1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Security update fails with code FFFFFFFF - Possible Virus:Win32/Alureon.A

Discussion in 'Virus & Other Malware Removal' started by THFC, Apr 24, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. THFC

    THFC Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    16
    Hi,

    I noticed that a recent security update failed (KB979683) with code FFFFFFFF. I read that this maybe down to a malware infection. I tried MWBAM and AVG but no infections were found, I ran online scans at Panda Scan and Kaspersky but there were no errors so I tried MRT and it detects Virus:Win32/Alureon.A and reports partial deletion, however after reboot it is still there and the security update still fails.

    I would be most grateful if anyone help me fix this problem

    The latop is running Vista Home Premium SP2

    Here is the MRT log file

    Regards

    Paul.
    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.6, April 2010
    Started On Sat Apr 24 18:34:36 2010

    Extended Scan Results
    ----------------
    ->Scan ERROR: resource process://pid:1124 (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
    ->Scan ERROR: resource file://C:\System Volume Information\{22223743-4d6f-11df-a6db-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{40674e6f-4d2d-11df-87d7-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{40674e74-4d2d-11df-87d7-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{40674e81-4d2d-11df-87d7-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{40674e8f-4d2d-11df-87d7-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{4c3fe604-38af-11df-9c98-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{4c3fe608-38af-11df-9c98-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{4c3fe60c-38af-11df-9c98-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{4f011c44-4c93-11df-b8f3-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{6c2ae1fa-4be4-11df-a6d0-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{77201b5c-3dd6-11df-b12e-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{77201b60-3dd6-11df-b12e-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{77201b86-3dd6-11df-b12e-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{77201b8b-3dd6-11df-b12e-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{804858e2-3451-11df-9727-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{88f2be58-4d72-11df-9105-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{88f2be69-4d72-11df-9105-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{94510160-4eba-11df-9b6b-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{94510166-4eba-11df-9b6b-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{94510240-4eba-11df-9b6b-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{c08a6f8d-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{c08a6f98-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{c08a6f9d-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{c08a6fa2-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{c08a6fa7-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{c08a6faf-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{d177cae3-4f70-11df-900c-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{d177cbb4-4f70-11df-900c-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    ->Scan ERROR: resource file://C:\System Volume Information\{d177cc29-4f70-11df-900c-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
    Threat detected: Virus:Win32/Alureon.A
    rootkit://Alureon->c:\windows\system32\drivers\atapi.sys
    SigSeq: 0x00000FA930E8ACF1

    Extended Scan Removal Results
    ----------------
    Start 'clean' for rootkit://Alureon->c:\windows\system32\drivers\atapi.sys
    Operation was scheduled to be completed after next reboot.


    Results Summary:
    ----------------
    Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 24 21:13:07 2010


    Return code: 10 (0xa)
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, THFC :)

    Welcome.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​
    4. Double click on combofix.exe & follow the prompts.
    5. Install the Recovery Console if prompted.
    6. When finished, it will produce a report for you.
    7. Please post the "C:\ComboFix.txt" .
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  3. THFC

    THFC Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    16
    Hi,

    Thanks for picking up this problem for me.

    I downloaded and ran Combofix as directed. It did flash up a message saying that there was rootkit activity and it rebooted and ran again.

    Here is the log it has produced.

    Regards

    Paul.

    ComboFix 10-04-21.01 - Paul 25/04/2010 9:32.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3063.2144 [GMT 1:00]
    Running from: c:\users\Paul\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
    .

