bosses' laptop which is running Windows 7 Home Premium with Service Pack 1 installed. He brought it in for me to look at, because IE would no longer launch. I installed Firefox and had the same problem. I have run Malwarebytes three times. The first two times it found and removed Rogue.FakeEset. The third time it did not find anything. McAfee Stinger does not find any viruses. I have uninstalled IE, edited all references to IE out of the registery and then re-installed IE. It still will not launch. Firefox is working fine. I tried to cop my OTL scan results below, but the message was too large to be sent, so I am attaching my OTL scan results and appreciate any suggestions you can give me. Thank you in advance!

========== Win32 Services (SafeList) ==========

SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/05/18 19:49:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/10 23:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 18:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 03:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\WinUSB.sys -- (WinUsb)
DRV - [2009/12/22 20:26:47 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 16:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 19:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 19:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 12:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/07/01 14:31:44 | 000,374,272 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/05 04:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/26 19:00:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/27 15:09:46 | 000,000,000 | ---D | M]

[2011/05/27 15:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diana\AppData\Roaming\Mozilla\Extensions
[2011/05/27 15:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\x5cftu27.default\extensions
[2011/05/26 19:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{51FEF565-94BA-4DB8-860A-770BB9D26FD6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/27 15:12:04 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\Mozilla
[2011/05/27 15:12:04 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Local\Mozilla
[2011/05/27 15:11:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.com
[2011/05/27 15:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/05/27 15:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/05/27 15:08:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/27 14:59:30 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/05/27 14:59:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/05/27 14:59:30 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/05/27 14:59:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/05/27 14:59:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/05/27 14:59:30 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/05/27 14:59:30 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/05/27 14:59:30 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/05/27 14:59:30 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/05/27 14:59:30 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/05/27 14:59:30 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/05/27 14:59:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/05/27 14:59:30 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/05/27 14:59:30 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/05/27 14:59:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/05/27 14:59:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/05/27 14:59:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/05/27 14:59:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/05/27 14:59:30 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/05/27 14:59:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/05/27 14:59:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/05/27 14:59:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/05/27 14:59:30 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/05/27 14:59:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/05/27 14:59:30 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/05/27 14:59:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/05/27 14:59:30 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/05/27 14:59:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/05/27 14:59:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/05/27 14:59:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/05/27 14:59:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/05/27 14:59:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/05/27 14:59:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/05/27 14:59:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/05/27 14:59:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/05/27 14:59:30 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/05/27 14:59:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/05/27 14:59:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/05/27 14:59:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/05/27 06:10:58 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/05/27 06:09:46 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/05/27 06:06:48 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys
[2011/05/27 06:06:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011/05/27 06:06:43 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2011/05/27 06:06:43 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2011/05/27 06:06:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2011/05/27 06:06:40 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2011/05/27 06:06:38 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2011/05/27 06:06:38 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2011/05/27 06:06:37 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2011/05/27 06:06:35 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizui.dll
[2011/05/27 06:06:33 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2011/05/27 06:06:32 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcupdate_GenuineIntel.dll
[2011/05/27 06:06:31 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2011/05/27 06:06:31 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertEnroll.dll
[2011/05/27 06:06:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe
[2011/05/27 06:06:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll
[2011/05/27 06:06:27 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2011/05/27 06:06:26 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RacEngn.dll
[2011/05/27 06:06:25 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuthFWSnapin.dll
[2011/05/27 06:06:23 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2011/05/27 06:06:21 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d9.dll
[2011/05/27 06:06:21 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2011/05/27 06:06:20 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spinstall.exe
[2011/05/27 06:06:20 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wer.dll
[2011/05/27 06:06:20 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certcli.dll
[2011/05/27 06:06:20 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spreview.exe
[2011/05/27 06:06:19 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmcore.dll
[2011/05/27 06:06:19 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll
[2011/05/27 06:06:19 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diagperf.dll
[2011/05/27 06:06:19 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
[2011/05/27 06:06:18 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSAT.exe
[2011/05/27 06:06:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll
[2011/05/27 06:06:17 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2011/05/27 06:06:17 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localspl.dll
[2011/05/27 06:06:17 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWorkspace.dll
[2011/05/27 06:06:17 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsmf.dll
[2011/05/27 06:06:17 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3api.dll
[2011/05/27 06:06:16 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbgeng.dll
[2011/05/27 06:06:16 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netlogon.dll
[2011/05/27 06:06:16 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2011/05/27 06:06:15 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2011/05/27 06:06:15 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Query.dll
[2011/05/27 06:06:15 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfgx.dll
[2011/05/27 06:06:15 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2011/05/27 06:06:14 | 000,252,928 | ---- | C] (Microsoft) -- C:\windows\System32\DShowRdpFilter.dll
[2011/05/27 06:06:14 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\upnp.dll
[2011/05/27 06:06:13 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcndmgr.dll
[2011/05/27 06:06:13 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
[2011/05/27 06:06:13 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppobjs.dll
[2011/05/27 06:06:13 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2fs.dll
[2011/05/27 06:06:13 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll
[2011/05/27 06:06:13 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll
[2011/05/27 06:06:11 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsservices.dll
[2011/05/27 06:06:11 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certmgr.dll
[2011/05/27 06:06:11 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceApi.dll
[2011/05/27 06:06:11 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winload.exe
[2011/05/27 06:06:11 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcbuilder.exe
[2011/05/27 06:06:11 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/05/27 06:06:09 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32spl.dll
[2011/05/27 06:06:09 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppwinob.dll
[2011/05/27 06:06:09 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmd.exe
[2011/05/27 06:06:09 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedynos.dll
[2011/05/27 06:06:08 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfds.dll
[2011/05/27 06:06:07 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2011/05/27 06:06:07 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2011/05/27 06:06:07 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\samsrv.dll
[2011/05/27 06:06:07 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winresume.exe
[2011/05/27 06:06:07 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2011/05/27 06:06:07 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2011/05/27 06:06:06 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\werconcpl.dll
[2011/05/27 06:06:03 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbghelp.dll
[2011/05/27 06:06:03 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NaturalLanguage6.dll
[2011/05/27 06:06:03 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2011/05/27 06:06:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2011/05/27 06:06:03 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\credui.dll
[2011/05/27 06:06:03 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basecsp.dll
[2011/05/27 06:06:02 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlsrv32.dll
[2011/05/27 06:06:02 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\calc.exe
[2011/05/27 06:06:02 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\evr.dll
[2011/05/27 06:06:02 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSATAPI.dll
[2011/05/27 06:06:02 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2011/05/27 06:06:01 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbon.dll
[2011/05/27 06:06:01 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpksetup.exe
[2011/05/27 06:06:01 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sxs.dll
[2011/05/27 06:06:01 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fveapi.dll
[2011/05/27 06:06:01 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnike.dll
[2011/05/27 06:06:00 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgprint.dll
[2011/05/27 06:05:59 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetpp.dll
[2011/05/27 06:05:59 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prncache.dll
[2011/05/27 06:05:58 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpeffects.dll
[2011/05/27 06:05:57 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ci.dll
[2011/05/27 06:05:57 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSDApi.dll
[2011/05/27 06:05:57 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aepdu.dll
[2011/05/27 06:05:57 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scansetting.dll
[2011/05/27 06:05:57 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\net1.exe
[2011/05/27 06:05:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rpchttp.dll
[2011/05/27 06:05:57 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aitagent.exe
[2011/05/27 06:05:55 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVCORE.DLL
[2011/05/27 06:05:55 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MMDevAPI.dll
[2011/05/27 06:05:55 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\davclnt.dll
[2011/05/27 06:05:54 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlangpui.dll
[2011/05/27 06:05:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2011/05/27 06:05:53 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pnidui.dll
[2011/05/27 06:05:53 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSHVHOST.DLL
[2011/05/27 06:05:53 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2011/05/27 06:05:52 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webservices.dll
[2011/05/27 06:05:52 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fde.dll
[2011/05/27 06:05:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2011/05/27 06:05:51 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SyncCenter.dll
[2011/05/27 06:05:51 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdengin2.dll
[2011/05/27 06:05:51 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2011/05/27 06:05:51 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netdiagfx.dll
[2011/05/27 06:05:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2011/05/27 06:05:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll
[2011/05/27 06:05:50 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSCard.dll
[2011/05/27 06:05:49 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPEG2ENC.DLL
[2011/05/27 06:05:49 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2011/05/27 06:05:49 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcmde.dll