    2010-04-25 08:41 . 2010-04-25 08:41 -------- d-----w- c:\users\Paul\AppData\Local\temp
    2010-04-25 08:41 . 2010-04-25 08:41 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-04-25 08:41 . 2010-04-25 08:41 -------- d-----w- c:\users\Josh\AppData\Local\temp
    2010-04-25 08:41 . 2010-04-25 08:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-04-24 20:12 . 2010-04-24 20:12 19944 ----a-w- c:\windows\system32\drivers\awbasvzj.sys
    2010-04-23 09:38 . 2010-04-23 09:38 -------- d-----w- c:\programdata\WindowsSearch
    2010-04-23 09:29 . 2010-04-24 21:42 -------- d-----w- c:\windows\system32\catroot2
    2010-04-21 22:14 . 2010-04-21 22:14 -------- d-----w- C:\Downloads
    2010-04-21 18:29 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-04-21 18:28 . 2010-04-21 18:28 -------- d-----w- c:\program files\Panda Security
    2010-04-21 17:07 . 2010-04-21 17:07 -------- d-----w- c:\programdata\Research In Motion
    2010-04-21 17:06 . 2010-04-21 17:06 19944 ----a-w- c:\windows\system32\drivers\znaakeos.sys
    2010-04-21 10:02 . 2010-04-21 10:02 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-21 10:02 . 2010-04-21 10:02 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
    2010-04-21 08:41 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-21 08:39 . 2010-04-21 08:39 -------- d-----w- c:\program files\iPod
    2010-04-21 08:39 . 2010-04-21 08:39 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-21 08:36 . 2010-04-21 08:37 -------- d-----w- c:\program files\QuickTime
    2010-04-21 08:33 . 2010-04-21 08:33 -------- d-----w- c:\program files\Bonjour
    2010-04-21 08:32 . 2010-04-21 08:32 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
    2010-04-21 08:30 . 2010-04-21 08:30 19944 ----a-w- c:\windows\system32\drivers\khdvhmgi.sys
    2010-04-21 08:28 . 2010-04-21 08:28 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
    2010-04-21 08:25 . 2010-04-21 08:25 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
    2010-04-21 08:23 . 2010-04-21 08:23 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
    2010-04-21 08:17 . 2010-04-24 21:46 -------- d-----w- c:\windows\system32\MpEngineStore
    2010-04-19 19:01 . 2010-04-19 19:01 4255072 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
    2010-04-19 19:00 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-19 18:59 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
    2010-04-01 22:49 . 2010-04-01 22:49 -------- d-----w- c:\program files\Common Files\Java
    2010-04-01 21:55 . 2010-04-01 21:55 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
    2010-04-01 21:55 . 2010-04-01 21:55 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
    2010-04-01 21:55 . 2010-04-01 21:55 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
    2010-04-01 21:55 . 2010-04-01 21:55 341272 ----a-w- c:\programdata\avg9\update\backup\avgxch32.dll
    2010-04-01 21:55 . 2010-04-01 21:55 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
    2010-04-01 21:55 . 2010-04-01 21:55 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
    2010-04-01 21:55 . 2010-04-01 21:55 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
    2010-04-01 21:55 . 2010-04-01 21:55 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
    2010-04-01 21:55 . 2010-04-01 21:55 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
    2010-04-01 21:55 . 2010-04-01 21:55 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
    2010-04-01 21:55 . 2010-04-01 21:55 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
    2010-04-01 21:55 . 2010-04-01 21:55 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
    2010-04-01 21:45 . 2010-04-01 21:45 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
    2010-03-26 08:44 . 2008-04-14 14:39 9344 ----a-w- c:\windows\system32\drivers\CPQBttn.sys
    2010-03-26 08:44 . 2007-06-18 17:12 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
    2010-03-26 08:44 . 2006-11-02 07:09 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
    2010-03-26 08:44 . 2008-08-06 17:06 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
    2010-03-26 08:44 . 2006-06-30 06:46 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
    2010-03-26 08:44 . 2005-10-31 15:30 987136 ----a-w- c:\windows\system32\BttnCmn.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-25 08:29 . 2009-06-12 17:54 6396 ----a-w- c:\windows\bthservsdp.dat
    2010-04-24 17:33 . 2009-08-22 12:27 -------- d-----w- c:\users\Josh\AppData\Roaming\HpUpdate
    2010-04-24 17:33 . 2009-08-11 18:00 -------- d-----w- c:\users\Paul\AppData\Roaming\HpUpdate
    2010-04-23 09:39 . 2009-10-01 21:12 -------- d-----w- c:\program files\Google
    2010-04-21 14:48 . 2009-06-12 20:59 -------- d-----w- c:\program files\Opera
    2010-04-21 10:05 . 2010-03-12 17:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-21 08:41 . 2009-10-01 20:49 -------- d-----w- c:\program files\Java
    2010-04-21 08:39 . 2009-12-25 09:39 -------- d-----w- c:\program files\iTunes
    2010-04-21 08:39 . 2009-06-12 21:07 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-21 08:30 . 2009-06-12 21:01 -------- d-----w- c:\program files\Safari
    2010-04-21 08:25 . 2009-06-12 20:54 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-20 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-04-20 15:56 . 2009-06-12 21:39 -------- d-----w- c:\programdata\Microsoft Help
    2010-03-29 23:46 . 2010-03-12 17:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 23:45 . 2010-03-12 17:27 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-26 09:12 . 2009-12-01 17:55 -------- d-----w- c:\programdata\Roxio
    2010-03-26 08:44 . 2009-06-13 07:49 -------- d-----w- c:\program files\Hewlett-Packard
    2010-03-26 08:44 . 2009-06-12 21:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-26 08:43 . 2009-12-01 17:57 -------- d-----w- c:\users\Josh\AppData\Roaming\InstallShield
    2010-03-19 16:42 . 2009-10-07 17:43 680 ----a-w- c:\users\Josh\AppData\Local\d3d9caps.dat
    2010-03-19 10:47 . 2010-03-19 10:39 -------- d-----w- c:\users\Paul\AppData\Roaming\IObit
    2010-03-19 10:47 . 2010-03-19 10:39 -------- d-----w- c:\program files\IObit
    2010-03-17 21:29 . 2010-03-17 21:29 -------- d-----w- c:\program files\Scratch
    2010-03-17 20:50 . 2010-03-17 20:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-17 20:50 . 2009-06-12 20:54 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-17 20:49 . 2009-06-12 20:54 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-16 17:11 . 2010-03-16 17:11 10827096 ----a-w- c:\users\Josh\AppData\Roaming\Research In Motion\BlackBerry Media Sync\AutoUpdate\Updates\3.0.0.39\BlackBerryMediaSync.exe
    2010-03-16 15:12 . 2010-03-16 15:11 -------- d-----w- c:\program files\PDFCreator
    2010-03-16 14:17 . 2009-11-15 18:28 -------- d-----w- c:\programdata\avg9
    2010-03-12 23:01 . 2009-06-12 21:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-03-12 22:17 . 2009-12-01 17:47 256 ----a-w- c:\windows\system32\pool.bin
    2010-03-12 18:09 . 2010-03-12 18:09 388096 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-03-12 18:09 . 2010-03-12 18:09 -------- d-----w- c:\program files\TrendMicro
    2010-03-12 17:27 . 2010-03-12 17:27 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
    2010-03-12 17:27 . 2010-03-12 17:27 -------- d-----w- c:\programdata\Malwarebytes
    2010-03-12 17:20 . 2009-06-12 19:14 130624 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-03-05 14:01 . 2010-04-19 19:05 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-01 17:55 . 2009-12-01 17:47 -------- d-----w- c:\users\Josh\AppData\Roaming\Research In Motion
    2010-03-01 17:11 . 2009-06-12 21:18 130624 ----a-w- c:\users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-26 20:34 . 2010-02-26 20:34 15416 ----a-w- c:\windows\system32\HPMDPCoInst.dll
    2010-02-26 20:34 . 2010-02-26 20:34 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
    2010-02-26 20:34 . 2010-02-26 20:34 26168 ----a-w- c:\windows\system32\hpservice.exe
    2010-02-26 20:34 . 2010-02-26 20:34 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
    2010-02-26 20:33 . 2010-02-26 20:33 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
    2010-02-23 11:10 . 2010-04-19 19:05 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-02-23 11:10 . 2010-04-19 19:05 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-02-23 11:10 . 2010-04-19 19:05 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-23 06:39 . 2010-04-19 19:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33 . 2010-04-19 19:05 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33 . 2010-04-19 19:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55 . 2010-04-19 19:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-20 23:06 . 2010-03-12 23:37 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-02-20 23:05 . 2010-03-12 23:37 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-02-20 20:53 . 2010-03-12 23:37 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-02-18 14:07 . 2010-04-19 19:05 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-02-18 13:30 . 2010-04-19 19:05 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2010-02-18 11:28 . 2010-04-19 19:05 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-02-12 10:32 . 2010-02-28 20:47 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-01-25 12:00 . 2010-02-28 14:38 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-01-25 12:00 . 2010-02-28 14:38 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-25 12:00 . 2010-02-28 14:38 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-25 12:00 . 2010-02-28 14:38 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-01-25 11:58 . 2010-02-28 14:38 332288 ----a-w- c:\windows\system32\msdrm.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_22.11.39 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-04-19 19:05 . 2010-02-18 11:51 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\netiougc.exe
    + 2010-04-19 19:05 . 2010-02-18 14:00 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\netiomig.dll
    + 2010-04-19 19:05 . 2010-02-18 12:04 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\netiougc.exe
    + 2010-04-19 19:05 . 2010-02-18 14:21 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\netiomig.dll
    + 2010-04-19 19:05 . 2010-02-23 11:16 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8d25cfd8a024cf75\mrxsmb20.sys
    + 2010-04-19 19:05 . 2010-02-23 11:10 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8cb9a1f386f18fd3\mrxsmb20.sys
    + 2010-04-19 19:05 . 2010-02-23 11:30 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8b3a5c7ea302fb9e\mrxsmb20.sys
    + 2010-04-19 19:05 . 2010-02-23 11:32 78848 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18431_none_8abb8db989dd42bc\mrxsmb20.sys
    + 2010-04-19 19:05 . 2010-02-23 11:30 58368 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21230_none_895dc3b6a5d56b80\mrxsmb20.sys
    + 2010-04-19 19:05 . 2010-02-23 13:14 58368 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.17025_none_88e3f6638cab3151\mrxsmb20.sys
    + 2010-03-12 23:37 . 2010-02-20 23:12 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhstipm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:12 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhst_pm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:12 48128 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3wphost.dll
    + 2010-03-12 23:37 . 2010-02-20 23:12 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3tp.dll
    + 2009-12-25 09:32 . 2009-11-09 12:32 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhstipm.dll
    + 2009-12-25 09:32 . 2009-11-09 12:32 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhst_pm.dll
    + 2009-12-25 09:32 . 2009-11-09 12:32 47616 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3wphost.dll
    + 2009-12-25 09:32 . 2009-11-09 12:32 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3tp.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhstipm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhst_pm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3wphost.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3tp.dll
    + 2009-12-25 09:32 . 2009-11-09 13:23 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhstipm.dll
    + 2009-12-25 09:32 . 2009-11-09 13:23 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhst_pm.dll
    + 2009-12-25 09:32 . 2009-11-09 13:23 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3wphost.dll
    + 2009-12-25 09:32 . 2009-11-09 13:23 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3tp.dll
    + 2010-03-12 23:37 . 2010-02-20 23:36 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhstipm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:36 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhst_pm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:36 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3wphost.dll
    + 2010-03-12 23:37 . 2010-02-20 23:36 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3tp.dll
    + 2010-03-12 23:37 . 2010-02-20 23:55 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhstipm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:55 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhst_pm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:55 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3wphost.dll
    + 2010-03-12 23:37 . 2010-02-20 23:55 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3tp.dll
    + 2010-03-12 23:37 . 2010-02-20 23:10 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22343_none_75f500438adc1033\nshhttp.dll
    + 2010-03-12 23:37 . 2010-02-20 23:06 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18210_none_7588d25e71a8d091\nshhttp.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22638_none_741e5fb98da91dd1\nshhttp.dll
    + 2010-03-12 23:37 . 2010-02-20 23:39 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18428_none_739f90f4748364ef\nshhttp.dll
    + 2010-03-12 23:37 . 2010-02-20 23:35 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21227_none_7241c6f1907b8db3\nshhttp.dll
    + 2010-03-12 23:37 . 2010-02-20 23:54 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.17022_none_71b326ce7762720f\nshhttp.dll
    + 2010-04-19 19:05 . 2010-02-18 17:36 98192 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\FWPKCLNT.SYS
    + 2010-04-19 19:05 . 2010-02-18 11:50 85504 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\FWPKCLNT.SYS
    + 2010-03-12 23:34 . 2009-10-14 14:12 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\WMM2EXT.dll
    + 2009-08-04 21:24 . 2009-04-11 06:28 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2EXT.dll
    + 2010-03-12 23:34 . 2009-10-14 15:08 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\WMM2EXT.dll
    + 2006-11-02 12:36 . 2006-11-02 12:36 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2EXT.dll
    + 2010-03-12 23:34 . 2009-10-14 14:51 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\WMM2EXT.dll
    + 2010-03-12 23:34 . 2009-10-14 15:06 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\WMM2EXT.dll
    + 2010-04-19 19:05 . 2010-02-18 11:43 31232 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22341_none_88630ed21bd06a58\tcpipreg.sys
    + 2010-03-12 23:37 . 2010-02-20 23:12 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\wamregps.dll
    + 2010-03-12 23:37 . 2010-02-20 23:11 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\rscaext.dll
    + 2010-03-12 23:37 . 2010-02-20 23:11 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\rsca.dll
    + 2010-03-12 23:37 . 2010-02-20 23:08 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iissyspr.dll
    + 2010-03-12 23:37 . 2010-02-20 21:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisrstas.exe
    + 2010-03-12 23:37 . 2010-02-20 21:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisreset.exe
    + 2010-03-12 23:37 . 2010-02-20 23:08 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisreg.dll
    + 2010-03-12 23:37 . 2010-02-20 23:07 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\ahadmin.dll
    + 2010-03-12 23:37 . 2010-02-20 23:06 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\admwprox.dll
    + 2009-12-25 09:32 . 2009-11-09 12:32 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\wamregps.dll
    + 2009-12-25 09:32 . 2009-11-09 12:32 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\rscaext.dll
    + 2009-12-25 09:32 . 2009-11-09 12:32 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\rsca.dll
    + 2009-12-25 09:32 . 2009-11-09 12:30 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iissyspr.dll
    + 2009-12-25 09:32 . 2009-11-09 10:48 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisrstas.exe
    + 2009-12-25 09:32 . 2009-11-09 10:48 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisreset.exe
    + 2009-12-25 09:32 . 2009-11-09 12:30 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisreg.dll
    + 2009-12-25 09:32 . 2009-11-09 12:28 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\ahadmin.dll
    + 2009-12-25 09:32 . 2009-11-09 12:28 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\admwprox.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\wamregps.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\rscaext.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\rsca.dll
    + 2010-03-12 23:37 . 2010-02-20 23:29 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iissyspr.dll
    + 2010-03-12 23:37 . 2010-02-20 21:35 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisrstas.exe
    + 2010-03-12 23:37 . 2010-02-20 21:35 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisreset.exe
    + 2010-03-12 23:37 . 2010-02-20 23:29 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisreg.dll
    + 2010-03-12 23:37 . 2010-02-20 23:26 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\ahadmin.dll
    + 2010-03-12 23:37 . 2010-02-20 23:26 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\admwprox.dll
    + 2009-12-25 09:32 . 2009-11-09 13:23 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\wamregps.dll
    + 2009-12-25 09:32 . 2009-11-09 13:23 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\rscaext.dll
    + 2009-12-25 09:32 . 2009-11-09 13:23 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\rsca.dll
    + 2009-12-25 09:32 . 2009-11-09 13:20 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iissyspr.dll
    + 2009-12-25 09:32 . 2009-11-09 11:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisrstas.exe
    + 2009-12-25 09:32 . 2009-11-09 11:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisreset.exe
    + 2009-12-25 09:32 . 2009-11-09 13:20 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisreg.dll
    + 2009-12-25 09:32 . 2009-11-09 13:18 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\ahadmin.dll
    + 2009-12-25 09:32 . 2009-11-09 13:18 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\admwprox.dll
    + 2010-03-12 23:37 . 2010-02-20 23:36 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\wamregps.dll
    + 2010-03-12 23:37 . 2010-02-20 23:35 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\rsca.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iissyspr.dll
    + 2010-03-12 23:37 . 2010-02-20 21:31 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisrstas.exe
    + 2010-03-12 23:37 . 2010-02-20 21:31 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisreset.exe
    + 2010-03-12 23:37 . 2010-02-20 23:31 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisreg.dll
    + 2010-03-12 23:37 . 2010-02-20 23:30 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\admwprox.dll
    + 2010-03-12 23:37 . 2010-02-20 23:55 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\wamregps.dll
    + 2010-03-12 23:37 . 2010-02-20 23:55 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\rsca.dll
    + 2010-03-12 23:37 . 2010-02-20 23:52 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iissyspr.dll
    + 2010-03-12 23:37 . 2010-02-20 21:46 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisrstas.exe
    + 2010-03-12 23:37 . 2010-02-20 21:46 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisreset.exe
    + 2010-03-12 23:37 . 2010-02-20 23:52 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisreg.dll
    + 2010-03-12 23:37 . 2010-02-20 23:50 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\admwprox.dll
    + 2010-03-12 23:37 . 2010-02-20 23:12 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\w3dt.dll
    + 2010-03-12 23:37 . 2010-02-20 23:08 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\hwebcore.dll
    + 2010-03-12 23:37 . 2010-02-20 23:07 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\w3dt.dll
    + 2009-12-25 09:32 . 2009-11-09 12:30 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\hwebcore.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\w3dt.dll
    + 2010-03-12 23:37 . 2010-02-20 23:29 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\hwebcore.dll
    + 2010-03-12 23:37 . 2010-02-20 23:40 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\w3dt.dll
    + 2009-12-25 09:32 . 2009-11-09 13:20 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\hwebcore.dll
    + 2010-03-12 23:37 . 2010-02-20 23:36 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\w3dt.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\hwebcore.dll
    + 2010-03-12 23:37 . 2010-02-20 23:55 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\w3dt.dll
    + 2010-03-12 23:37 . 2010-02-20 23:51 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\hwebcore.dll
    + 2010-04-19 19:05 . 2010-02-23 15:00 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22995_none_a8e727c18da89e3a\iesetup.dll
    + 2010-04-19 19:05 . 2010-02-23 15:00 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22995_none_a8e727c18da89e3a\iernonce.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18904_none_a8bddbde7442e6c7\iesetup.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18904_none_a8bddbde7442e6c7\iernonce.dll
    + 2010-03-29 18:39 . 2010-02-18 12:44 64000 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22993_none_8403fa7f601b45f7\iecompat.dll
    + 2010-03-29 18:39 . 2010-02-18 04:45 64000 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18902_none_83daae9c46b58e84\iecompat.dll
    + 2010-04-19 19:05 . 2010-02-23 13:25 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22995_none_df6461a709f15891\msfeedssync.exe
    + 2010-04-19 19:05 . 2010-02-23 15:01 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22995_none_df6461a709f15891\msfeedsbs.dll
    + 2010-04-19 19:05 . 2010-02-23 04:54 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18904_none_df3b15c3f08ba11e\msfeedssync.exe