[2011/05/27 06:05:49 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2.dll
[2011/05/27 06:05:49 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2011/05/27 06:05:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsta.dll
[2011/05/27 06:05:49 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcl.exe
[2011/05/27 06:05:48 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll
[2011/05/27 06:05:48 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXPTaskRingtone.dll
[2011/05/27 06:05:48 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aeinv.dll
[2011/05/27 06:05:47 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPEncEn.dll
[2011/05/27 06:05:47 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2011/05/27 06:05:47 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autofmt.exe
[2011/05/27 06:05:47 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onex.dll
[2011/05/27 06:05:47 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vaultsvc.dll
[2011/05/27 06:05:47 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmredir.dll
[2011/05/27 06:05:47 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hbaapi.dll
[2011/05/27 06:05:46 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bootres.dll
[2011/05/27 06:05:46 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Narrator.exe
[2011/05/27 06:05:46 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halmacpi.dll
[2011/05/27 06:05:46 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hal.dll
[2011/05/27 06:05:46 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msutb.dll
[2011/05/27 06:05:46 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiohlp.dll
[2011/05/27 06:05:46 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IPHLPAPI.DLL
[2011/05/27 06:05:46 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\audiodg.exe
[2011/05/27 06:05:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\proquota.exe
[2011/05/27 06:05:45 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoconv.exe
[2011/05/27 06:05:45 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsmsnap.dll
[2011/05/27 06:05:45 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msinfo32.exe
[2011/05/27 06:05:45 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srchadmin.dll
[2011/05/27 06:05:45 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AudioSes.dll
[2011/05/27 06:05:45 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tcpipcfg.dll
[2011/05/27 06:05:45 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2011/05/27 06:05:45 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\regapi.dll
[2011/05/27 06:05:45 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mimefilt.dll
[2011/05/27 06:05:45 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys
[2011/05/27 06:05:44 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercpl.dll
[2011/05/27 06:05:44 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2011/05/27 06:05:43 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedyn.dll
[2011/05/27 06:05:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msihnd.dll
[2011/05/27 06:05:41 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayCpl.dll
[2011/05/27 06:05:41 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2011/05/27 06:05:41 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXP.dll
[2011/05/27 06:05:41 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2011/05/27 06:05:41 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QAGENT.DLL
[2011/05/27 06:05:41 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscorier.dll
[2011/05/27 06:05:41 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netid.dll
[2011/05/27 06:05:40 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdc.dll
[2011/05/27 06:05:40 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scesrv.dll
[2011/05/27 06:05:39 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanpref.dll
[2011/05/27 06:05:39 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe
[2011/05/27 06:05:39 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMNetMgr.dll
[2011/05/27 06:05:39 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Vault.dll
[2011/05/27 06:05:39 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastls.dll
[2011/05/27 06:05:39 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\untfs.dll
[2011/05/27 06:05:39 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ataport.sys
[2011/05/27 06:05:39 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nci.dll
[2011/05/27 06:05:38 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2011/05/27 06:05:38 | 000,098,816 | ---- | C] (Microsoft) -- C:\windows\System32\Robocopy.exe
[2011/05/27 06:05:37 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DxpTaskSync.dll
[2011/05/27 06:05:37 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Display.dll
[2011/05/27 06:05:37 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2011/05/27 06:05:37 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\termmgr.dll
[2011/05/27 06:05:37 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\puiobj.dll
[2011/05/27 06:05:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mtxclu.dll
[2011/05/27 06:05:37 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sharemediacpl.dll
[2011/05/27 06:05:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2011/05/27 06:05:37 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2011/05/27 06:05:36 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DiagCpl.dll
[2011/05/27 06:05:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eudcedit.exe
[2011/05/27 06:05:36 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\scsiport.sys
[2011/05/27 06:05:35 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SensorsCpl.dll
[2011/05/27 06:05:35 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\themecpl.dll
[2011/05/27 06:05:35 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdtctm.dll
[2011/05/27 06:05:35 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FirewallControlPanel.dll
[2011/05/27 06:05:35 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\biocpl.dll
[2011/05/27 06:05:35 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiadefui.dll
[2011/05/27 06:05:35 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msconfig.exe
[2011/05/27 06:05:35 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppcomapi.dll
[2011/05/27 06:05:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rasppp.dll
[2011/05/27 06:05:35 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logoncli.dll
[2011/05/27 06:05:35 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shsetup.dll
[2011/05/27 06:05:34 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpccpl.dll
[2011/05/27 06:05:34 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PhotoScreensaver.scr
[2011/05/27 06:05:34 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgcpl.dll
[2011/05/27 06:05:34 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL
[2011/05/27 06:05:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscmmc.dll
[2011/05/27 06:05:33 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscms.dll
[2011/05/27 06:05:33 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localsec.dll
[2011/05/27 06:05:33 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprddm.dll