    + 2010-04-19 19:05 . 2010-02-23 06:34 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18904_none_df3b15c3f08ba11e\msfeedsbs.dll
    + 2010-04-19 19:05 . 2010-02-23 15:06 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22995_none_e4ff661ad10266b2\WininetPlugin.dll
    + 2010-04-19 19:05 . 2010-02-23 15:01 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22995_none_e4ff661ad10266b2\jsproxy.dll
    + 2010-04-19 19:05 . 2010-02-23 06:39 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18904_none_e4d61a37b79caf3f\WininetPlugin.dll
    + 2010-04-19 19:05 . 2010-02-23 06:34 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18904_none_e4d61a37b79caf3f\jsproxy.dll
    + 2010-04-19 19:05 . 2010-02-18 11:42 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.22341_none_1428eb9d92bddb72\tunnel.sys
    + 2010-04-19 19:05 . 2010-02-18 11:42 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.22341_none_1428eb9d92bddb72\TUNMP.SYS
    + 2010-04-19 19:05 . 2010-02-18 11:28 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c\tunnel.sys
    + 2008-01-21 02:24 . 2008-01-21 02:24 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c\TUNMP.SYS
    + 2010-04-19 19:05 . 2010-02-18 12:00 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.22636_none_12524b13958ae910\tunnel.sys
    + 2010-04-19 19:05 . 2010-02-18 12:00 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.22636_none_12524b13958ae910\TUNMP.SYS
    + 2010-04-19 19:05 . 2010-02-18 11:52 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985\tunnel.sys
    + 2008-01-21 02:24 . 2008-01-21 02:24 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985\TUNMP.SYS
    + 2010-04-19 19:05 . 2010-02-18 11:50 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.21226_none_1076b295985c7249\tunnel.sys
    + 2010-04-19 19:05 . 2010-02-18 11:50 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.21226_none_1076b295985c7249\TUNMP.SYS
    + 2010-04-19 19:05 . 2010-02-18 12:04 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5\tunnel.sys
    + 2010-04-19 19:05 . 2010-02-18 12:04 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5\TUNMP.SYS
    + 2010-03-12 23:37 . 2010-02-20 23:07 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22343_none_22e5433d125cc342\authsspi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:04 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.18210_none_22791557f92983a0\authsspi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:27 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.22638_none_210ea2b31529d0e0\authsspi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:35 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.18428_none_208fd3edfc0417fe\authsspi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:30 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.21227_none_1f3209eb17fc40c2\authsspi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:50 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.17022_none_1ea369c7fee3251e\authsspi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:08 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22343_none_f7f4165eb3ad7c4d\httpapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:05 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18210_none_f787e8799a7a3cab\httpapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:29 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22638_none_f61d75d4b67a89eb\httpapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:37 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18428_none_f59ea70f9d54d109\httpapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21227_none_f440dd0cb94cf9cd\httpapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:51 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.17022_none_f3b23ce9a033de29\httpapi.dll
    + 2010-04-19 18:59 . 2010-01-13 17:48 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6002.22311_none_3a689ec7f7c9ca5e\cabview.dll
    + 2010-04-19 18:59 . 2010-01-13 17:34 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6002.18184_none_39965180dee23d09\cabview.dll
    + 2010-04-19 18:59 . 2010-01-13 18:51 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6001.22605_none_3890fdf3fa97bea5\cabview.dll
    + 2010-04-19 18:59 . 2010-01-15 00:04 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6001.18404_none_38065ef8e17b085d\cabview.dll
    + 2010-04-19 18:59 . 2010-01-13 18:12 97792 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6000.21203_none_36a894f5fd733121\cabview.dll
    + 2010-04-19 18:59 . 2010-01-13 18:23 97792 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6000.17002_none_361df5fae4567ad9\cabview.dll
    + 2008-01-21 01:58 . 2010-04-25 08:33 83504 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-06-13 17:42 . 2010-04-21 08:50 12062 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3964209802-1692051119-3322520709-1001_UserData.bin
    + 2009-06-12 19:15 . 2010-04-25 08:33 12318 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3964209802-1692051119-3322520709-1000_UserData.bin
    + 2010-03-16 15:11 . 1998-07-06 00:00 23552 c:\windows\System32\MSMPIDE.DLL
    - 2010-01-04 21:08 . 1998-07-06 00:00 23552 c:\windows\System32\MSMPIDE.DLL
    - 2010-01-22 18:55 . 2010-01-02 04:56 13312 c:\windows\System32\msfeedssync.exe
    + 2010-04-19 19:05 . 2010-02-23 04:54 13312 c:\windows\System32\msfeedssync.exe
    - 2010-01-22 18:55 . 2010-01-02 06:33 55296 c:\windows\System32\msfeedsbs.dll
    + 2010-04-19 19:05 . 2010-02-23 06:34 55296 c:\windows\System32\msfeedsbs.dll
    + 2010-04-19 19:05 . 2010-02-23 06:39 64512 c:\windows\System32\migration\WininetPlugin.dll
    - 2010-01-22 18:55 . 2010-01-02 06:38 64512 c:\windows\System32\migration\WininetPlugin.dll
    - 2010-01-22 18:55 . 2010-01-02 06:32 25600 c:\windows\System32\jsproxy.dll
    + 2010-04-19 19:05 . 2010-02-23 06:34 25600 c:\windows\System32\jsproxy.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 55808 c:\windows\System32\iernonce.dll
    - 2010-01-22 18:55 . 2010-01-02 06:32 55808 c:\windows\System32\iernonce.dll
    + 2009-10-16 01:33 . 2009-10-16 01:33 41472 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_131516ed\usbaapl.sys
    + 2010-03-26 08:44 . 2007-06-18 17:12 16768 c:\windows\System32\DriverStore\FileRepository\hpqkbfiltr.inf_d1c4824b\HpqKbFiltr.sys
    + 2010-02-26 20:34 . 2010-02-26 20:34 26168 c:\windows\System32\DriverStore\FileRepository\accelerometer.inf_f600e8ed\x86\hpservice.exe
    + 2010-02-26 20:34 . 2010-02-26 20:34 15416 c:\windows\System32\DriverStore\FileRepository\accelerometer.inf_f600e8ed\x86\HPMDPCoInst.dll
    + 2010-02-26 20:34 . 2010-02-26 20:34 25656 c:\windows\System32\DriverStore\FileRepository\accelerometer.inf_f600e8ed\x86\hpdskflt.sys
    + 2010-02-26 20:34 . 2010-02-26 20:34 15416 c:\windows\System32\DriverStore\FileRepository\accelerometer.inf_f600e8ed\x86\accelerometerdll.DLL
    + 2010-02-26 20:33 . 2010-02-26 20:33 33848 c:\windows\System32\DriverStore\FileRepository\accelerometer.inf_f600e8ed\x86\Accelerometer.sys
    + 2009-10-16 01:33 . 2009-10-16 01:33 41472 c:\windows\System32\drivers\usbaapl.sys
    - 2009-06-12 19:07 . 2010-03-12 21:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-06-12 19:07 . 2010-04-25 07:45 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-06-12 19:07 . 2010-03-12 21:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-06-12 19:07 . 2010-04-25 07:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-06-12 19:07 . 2010-03-12 21:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-06-12 19:07 . 2010-04-25 07:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-06-13 07:55 . 2010-03-12 21:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-06-13 07:55 . 2010-04-24 16:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-06-13 07:55 . 2010-03-12 21:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-06-13 07:55 . 2010-04-24 16:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-06-13 07:55 . 2010-03-12 21:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-06-13 07:55 . 2010-04-24 16:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-06-23 17:35 . 2010-03-12 21:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-06-23 17:35 . 2010-04-25 08:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-06-23 17:35 . 2010-03-12 21:58 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-06-23 17:35 . 2010-04-25 08:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-06-23 17:35 . 2010-04-25 08:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-06-23 17:35 . 2010-03-12 21:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-03-18 16:30 . 2010-03-18 16:30 22528 c:\windows\Installer\11107a.msi
    - 2009-06-12 21:45 . 2010-02-11 07:48 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    - 2009-06-12 21:45 . 2010-02-11 07:48 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    - 2009-06-12 21:45 . 2010-02-11 07:48 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
    - 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe
    + 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe
    + 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
    + 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ARPPRODUCTICON.exe
    + 2009-12-21 20:09 . 2009-12-21 20:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
    + 2009-12-22 01:57 . 2009-12-22 01:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
    + 2009-12-21 20:02 . 2009-12-21 20:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
    + 2009-12-21 23:21 . 2009-12-21 23:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
    + 2009-12-21 23:37 . 2009-12-21 23:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
    + 2009-12-21 18:39 . 2009-12-21 18:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
    + 2009-12-21 18:27 . 2009-12-21 18:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
    + 2009-12-21 18:27 . 2009-12-21 18:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 99672 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres2052.dll
    + 2008-10-25 08:18 . 2008-10-25 08:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL
    + 2008-10-25 08:18 . 2008-10-25 08:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
    - 2006-11-02 10:25 . 2010-03-12 17:38 86016 c:\windows\inf\infstor.dat
    + 2006-11-02 10:25 . 2010-04-21 17:08 86016 c:\windows\inf\infstor.dat
    - 2006-11-02 10:25 . 2010-03-12 17:38 51200 c:\windows\inf\infpub.dat
    + 2006-11-02 10:25 . 2010-04-21 17:09 51200 c:\windows\inf\infpub.dat
    + 2010-03-12 23:37 . 2010-02-20 23:12 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\w3ctrlps.dll
    + 2010-03-12 23:37 . 2010-02-20 23:08 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisrstap.dll
    + 2009-12-25 09:32 . 2009-11-09 12:32 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\w3ctrlps.dll
    + 2009-12-25 09:32 . 2009-11-09 12:30 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisrstap.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\w3ctrlps.dll
    + 2010-03-12 23:37 . 2010-02-20 23:29 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisrstap.dll
    + 2009-12-25 09:32 . 2009-11-09 13:23 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\w3ctrlps.dll
    + 2009-12-25 09:32 . 2009-11-09 13:20 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisrstap.dll
    + 2010-03-12 23:37 . 2010-02-20 23:35 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\w3ctrlps.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisrstap.dll
    + 2010-03-12 23:37 . 2010-02-20 23:55 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\w3ctrlps.dll
    + 2010-03-12 23:37 . 2010-02-20 23:52 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisrstap.dll
    + 2010-03-26 08:44 . 2008-04-14 14:39 9344 c:\windows\System32\DriverStore\FileRepository\hpqlb.inf_4a3099ce\CPQBttn.sys
    + 2010-04-25 08:30 . 2010-04-25 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-03-12 21:58 . 2010-03-12 21:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2010-04-25 08:30 . 2010-04-25 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2010-03-12 21:58 . 2010-03-12 21:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-04-19 19:00 . 2009-12-23 12:12 172032 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6002.22293_none_f1c001a2b09b160b\wintrust.dll
    + 2010-04-19 19:00 . 2009-12-23 11:33 172032 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6002.18169_none_f15cd657975fba78\wintrust.dll
    + 2010-04-19 19:00 . 2009-12-23 12:29 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6001.22588_none_efe96118b36823a9\wintrust.dll
    + 2010-04-19 19:00 . 2009-12-23 12:43 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6001.18387_none_ef5ec21d9a4b6d61\wintrust.dll
    + 2010-04-19 19:00 . 2009-12-23 12:14 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6000.21186_none_ee00f81ab6439625\wintrust.dll
    + 2010-04-19 19:00 . 2009-12-23 12:45 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6000.16984_none_ed7582999d27906b\wintrust.dll
    + 2010-04-19 19:05 . 2010-02-18 14:01 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpipcfg.dll
    + 2010-04-19 19:05 . 2010-02-18 11:51 818688 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
    + 2010-04-19 19:05 . 2010-02-18 14:22 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpipcfg.dll
    + 2010-04-19 19:05 . 2010-02-18 12:05 815104 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
    + 2010-04-19 19:05 . 2010-02-18 14:22 910216 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
    + 2010-04-19 19:05 . 2010-02-18 14:07 904576 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
    + 2010-04-19 19:05 . 2010-02-18 17:36 902024 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
    + 2010-04-19 19:05 . 2010-02-18 14:49 898952 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
    + 2010-04-19 19:05 . 2010-02-23 11:16 106496 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.22346_none_81dc4772677c5da2\mrxsmb.sys
    + 2010-04-19 19:05 . 2010-02-23 11:10 106496 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18213_none_8170198d4e491e00\mrxsmb.sys
    + 2010-04-19 19:05 . 2010-02-23 11:30 106496 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.22641_none_7ff0d4186a5a89cb\mrxsmb.sys
    + 2010-04-19 19:05 . 2010-02-23 11:32 105984 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18431_none_7f7205535134d0e9\mrxsmb.sys
    + 2010-04-19 19:05 . 2010-02-23 11:30 102912 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.21230_none_7e143b506d2cf9ad\mrxsmb.sys
    + 2010-04-19 19:05 . 2010-02-23 13:14 102400 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.17025_none_7d9a6dfd5402bf7e\mrxsmb.sys
    + 2010-04-19 19:05 . 2010-02-23 11:16 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8aef65c661cd9c04\mrxsmb10.sys
    + 2010-04-19 19:05 . 2010-02-23 11:10 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8a8337e1489a5c62\mrxsmb10.sys
    + 2010-04-19 19:05 . 2010-02-23 11:30 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8903f26c64abc82d\mrxsmb10.sys
    + 2010-04-19 19:05 . 2010-02-23 11:32 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18431_none_888523a74b860f4b\mrxsmb10.sys
    + 2010-04-19 19:05 . 2010-02-23 11:30 211968 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.21230_none_872759a4677e380f\mrxsmb10.sys
    + 2010-04-19 19:05 . 2010-02-23 13:14 211968 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.17025_none_86ad8c514e53fde0\mrxsmb10.sys
    + 2010-04-19 19:05 . 2010-03-05 22:19 420352 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.23000_none_2bcc9be85cd2112b\vbscript.dll
    + 2010-04-19 19:05 . 2010-03-05 14:01 420352 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18909_none_2b4c2b7b43ac1f55\vbscript.dll
    + 2010-03-12 23:37 . 2010-02-20 23:08 374272 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\iisw3adm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:05 373760 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\iisw3adm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:29 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\iisw3adm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:37 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\iisw3adm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\iisw3adm.dll
    + 2010-03-12 23:37 . 2010-02-20 23:52 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\iisw3adm.dll
    + 2010-04-19 19:05 . 2010-02-18 13:59 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\IKEEXT.DLL
    + 2010-04-19 19:05 . 2010-02-18 13:59 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\FWPUCLNT.DLL
    + 2010-04-19 19:05 . 2010-02-18 13:57 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\BFE.DLL
    + 2010-04-19 19:05 . 2010-02-18 13:56 416768 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\IKEEXT.DLL
    + 2010-04-19 19:05 . 2010-02-18 13:56 543232 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\FWPUCLNT.DLL
    + 2010-04-19 19:05 . 2010-02-18 13:55 317440 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\BFE.DLL
    + 2010-04-19 19:05 . 2010-02-18 17:36 220040 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22636_none_570aa516ce7e04c9\netio.sys
    + 2010-04-19 19:05 . 2010-02-18 14:34 213896 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21226_none_552f0c98d14f8e02\netio.sys
    + 2010-03-12 23:34 . 2009-10-14 14:12 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\WMM2AE.dll
    + 2010-03-12 23:34 . 2009-10-14 12:23 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\MOVIEMK.exe
    + 2009-08-04 21:24 . 2009-04-11 06:28 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2AE.dll
    + 2009-08-04 21:24 . 2009-04-11 06:27 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.exe
    + 2010-03-12 23:34 . 2009-10-14 15:08 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\WMM2AE.dll
    + 2010-03-12 23:34 . 2009-10-14 13:16 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\MOVIEMK.exe
    + 2008-01-21 02:25 . 2008-01-21 02:25 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2AE.dll
    + 2010-03-12 23:34 . 2009-10-14 12:43 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\MOVIEMK.exe
    + 2010-03-12 23:34 . 2009-10-14 14:51 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\WMM2AE.dll
    + 2010-03-12 23:34 . 2009-10-14 12:44 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\MOVIEMK.exe
    + 2010-03-12 23:34 . 2009-10-14 15:06 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\WMM2AE.dll
    + 2010-03-12 23:34 . 2009-10-14 12:54 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\MOVIEMK.exe
    + 2010-03-12 23:37 . 2010-02-20 23:10 333312 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\nativerd.dll
    + 2010-03-12 23:37 . 2010-02-20 23:08 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisutil.dll
    + 2010-03-12 23:37 . 2010-02-20 21:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iissetup.exe
    + 2010-03-12 23:37 . 2010-02-20 23:08 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisRtl.dll
    + 2010-03-12 23:37 . 2010-02-20 21:22 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisres.dll
    + 2010-03-12 23:37 . 2010-02-20 23:11 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iismig.dll
    + 2010-03-12 23:37 . 2010-02-20 21:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\aspnetca.exe
    + 2010-03-12 23:37 . 2010-02-20 23:07 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\appobj.dll
    + 2010-03-12 23:37 . 2010-02-20 21:22 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\appcmd.exe
    + 2009-12-25 09:32 . 2009-11-09 12:31 331264 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\nativerd.dll
    + 2009-12-25 09:32 . 2009-11-09 12:30 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisutil.dll
    + 2009-12-25 09:32 . 2009-11-09 10:49 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iissetup.exe
    + 2009-12-25 09:32 . 2009-11-09 12:30 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisRtl.dll
    + 2009-12-25 09:32 . 2009-11-09 10:48 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisres.dll
    + 2009-12-25 09:32 . 2009-11-09 12:32 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iismig.dll
    + 2009-12-25 09:32 . 2009-11-09 10:49 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\aspnetca.exe
    + 2009-12-25 09:32 . 2009-11-09 12:28 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\appobj.dll
    + 2009-12-25 09:32 . 2009-11-09 10:48 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\appcmd.exe
    + 2010-03-12 23:37 . 2010-02-20 23:30 331776 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\nativerd.dll
    + 2010-03-12 23:37 . 2010-02-20 23:29 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisutil.dll
    + 2010-03-12 23:37 . 2010-02-20 21:35 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iissetup.exe
    + 2010-03-12 23:37 . 2010-02-20 23:29 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisRtl.dll
    + 2010-03-12 23:37 . 2010-02-20 21:35 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisres.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iismig.dll
    + 2010-03-12 23:37 . 2010-02-20 21:35 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\aspnetca.exe
    + 2010-03-12 23:37 . 2010-02-20 23:26 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\appobj.dll
    + 2010-03-12 23:37 . 2010-02-20 21:35 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\appcmd.exe
    + 2009-12-25 09:32 . 2009-11-09 13:22 326656 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\nativerd.dll
    + 2009-12-25 09:32 . 2009-11-09 13:20 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisutil.dll
    + 2009-12-25 09:32 . 2009-11-09 11:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iissetup.exe
    + 2009-12-25 09:32 . 2009-11-09 13:20 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisRtl.dll
    + 2009-12-25 09:32 . 2009-11-09 11:21 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisres.dll
    + 2009-12-25 09:32 . 2009-11-09 13:23 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iismig.dll
    + 2009-12-25 09:32 . 2009-11-09 11:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\aspnetca.exe
    + 2009-12-25 09:32 . 2009-11-09 13:18 311296 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\appobj.dll
    + 2009-12-25 09:32 . 2009-11-09 11:21 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\appcmd.exe
    + 2010-03-12 23:37 . 2010-02-20 23:34 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\nativerd.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisutil.dll
    + 2010-03-12 23:37 . 2010-02-20 21:31 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iissetup.exe