[2011/05/27 06:05:33 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scecli.dll
[2011/05/27 06:05:33 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2011/05/27 06:05:33 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscories.dll
[2011/05/27 06:05:33 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasacct.dll
[2011/05/27 06:05:32 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcenter.dll
[2011/05/27 06:05:32 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mblctr.exe
[2011/05/27 06:05:32 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\batmeter.dll
[2011/05/27 06:05:32 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VAN.dll
[2011/05/27 06:05:32 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PerfCenterCPL.dll
[2011/05/27 06:05:32 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\usercpl.dll
[2011/05/27 06:05:32 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2011/05/27 06:05:32 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2011/05/27 06:05:32 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanui.dll
[2011/05/27 06:05:32 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2011/05/27 06:05:32 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizeng.dll
[2011/05/27 06:05:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVol.exe
[2011/05/27 06:05:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroleui.dll
[2011/05/27 06:05:32 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe
[2011/05/27 06:05:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVolSSO.dll
[2011/05/27 06:05:32 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdsrv.dll
[2011/05/27 06:05:32 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2011/05/27 06:05:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\w32tm.exe
[2011/05/27 06:05:31 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\accessibilitycpl.dll
[2011/05/27 06:05:31 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\main.cpl
[2011/05/27 06:05:31 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSAC3ENC.DLL
[2011/05/27 06:05:31 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys
[2011/05/27 06:05:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fdeploy.dll
[2011/05/27 06:05:30 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\networkmap.dll
[2011/05/27 06:05:30 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\adsldp.dll
[2011/05/27 06:05:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netjoin.dll
[2011/05/27 06:05:28 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mspbda.dll
[2011/05/27 06:05:28 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Faultrep.dll
[2011/05/27 06:05:28 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wusa.exe
[2011/05/27 06:05:28 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MCEWMDRMNDBootstrap.dll
[2011/05/27 06:05:27 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sud.dll
[2011/05/27 06:05:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenter.dll
[2011/05/27 06:05:27 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prnfldr.dll
[2011/05/27 06:05:27 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slui.exe
[2011/05/27 06:05:27 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MediaMetadataHandler.dll
[2011/05/27 06:05:27 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskbarcpl.dll
[2011/05/27 06:05:27 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OnLineIDCpl.dll
[2011/05/27 06:05:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
[2011/05/27 06:05:26 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdcpl.dll
[2011/05/27 06:05:26 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bthprops.cpl
[2011/05/27 06:05:26 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpd_ci.dll
[2011/05/27 06:05:26 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenterCPL.dll
[2011/05/27 06:05:26 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shwebsvc.dll
[2011/05/27 06:05:26 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysmon.ocx
[2011/05/27 06:05:26 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\intl.cpl
[2011/05/27 06:05:26 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2011/05/27 06:05:26 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iprtrmgr.dll
[2011/05/27 06:05:26 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\defaultlocationcpl.dll
[2011/05/27 06:05:26 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\efscore.dll
[2011/05/27 06:05:26 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrad.dll
[2011/05/27 06:05:26 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ifsutil.dll
[2011/05/27 06:05:26 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halacpi.dll
[2011/05/27 06:05:26 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recovery.dll
[2011/05/27 06:05:26 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2011/05/27 06:05:26 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2011/05/27 06:05:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys
[2011/05/27 06:05:26 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftp.exe
[2011/05/27 06:05:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sisbkup.dll
[2011/05/27 06:05:25 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OobeFldr.dll
[2011/05/27 06:05:25 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll
[2011/05/27 06:05:25 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll
[2011/05/27 06:05:25 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TabletPC.cpl
[2011/05/27 06:05:25 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DeviceCenter.dll
[2011/05/27 06:05:25 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\systemcpl.dll
[2011/05/27 06:05:25 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntprint.dll
[2011/05/27 06:05:25 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdedit.exe
[2011/05/27 06:05:25 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sethc.exe
[2011/05/27 06:05:25 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recdisc.exe
[2011/05/27 06:05:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll
[2011/05/27 06:05:25 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsutil.dll
[2011/05/27 06:05:25 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdboot.exe
[2011/05/27 06:05:25 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoplay.dll
[2011/05/27 06:05:25 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppnp.dll
[2011/05/27 06:05:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntlanman.dll
[2011/05/27 06:05:25 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSTPager.ax
[2011/05/27 06:05:25 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2011/05/27 06:05:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll
[2011/05/27 06:05:24 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\blackbox.dll
[2011/05/27 06:05:24 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched20.dll
[2011/05/27 06:05:24 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rstrui.exe
[2011/05/27 06:05:24 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\activeds.dll
[2011/05/27 06:05:24 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksproxy.ax
[2011/05/27 06:05:24 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpsrcwp.dll
[2011/05/27 06:05:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayServices.dll