    + 2010-03-12 23:37 . 2010-02-20 23:31 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisRtl.dll
    + 2010-03-12 23:37 . 2010-02-20 20:21 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisres.dll
    + 2010-03-12 23:37 . 2010-02-20 23:35 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iismig.dll
    + 2010-03-12 23:37 . 2010-02-20 21:31 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\aspnetca.exe
    + 2010-03-12 23:37 . 2010-02-20 23:30 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\appobj.dll
    + 2010-03-12 23:37 . 2010-02-20 21:31 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\appcmd.exe
    + 2010-03-12 23:37 . 2010-02-20 23:54 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\nativerd.dll
    + 2010-03-12 23:37 . 2010-02-20 23:52 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisutil.dll
    + 2010-03-12 23:37 . 2010-02-20 21:47 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iissetup.exe
    + 2010-03-12 23:37 . 2010-02-20 23:52 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisRtl.dll
    + 2010-03-12 23:37 . 2010-02-20 20:30 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisres.dll
    + 2010-03-12 23:37 . 2010-02-20 23:55 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iismig.dll
    + 2010-03-12 23:37 . 2010-02-20 21:47 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\aspnetca.exe
    + 2010-03-12 23:37 . 2010-02-20 23:50 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\appobj.dll
    + 2010-03-12 23:37 . 2010-02-20 21:47 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\appcmd.exe
    + 2010-03-12 23:37 . 2010-02-20 23:08 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.22343_none_6bd150839a36b650\isapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:05 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.18210_none_6b65229e810376ae\isapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:29 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.22638_none_69faaff99d03c3ee\isapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:37 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.18428_none_697be13483de0b0c\isapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:32 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.21227_none_681e17319fd633d0\isapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:52 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.17022_none_678f770e86bd182c\isapi.dll
    + 2010-03-12 23:37 . 2010-02-20 23:08 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\iiscore.dll
    + 2010-03-12 23:37 . 2010-02-20 23:05 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\iiscore.dll
    + 2010-03-12 23:37 . 2010-02-20 23:29 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\iiscore.dll
    + 2010-03-12 23:37 . 2010-02-20 23:37 189952 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\iiscore.dll
    + 2010-03-12 23:37 . 2010-02-20 23:31 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\iiscore.dll
    + 2010-03-12 23:37 . 2010-02-20 23:52 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\iiscore.dll
    + 2010-04-19 19:05 . 2010-02-23 15:00 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22995_none_47b8df3cdd4e5e15\ieui.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18904_none_478f9359c3e8a6a2\ieui.dll
    + 2010-04-19 19:05 . 2010-02-23 15:00 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22995_none_fea88c6de92bdaff\iesysprep.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18904_none_fe7f408acfc6238c\iesysprep.dll
    + 2010-04-19 19:05 . 2010-02-23 13:25 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22995_none_a8e727c18da89e3a\ie4uinit.exe
    + 2010-04-19 19:05 . 2010-02-23 04:55 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18904_none_a8bddbde7442e6c7\ie4uinit.exe
    + 2010-04-19 19:05 . 2010-02-23 15:05 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22995_none_2aba1cf6bbb3850f\sqmapi.dll
    + 2010-04-19 19:05 . 2010-02-23 06:38 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18904_none_2a90d113a24dcd9c\sqmapi.dll
    + 2010-04-19 19:05 . 2010-02-23 15:04 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22995_none_1a3cdac943526a7d\occache.dll
    + 2010-04-19 19:05 . 2010-02-23 06:37 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18904_none_1a138ee629ecb30a\occache.dll
    + 2010-04-19 19:05 . 2010-02-23 15:06 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
    + 2010-04-19 19:05 . 2010-02-23 13:26 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\ieUnatt.exe
    + 2010-04-19 19:05 . 2010-02-23 06:39 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
    + 2010-04-19 19:05 . 2010-02-23 04:55 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\ieUnatt.exe
    + 2010-04-19 19:05 . 2010-02-23 15:00 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22995_none_2aa3a292c968579f\IEShims.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18904_none_2a7a56afb002a02c\IEShims.dll
    + 2010-04-19 19:05 . 2010-02-23 15:00 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22995_none_734556fc79bff131\ieproxy.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18904_none_731c0b19605a39be\ieproxy.dll
    + 2010-04-19 19:05 . 2010-02-23 15:01 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22995_none_42fcfce969a5b96a\msfeeds.dll
    + 2010-04-19 19:05 . 2010-02-23 06:34 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18904_none_42d3b106504001f7\msfeeds.dll
    + 2010-04-19 19:05 . 2010-02-23 15:00 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22995_none_1fd9f74c213d2f14\iepeers.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18904_none_1fb0ab6907d777a1\iepeers.dll
    + 2010-04-19 19:05 . 2010-02-23 15:00 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22995_none_5766df1686ac8779\iedkcs32.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18904_none_573d93336d46d006\iedkcs32.dll
    + 2010-04-19 19:05 . 2010-02-23 15:06 919040 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22995_none_e4ff661ad10266b2\wininet.dll
    + 2010-04-19 19:05 . 2010-02-23 06:39 916480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18904_none_e4d61a37b79caf3f\wininet.dll
    + 2010-04-19 19:05 . 2010-02-18 13:42 211456 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.22341_none_1428eb9d92bddb72\iphlpsvc.dll
    + 2010-04-19 19:05 . 2010-02-18 13:30 200704 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c\iphlpsvc.dll
    + 2010-04-19 19:05 . 2010-02-18 14:00 201216 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.22636_none_12524b13958ae910\iphlpsvc.dll
    + 2010-04-19 19:05 . 2010-02-18 14:11 190464 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985\iphlpsvc.dll
    + 2010-04-19 19:05 . 2010-02-18 13:57 179712 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.21226_none_1076b295985c7249\iphlpsvc.dll
    + 2010-04-19 19:05 . 2010-02-18 14:19 179712 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5\iphlpsvc.dll
    + 2010-04-19 19:05 . 2010-02-23 15:02 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.22995_none_c3dc1941aba1ff8e\mstime.dll
    + 2010-04-19 19:05 . 2010-02-23 06:35 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18904_none_c3b2cd5e923c481b\mstime.dll
    + 2010-03-12 23:37 . 2010-02-20 21:06 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22343_none_af08d5a82f3c8f92\http.sys
    + 2010-03-12 23:37 . 2010-02-20 20:53 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18210_none_ae9ca7c316094ff0\http.sys
    + 2010-03-12 23:37 . 2010-02-20 21:20 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22638_none_ad32351e32099d30\http.sys
    + 2010-03-12 23:37 . 2010-02-20 21:18 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18428_none_acb3665918e3e44e\http.sys
    + 2010-03-12 23:37 . 2010-02-20 21:16 398848 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21227_none_ab559c5634dc0d12\http.sys
    + 2010-03-12 23:37 . 2010-02-20 21:30 396800 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.17022_none_aac6fc331bc2f16e\http.sys
    + 2009-06-13 12:28 . 2010-04-05 18:32 449818 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2006-11-02 13:05 . 2010-04-25 08:33 106866 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2006-11-02 10:33 . 2010-03-12 22:05 641686 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2010-04-25 08:37 641686 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2010-03-12 22:05 122590 c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2010-04-25 08:37 122590 c:\windows\System32\perfc009.dat
    + 2010-04-19 19:05 . 2010-02-23 06:37 206848 c:\windows\System32\occache.dll
    - 2010-01-22 18:55 . 2010-01-02 06:36 206848 c:\windows\System32\occache.dll
    + 2010-04-19 19:05 . 2010-02-23 06:35 611840 c:\windows\System32\mstime.dll
    - 2009-06-12 20:48 . 2009-03-08 11:32 611840 c:\windows\System32\mstime.dll
    + 2010-04-19 19:05 . 2010-02-23 06:34 594432 c:\windows\System32\msfeeds.dll
    - 2010-01-22 18:55 . 2010-01-02 06:33 594432 c:\windows\System32\msfeeds.dll
    + 2010-04-21 08:41 . 2010-04-12 16:29 153376 c:\windows\System32\javaws.exe
    - 2009-11-22 18:25 . 2009-10-11 04:17 145184 c:\windows\System32\javaw.exe
    + 2010-04-21 08:41 . 2010-04-12 16:29 145184 c:\windows\System32\javaw.exe
    - 2009-11-22 18:25 . 2009-10-11 04:17 145184 c:\windows\System32\java.exe
    + 2010-04-21 08:41 . 2010-04-12 16:29 145184 c:\windows\System32\java.exe
    + 2010-04-19 19:05 . 2010-02-23 06:33 164352 c:\windows\System32\ieui.dll
    - 2010-01-22 18:55 . 2010-01-02 06:32 164352 c:\windows\System32\ieui.dll
    - 2010-01-22 18:55 . 2010-01-02 06:32 184320 c:\windows\System32\iepeers.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 184320 c:\windows\System32\iepeers.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 387584 c:\windows\System32\iedkcs32.dll
    - 2010-01-22 18:55 . 2010-01-02 06:32 387584 c:\windows\System32\iedkcs32.dll
    + 2010-04-19 19:05 . 2010-02-23 04:55 173056 c:\windows\System32\ie4uinit.exe
    - 2010-01-22 18:55 . 2010-01-02 04:56 173056 c:\windows\System32\ie4uinit.exe
    - 2009-06-12 21:28 . 2010-03-12 17:25 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-06-12 21:28 . 2010-04-23 09:36 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2010-04-01 22:42 . 2010-04-21 08:41 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\UsrClass.dat
    + 2010-03-21 20:47 . 2010-03-21 16:51 245760 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2010-04-21 08:33 . 2010-04-21 08:33 791552 c:\windows\Installer\e1b3b.msi
    + 2009-12-01 17:46 . 2010-03-16 17:12 974848 c:\windows\Installer\408e63.msi
    - 2009-12-01 17:46 . 2009-12-01 17:46 974848 c:\windows\Installer\408e63.msi
    + 2010-04-01 22:49 . 2010-04-01 22:49 180224 c:\windows\Installer\3b70ba.msi
    + 2010-04-21 08:30 . 2010-04-21 08:30 307200 c:\windows\Installer\{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}\SafariIco.exe
    + 2010-04-21 08:39 . 2010-04-21 08:39 372736 c:\windows\Installer\{996A2FAA-7514-4628-9D12-A8FC34A0016E}\iTunesIco.exe
    - 2009-06-12 21:45 . 2010-02-11 07:48 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2009-06-12 21:45 . 2010-02-11 07:48 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    - 2009-06-12 21:45 . 2010-02-11 07:48 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    - 2009-06-12 21:45 . 2010-02-11 07:48 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    - 2009-06-12 21:45 . 2010-02-11 07:48 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2009-06-12 21:45 . 2010-02-11 07:48 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2009-06-12 21:45 . 2010-02-11 07:48 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2009-12-21 18:35 . 2009-12-21 18:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
    + 2009-12-21 18:34 . 2009-12-21 18:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
    + 2009-11-09 19:18 . 2009-11-09 19:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
    + 2009-12-21 20:02 . 2009-12-21 20:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
    + 2009-12-21 18:43 . 2009-12-21 18:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
    + 2009-12-22 01:57 . 2009-12-22 01:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
    + 2009-12-21 18:15 . 2009-12-21 18:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
    + 2009-12-21 19:32 . 2009-12-21 19:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
    + 2009-12-21 19:15 . 2009-12-21 19:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
    + 2009-11-19 22:29 . 2009-11-19 22:29 144728 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\WebLink.dll
    + 2009-11-19 22:28 . 2009-11-19 22:28 423256 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\RIMCXLServer.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 623960 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\rimautoupdate.exe
    + 2009-11-19 22:28 . 2009-11-19 22:28 894296 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\rim_hh.dll
    + 2009-11-19 22:28 . 2009-11-19 22:28 496984 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\rim_asci.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 972120 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\ras_connection_manager.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 439640 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\product.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 771416 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\media_sync.dll
    + 2009-11-19 22:28 . 2009-11-19 22:28 820568 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\DeviceOptions.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 546136 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\device_switch.dll
    + 2009-11-19 22:28 . 2009-11-19 22:28 935256 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\device_file_access_dll.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 566616 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\cxlbresources.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres2070.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1057.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1055.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1049.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1046.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1045.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1043.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 103768 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1042.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 103768 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1041.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1040.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1038.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 103768 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1037.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1036.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1034.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1032.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1031.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1029.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 103768 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1028.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1025.dll
    + 2008-10-25 07:52 . 2008-10-25 07:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
    + 2008-10-25 07:52 . 2008-10-25 07:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
    - 2006-11-02 10:25 . 2010-03-12 17:38 143360 c:\windows\inf\infstrng.dat
    + 2006-11-02 10:25 . 2010-04-21 17:09 143360 c:\windows\inf\infstrng.dat
    + 2010-04-19 19:05 . 2010-03-04 12:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22364_none_f4bb53f581eb46da\OESpamFilter.dat
    + 2010-04-19 19:05 . 2010-03-04 12:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18226_none_f45ef76e68ab69fa\OESpamFilter.dat
    + 2010-04-19 19:05 . 2010-03-04 12:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22654_none_f2dfb1f984bcd5c5\OESpamFilter.dat
    + 2010-04-19 19:05 . 2010-03-04 13:36 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18444_none_f260e3346b971ce3\OESpamFilter.dat
    + 2010-04-19 19:05 . 2010-03-04 13:34 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21242_none_f10218e787902c50\OESpamFilter.dat
    + 2010-04-19 19:05 . 2010-03-04 13:41 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.17040_none_f07679a26e745cb1\OESpamFilter.dat
    + 2010-04-19 19:05 . 2010-02-23 15:00 1986048 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22995_none_2aba1cf6bbb3850f\iertutil.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18904_none_2a90d113a24dcd9c\iertutil.dll
    + 2010-04-19 19:05 . 2010-02-23 15:01 5946880 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22995_none_f65985395158cfe8\mshtml.dll
    + 2010-04-19 19:05 . 2010-02-23 06:34 5944832 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18904_none_f630395637f31875\mshtml.dll
    + 2010-04-19 19:05 . 2010-02-23 15:05 1209856 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22995_none_97f98a7905f9401f\urlmon.dll
    + 2010-04-19 19:05 . 2010-02-23 06:39 1209344 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18904_none_97d03e95ec9388ac\urlmon.dll
    + 2009-10-16 01:33 . 2009-10-16 01:33 3003680 c:\windows\System32\usbaaplrc.dll
    + 2010-04-19 19:05 . 2010-02-23 06:39 1209344 c:\windows\System32\urlmon.dll
    + 2006-11-02 10:22 . 2010-04-20 17:12 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
    - 2006-11-02 10:22 . 2010-03-01 17:08 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
    + 2010-04-19 19:05 . 2010-02-23 06:34 5944832 c:\windows\System32\mshtml.dll
    - 2010-01-22 18:55 . 2010-01-02 06:32 1985536 c:\windows\System32\iertutil.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 1985536 c:\windows\System32\iertutil.dll
    + 2009-10-16 01:33 . 2009-10-16 01:33 3003680 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_131516ed\usbaaplrc.dll
    + 2010-03-26 08:44 . 2006-11-02 07:09 1419232 c:\windows\System32\DriverStore\FileRepository\hpqkbfiltr.inf_d1c4824b\wdfcoinstaller01005.dll
    + 2006-11-02 12:47 . 2010-03-13 08:12 4331446 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
    - 2006-11-02 12:47 . 2009-10-30 13:17 4331446 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
    + 2010-04-21 08:39 . 2010-04-21 08:39 4911104 c:\windows\Installer\e2aa7.msi
    + 2010-04-21 08:37 . 2010-04-21 08:37 9472000 c:\windows\Installer\e2309.msi
    + 2010-04-21 08:34 . 2010-04-21 08:34 3165184 c:\windows\Installer\e1b85.msi
    + 2010-04-21 08:33 . 2010-04-21 08:33 1984000 c:\windows\Installer\e1b4b.msi
    + 2010-04-21 08:31 . 2010-04-21 08:31 1689600 c:\windows\Installer\e1b31.msi
    + 2010-04-21 08:30 . 2010-04-21 08:30 2449920 c:\windows\Installer\e1b1f.msi
    + 2010-04-23 09:39 . 2010-04-23 09:39 1235968 c:\windows\Installer\7ecdf.msi
    + 2010-02-21 00:03 . 2010-02-21 00:03 4472832 c:\windows\Installer\71349.msp
    + 2010-02-21 00:02 . 2010-02-21 00:02 4195840 c:\windows\Installer\7132d.msp
    + 2010-03-11 22:59 . 2010-03-11 22:59 5031424 c:\windows\Installer\71317.msp
    + 2010-02-04 17:24 . 2010-02-04 17:24 9122304 c:\windows\Installer\208670.msp
    + 2010-02-21 01:00 . 2010-02-21 01:00 8480768 c:\windows\Installer\20865a.msp
    + 2010-02-04 00:59 . 2010-02-04 00:59 5031936 c:\windows\Installer\208644.msp
    + 2010-04-21 14:48 . 2010-04-21 14:48 2233344 c:\windows\Installer\103741e.msi
    - 2009-06-12 21:45 . 2010-02-11 07:48 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    - 2009-06-12 21:45 . 2010-02-11 07:48 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2009-06-12 21:45 . 2010-04-20 15:56 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2009-12-21 18:29 . 2009-12-21 18:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
    + 2009-10-27 20:34 . 2009-10-27 20:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
    + 2009-12-21 23:31 . 2009-12-21 23:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 2970968 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\product_common.dll
    + 2009-11-19 22:29 . 2009-11-19 22:29 1807704 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\DesktopMgr.exe
    + 2009-11-19 22:28 . 2009-11-19 22:28 1054040 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\backup_restore.dll
    + 2009-11-19 22:28 . 2009-11-19 22:28 1586520 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\application_loader.dll
    + 2009-03-06 04:00 . 2009-03-06 04:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONMAIN.DLL
    + 2008-11-10 10:49 . 2008-11-10 10:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONLIBS.DLL
    + 2008-11-24 22:16 . 2008-11-24 22:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTE.EXE
    + 2010-03-12 23:34 . 2009-10-14 14:10 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\MOVIEMK.dll
    + 2010-03-12 23:34 . 2009-10-14 13:58 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.dll
    + 2010-03-12 23:34 . 2009-10-14 15:06 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\MOVIEMK.dll
    + 2010-03-12 23:34 . 2009-10-14 14:45 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\MOVIEMK.dll
    + 2010-03-12 23:34 . 2009-10-14 14:48 10921984 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\MOVIEMK.dll
    + 2010-03-12 23:34 . 2009-10-14 15:02 10922496 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\MOVIEMK.dll
    + 2010-04-19 19:05 . 2010-02-23 15:00 11073024 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22995_none_47b8df3cdd4e5e15\ieframe.dll
    + 2010-04-19 19:05 . 2010-02-23 06:33 11070976 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18904_none_478f9359c3e8a6a2\ieframe.dll
    + 2006-11-02 10:24 . 2010-04-06 09:52 31971272 c:\windows\System32\mrt.exe
    + 2010-04-19 19:05 . 2010-02-23 06:33 11070976 c:\windows\System32\ieframe.dll
    + 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\e2b66.msp
    + 2010-03-22 15:03 . 2010-03-22 15:03 11732992 c:\windows\Installer\7135f.msp
    + 2010-04-21 17:06 . 2010-04-21 17:06 44665344 c:\windows\Installer\18316b5.msp
    + 2009-12-21 23:21 . 2009-12-21 23:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
    + 2009-04-03 18:46 . 2009-04-03 18:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSO.DLL
    + 2009-06-12 20:44 . 2010-04-20 15:51 165020718 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
    "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-22 53248]
    "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-10-15 36864]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-11-16 604008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):4e,05,c3,e1,4c,15,ca,01