[2011/05/27 06:05:24 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPHLPR.DLL
[2011/05/27 06:05:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\migisol.dll
[2011/05/27 06:05:24 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll
[2011/05/27 06:05:23 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2011/05/27 06:05:23 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msftedit.dll
[2011/05/27 06:05:23 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanmsm.dll
[2011/05/27 06:05:23 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshipsec.dll
[2011/05/27 06:05:23 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsqmcons.exe
[2011/05/27 06:05:23 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgent.dll
[2011/05/27 06:05:23 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wavemsp.dll
[2011/05/27 06:05:23 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\isoburn.exe
[2011/05/27 06:05:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2011/05/27 06:05:23 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\httpapi.dll
[2011/05/27 06:05:22 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dfrgui.exe
[2011/05/27 06:05:22 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wvc.dll
[2011/05/27 06:05:22 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimgapi.dll
[2011/05/27 06:05:22 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2011/05/27 06:05:22 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdm.tsp
[2011/05/27 06:05:22 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysclass.dll
[2011/05/27 06:05:22 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetup.exe
[2011/05/27 06:05:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2011/05/27 06:05:22 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzutil.exe
[2011/05/27 06:05:22 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wtsapi32.dll
[2011/05/27 06:05:21 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ssText3d.scr
[2011/05/27 06:05:21 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srrstr.dll
[2011/05/27 06:05:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qasf.dll
[2011/05/27 06:05:21 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcap.dll
[2011/05/27 06:05:21 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\uxlib.dll
[2011/05/27 06:05:21 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupugc.exe
[2011/05/27 06:05:21 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\windows\twain_32.dll
[2011/05/27 06:05:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2011/05/27 06:05:20 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanconn.dll
[2011/05/27 06:05:20 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvfw32.dll
[2011/05/27 06:05:19 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmsdk.dll
[2011/05/27 06:05:19 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscp.dll
[2011/05/27 06:05:19 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimserv.exe
[2011/05/27 06:05:19 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskraid.exe
[2011/05/27 06:05:19 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\clusapi.dll
[2011/05/27 06:05:19 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DevicePairingFolder.dll
[2011/05/27 06:05:19 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpencom.dll
[2011/05/27 06:05:19 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfmon.exe
[2011/05/27 06:05:19 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nslookup.exe
[2011/05/27 06:05:19 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll
[2011/05/27 06:05:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\acppage.dll
[2011/05/27 06:05:18 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drmmgrtn.dll
[2011/05/27 06:05:18 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\raschap.dll
[2011/05/27 06:05:18 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgradeResults.exe
[2011/05/27 06:05:18 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\input.dll
[2011/05/27 06:05:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2011/05/27 06:05:18 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QUTIL.DLL
[2011/05/27 06:05:18 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPCRYPT.DLL
[2011/05/27 06:05:17 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onexui.dll
[2011/05/27 06:05:17 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nltest.exe
[2011/05/27 06:05:17 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iTVData.dll
[2011/05/27 06:05:17 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdiagn.dll
[2011/05/27 06:05:17 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpdwcn.dll
[2011/05/27 06:05:17 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetapi.dll
[2011/05/27 06:05:17 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsbas.dll
[2011/05/27 06:05:17 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UserAccountControlSettings.dll
[2011/05/27 06:05:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\bfsvc.exe
[2011/05/27 06:05:17 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\runonce.exe
[2011/05/27 06:05:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnikeapi.dll
[2011/05/27 06:05:16 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logagent.exe
[2011/05/27 06:05:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2011/05/27 06:05:13 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Bubbles.scr
[2011/05/27 06:05:13 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmdev.dll
[2011/05/27 06:05:13 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2011/05/27 06:05:13 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlcese30.dll
[2011/05/27 06:05:13 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2011/05/27 06:05:13 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsadmin.exe
[2011/05/27 06:05:13 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFPlay.dll
[2011/05/27 06:05:13 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprapi.dll
[2011/05/27 06:05:13 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rmcast.sys
[2011/05/27 06:05:13 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shacct.dll
[2011/05/27 06:05:13 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2011/05/27 06:05:13 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tabcal.exe
[2011/05/27 06:05:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PnPUnattend.exe
[2011/05/27 06:05:13 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdmat.dll
[2011/05/27 06:05:13 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpd3d.dll
[2011/05/27 06:05:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsium.dll
[2011/05/27 06:05:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsmproxy.dll
[2011/05/27 06:05:12 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OpcServices.dll
[2011/05/27 06:05:12 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdh.dll
[2011/05/27 06:05:12 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceSyncProvider.dll
[2011/05/27 06:05:12 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kstvtune.ax
[2011/05/27 06:05:11 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceStatus.dll
[2011/05/27 06:05:11 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WPDSp.dll
[2011/05/27 06:05:11 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll

Last edited by jgraves on 27th May 2011, 8:37 pm; edited 3 times in total (Reason for editing : Adding Part 1 of Otl.txt)

Re: Rogue.FakeEset Removed IE Will Still Not Launch28th May 2011, 8:57 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Rogue.FakeEset - ComboFix log file28th May 2011, 12:22 pm

After running ComboFix and attempting to turn firewalls and virus scanners back on, Windows Defender gives the following message: Illegal operation attempted on a registery key that has been marked for deletion. Following is the ComboFix log file. Again - I appreciate any help you can give me.

ComboFix 11-05-27.02 - Diana 05/28/2011 8:05.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1781 [GMT -4:00]
Running from: c:\users\Diana\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-28 12:10 . 2011-05-28 12:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-28 12:10 . 2011-05-28 12:10 -------- d-----w- c:\users\Beamer\AppData\Local\temp
2011-05-27 19:52 . 2011-05-27 19:52 -------- d-----w- C:\_OTL
2011-05-27 19:12 . 2011-05-27 19:12 -------- d-----w- c:\users\Diana\AppData\Local\Mozilla
2011-05-27 19:09 . 2011-05-27 19:09 -------- d-----w- c:\program files\Common Files\Adobe
2011-05-27 15:06 . 2011-05-27 15:06 -------- d-----w- c:\users\Beamer\AppData\Local\PackageAware
2011-05-27 13:13 . 2011-05-27 13:13 -------- d-----w- c:\users\Beamer\AppData\Roaming\Malwarebytes
2011-05-27 10:58 . 2011-05-27 10:58 -------- d-----w- c:\users\Beamer\AppData\Local\ElevatedDiagnostics
2011-05-27 10:10 . 2011-05-27 10:10 -------- d-----w- c:\windows\system32\SPReview
2011-05-27 10:09 . 2011-05-27 10:09 -------- d-----w- c:\windows\system32\EventProviders
2011-05-27 10:09 . 2011-05-18 16:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EED5794-7BD9-4C21-B6E5-92DC37CE801E}\mpengine.dll
2011-05-27 10:05 . 2010-11-20 12:20 932352 ----a-w- c:\windows\system32\printui.dll
2011-05-27 10:04 . 2010-11-20 12:08 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2011-05-27 10:03 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-05-27 10:03 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-05-27 01:40 . 2011-05-27 01:40 -------- d-----w- c:\users\Beamer\AppData\Local\Mozilla
2011-05-27 00:25 . 2011-05-27 00:25 -------- d-----w- c:\users\Diana\AppData\Roaming\Malwarebytes
2011-05-27 00:24 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-27 00:24 . 2011-05-27 00:24 -------- d-----w- c:\programdata\Malwarebytes
2011-05-27 00:24 . 2011-05-27 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-27 00:24 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 21:55 . 2011-05-26 21:55 -------- d-----w- c:\users\Beamer\AppData\Local\Apps
2011-05-26 18:39 . 2011-05-26 21:50 -------- d-----w- c:\windows\en
2011-05-26 18:35 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-05-26 18:35 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-05-26 18:35 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-05-26 18:35 . 2011-05-26 18:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a8d7fe4f1cc1bd307\DXSETUP.exe
2011-05-26 18:35 . 2011-05-26 18:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a8d7fe4f1cc1bd307\dsetup32.dll
2011-05-26 18:35 . 2011-05-26 18:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a8d7fe4f1cc1bd307\DSETUP.dll
2011-05-26 18:35 . 2011-05-26 18:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a7696a8a1cc1bd306\DSETUP.dll
2011-05-26 18:35 . 2011-05-26 18:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a7696a8a1cc1bd306\DXSETUP.exe
2011-05-26 18:35 . 2011-05-26 18:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a7696a8a1cc1bd306\dsetup32.dll
2011-05-26 18:34 . 2011-05-26 18:34 -------- d-----w- c:\users\Beamer\AppData\Local\Windows Live
2011-05-26 17:36 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-26 17:36 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-26 17:08 . 2011-05-26 17:08 -------- d-----w- c:\users\Beamer\AppData\Roaming\InstallShield
2011-05-11 01:29 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 01:29 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 01:29 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 01:29 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 01:29 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 01:29 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 01:29 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 01:29 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 01:29 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-27 10:17 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-26 18:36 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-18 22:11 . 2010-12-19 01:22 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-12 11:23 . 2011-04-27 23:30 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:39 . 2011-04-27 23:30 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:39 . 2011-04-27 23:30 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:39 . 2011-04-27 23:30 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:39 . 2011-04-27 23:30 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:38 . 2011-04-27 23:30 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:38 . 2011-04-27 23:30 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:38 . 2011-04-27 23:30 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:33 . 2011-04-15 01:46 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-04-15 01:46 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-27 23:30 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31 . 2011-04-27 23:30 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:28 . 2011-04-15 01:46 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:38 . 2011-04-15 01:46 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36 . 2011-04-15 01:46 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42 . 2011-04-15 01:46 2333184 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2011-01-17 14:54 175912 ----a-w- c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-01 374272]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 21:46]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 21:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\x5cftu27.default\
FF - prefs.js: browser.startup.homepage - hxxp://faustrealestate.net/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-28 08:12:27
ComboFix-quarantined-files.txt 2011-05-28 12:12
ComboFix2.txt 2011-05-28 11:55
.
Pre-Run: 214,911,889,408 bytes free
Post-Run: 214,863,118,336 bytes free
.
- - End Of File - - CD0D3BB759F947A3CBD186BC6EEB66C2

Re: Rogue.FakeEset Removed IE Will Still Not Launch29th May 2011, 2:27 am

Scan for malware

Rogue.FakeEset Removed IE Will Still Not Launch Bf_new

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

Re: Rogue.FakeEset Removed IE Will Still Not Launch29th May 2011, 11:53 am

Following is the Malwarebytes log. As I said previously - it did not find anything.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6689

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

5/28/2011 12:37:34 PM
mbam-log-2011-05-28 (12-37-34).txt

Scan type: Full scan (C:\|)
Objects scanned: 266723
Time elapsed: 57 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Rogue.FakeEset Removed IE Will Still Not Launch30th May 2011, 6:54 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Re: Rogue.FakeEset Removed IE Will Still Not Launch31st May 2011, 1:47 pm

Following is the ESet log file. IE will still not launch. No Problems with Firefox.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=9940dde215708a43b6f0852f8b328076
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-31 01:35:04
# local_time=2011-05-31 09:35:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 0 78557846 0 0
# compatibility_mode=5893 16776573 100 94 0 58387722 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=114574
# found=2
# cleaned=2
# scan_time=5972
C:\Users\Beamer\AppData\Local\Mozilla\Firefox\Profiles\cwv4gqlf.default\Cache\F35A09F7d01 Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Beamer\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

Re: Rogue.FakeEset Removed IE Will Still Not Launch1st June 2011, 1:33 am

Please download DragonFix by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.

Please disable realtime protection. The only realtime protection that gets in the way and need to be disabled: Windows Defender, Microsoft Security Essentials, Spybot TeaTimer, WinPatrol, and Ad-Aware AdWatch. If you have anyone of those, please disable them.
Double-click DragonFix.reg, and follow the prompt(s).
Please reboot your computer.

Afterward, tell me if Internet Explorer is fixed...

Internet Explorer will not launch24th June 2011, 1:01 pm

I finally have access to the laptop again. I installed DragonFix. Internet Explorer will still not launch. The only differences I see is that upon starting the two users that are set up do not show up on the screen. It is just a generic Windows signin screen and they would have to know their user name and password, which they do not. And my antivirus software does not start automatically when the system is restarted.

Any other suggestions?

Thanks!

DragonMaster Jay wrote:

Please download DragonFix by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.
Please disable realtime protection. The only realtime protection that gets in the way and need to be disabled: Windows Defender, Microsoft Security Essentials, Spybot TeaTimer, WinPatrol, and Ad-Aware AdWatch. If you have anyone of those, please disable them.
Double-click DragonFix.reg, and follow the prompt(s).
Please reboot your computer.

Afterward, tell me if Internet Explorer is fixed...

Re: Rogue.FakeEset Removed IE Will Still Not Launch26th June 2011, 3:58 pm

What happens when you put in just the username and hit OK?

Re: Rogue.FakeEset Removed IE Will Still Not Launch26th June 2011, 7:44 pm

DragonMaster Jay wrote:

What happens when you put in just the username and hit OK?

I had set up an Admin account with a password, which I knew. Windows would start fine, it just did not list the two users that were set up and it required their password. But IE would still not launch. I finally gave in and reset the system to factory condition. I just really did not want to have to back up and restore all of the data and re-install all of the software. But I figured it was going to come to that in the end, so I just did it.

Thanks for trying to prevent that for me!

Re: Rogue.FakeEset Removed IE Will Still Not Launch26th June 2011, 8:09 pm

THIS THREAD HAS EXPIRED.
Are you having the same problem? Instead of using the advice given in this topic, it is recommended to get more personal help, instead. We have volunteers ready to answer your question, but first you'll have to join for free. Check out our New Member's Guide for help getting you started!

Rogue.FakeEset Removed IE Will Still Not Launch

descriptionRogue.FakeEset Removed IE Will Still Not Launch27th May 2011, 7:50 pm

descriptionRe: Rogue.FakeEset Removed IE Will Still Not Launch28th May 2011, 8:57 am

descriptionRogue.FakeEset - ComboFix log file28th May 2011, 12:22 pm

descriptionRe: Rogue.FakeEset Removed IE Will Still Not Launch29th May 2011, 2:27 am

descriptionRe: Rogue.FakeEset Removed IE Will Still Not Launch29th May 2011, 11:53 am

descriptionRe: Rogue.FakeEset Removed IE Will Still Not Launch30th May 2011, 6:54 pm

descriptionRe: Rogue.FakeEset Removed IE Will Still Not Launch31st May 2011, 1:47 pm

descriptionRe: Rogue.FakeEset Removed IE Will Still Not Launch1st June 2011, 1:33 am

descriptionInternet Explorer will not launch24th June 2011, 1:01 pm

descriptionRe: Rogue.FakeEset Removed IE Will Still Not Launch26th June 2011, 3:58 pm

descriptionRe: Rogue.FakeEset Removed IE Will Still Not Launch26th June 2011, 7:44 pm

descriptionRe: Rogue.FakeEset Removed IE Will Still Not Launch26th June 2011, 8:09 pm

descriptionRe: Rogue.FakeEset Removed IE Will Still Not Launch