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 133104]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-12 721904]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
    S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
    S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
    S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
    S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-25 c:\windows\Tasks\AutoSmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-23 11:57]

    2010-04-25 c:\windows\Tasks\AWC Startup.job
    - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-19 13:54]

    2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 21:12]

    2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 21:12]

    2010-04-24 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-23 11:57]

    2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{928B05A5-213B-490A-9217-19EDD566514F}.job
    - c:\windows\system32\msfeedssync.exe [2010-04-19 04:54]

    2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{C84F3DB5-27A3-4859-8F05-A0E6FFC2FE81}.job
    - c:\windows\system32\msfeedssync.exe [2010-04-19 04:54]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-25 09:41
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll atapi.sys >>UNKNOWN [0x87B558C8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x8a5b3d24
    \Driver\ACPI -> acpi.sys @ 0x8289fd68
    \Driver\atapi -> atapi.sys @ 0x829e49b0
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-04-25 09:44:15
    ComboFix-quarantined-files.txt 2010-04-25 08:44
    ComboFix2.txt 2010-04-21 18:15
    ComboFix3.txt 2010-03-12 22:14

    Pre-Run: 233,104,523,264 bytes free
    Post-Run: 233,271,320,576 bytes free

    - - End Of File - - 1EBCB755C2197BBF07A615011F7487B1
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    No Rootkit was included in the report. I would like to check a couple of suspicious files.
    • Copy the entire contents of the Quote Box below to Notepad.
    • Name the file as CFScript.txt
    • Change the Save as Type to All Files
    • and Save it on the desktop
    [​IMG]

    Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

    Combofix created a zipped file in the C:\Qoobox\Quarantine folder labeled in the form of [4]-Submit_Date_Time.zip. Please have this file uploaded to the following location:

    http://www.bleepingcomputer.com/submit-malware.php?channel=4

    Indicate a link to this address and let me know when ready.

    ==========================================================

    Download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
    • Double click GMER.exe.
      [​IMG]
    • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
    • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
        [​IMG]
        Click the image to enlarge it
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
    • Save the log where you can easily find it, such as your desktop.
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Please copy and paste the report in your next reply.
     
  5. THFC

    THFC Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    16
    Hi,

    I have uploaded the quarantine zip file and linked it to the link of this thread.

    What follows are the ComboFix log file and the GMER log file

    Thanks

    Paul.

    ComboFix Log File


    ComboFix 10-04-21.01 - Paul 25/04/2010 16:51:36.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3063.2140 [GMT 1:00]
    Running from: c:\users\Paul\Desktop\ComboFix.exe
    Command switches used :: c:\users\Paul\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    file zipped: c:\windows\System32\drivers\awbasvzj.sys
    file zipped: c:\windows\System32\drivers\znaakeos.sys
    .

    ((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
    .

    2010-04-25 15:59 . 2010-04-25 15:59 -------- d-----w- c:\users\Paul\AppData\Local\temp
    2010-04-25 15:59 . 2010-04-25 15:59 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-04-25 15:59 . 2010-04-25 15:59 -------- d-----w- c:\users\Josh\AppData\Local\temp
    2010-04-25 15:59 . 2010-04-25 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-04-24 20:12 . 2010-04-24 20:12 19944 ----a-w- c:\windows\system32\drivers\awbasvzj.sys
    2010-04-23 09:38 . 2010-04-23 09:38 -------- d-----w- c:\programdata\WindowsSearch
    2010-04-23 09:29 . 2010-04-24 21:42 -------- d-----w- c:\windows\system32\catroot2
    2010-04-21 22:14 . 2010-04-21 22:14 -------- d-----w- C:\Downloads
    2010-04-21 18:29 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-04-21 18:28 . 2010-04-21 18:28 -------- d-----w- c:\program files\Panda Security
    2010-04-21 17:07 . 2010-04-21 17:07 -------- d-----w- c:\programdata\Research In Motion
    2010-04-21 17:06 . 2010-04-21 17:06 19944 ----a-w- c:\windows\system32\drivers\znaakeos.sys
    2010-04-21 10:02 . 2010-04-21 10:02 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-21 10:02 . 2010-04-21 10:02 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
    2010-04-21 08:41 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-21 08:39 . 2010-04-21 08:39 -------- d-----w- c:\program files\iPod
    2010-04-21 08:39 . 2010-04-21 08:39 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-21 08:36 . 2010-04-21 08:37 -------- d-----w- c:\program files\QuickTime
    2010-04-21 08:33 . 2010-04-21 08:33 -------- d-----w- c:\program files\Bonjour
    2010-04-21 08:32 . 2010-04-21 08:32 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
    2010-04-21 08:30 . 2010-04-21 08:30 19944 ----a-w- c:\windows\system32\drivers\khdvhmgi.sys
    2010-04-21 08:28 . 2010-04-21 08:28 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
    2010-04-21 08:25 . 2010-04-21 08:25 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
    2010-04-21 08:23 . 2010-04-21 08:23 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
    2010-04-21 08:17 . 2010-04-24 21:46 -------- d-----w- c:\windows\system32\MpEngineStore
    2010-04-19 19:01 . 2010-04-19 19:01 4255072 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
    2010-04-19 19:00 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-19 18:59 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
    2010-04-01 22:49 . 2010-04-01 22:49 -------- d-----w- c:\program files\Common Files\Java
    2010-04-01 21:55 . 2010-04-01 21:55 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
    2010-04-01 21:55 . 2010-04-01 21:55 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
    2010-04-01 21:55 . 2010-04-01 21:55 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
    2010-04-01 21:55 . 2010-04-01 21:55 341272 ----a-w- c:\programdata\avg9\update\backup\avgxch32.dll
    2010-04-01 21:55 . 2010-04-01 21:55 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
    2010-04-01 21:55 . 2010-04-01 21:55 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
    2010-04-01 21:55 . 2010-04-01 21:55 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
    2010-04-01 21:55 . 2010-04-01 21:55 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
    2010-04-01 21:55 . 2010-04-01 21:55 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
    2010-04-01 21:55 . 2010-04-01 21:55 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
    2010-04-01 21:55 . 2010-04-01 21:55 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
    2010-04-01 21:55 . 2010-04-01 21:55 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
    2010-04-01 21:45 . 2010-04-01 21:45 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-25 15:46 . 2009-06-12 17:54 6396 ----a-w- c:\windows\bthservsdp.dat
    2010-04-25 08:44 . 2009-12-01 17:47 256 ----a-w- c:\windows\system32\pool.bin
    2010-04-24 17:33 . 2009-08-22 12:27 -------- d-----w- c:\users\Josh\AppData\Roaming\HpUpdate
    2010-04-24 17:33 . 2009-08-11 18:00 -------- d-----w- c:\users\Paul\AppData\Roaming\HpUpdate
    2010-04-23 09:39 . 2009-10-01 21:12 -------- d-----w- c:\program files\Google
    2010-04-21 14:48 . 2009-06-12 20:59 -------- d-----w- c:\program files\Opera
    2010-04-21 10:05 . 2010-03-12 17:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-21 08:41 . 2009-10-01 20:49 -------- d-----w- c:\program files\Java
    2010-04-21 08:39 . 2009-12-25 09:39 -------- d-----w- c:\program files\iTunes
    2010-04-21 08:39 . 2009-06-12 21:07 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-21 08:30 . 2009-06-12 21:01 -------- d-----w- c:\program files\Safari
    2010-04-21 08:25 . 2009-06-12 20:54 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-20 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-04-20 15:56 . 2009-06-12 21:39 -------- d-----w- c:\programdata\Microsoft Help
    2010-03-29 23:46 . 2010-03-12 17:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 23:45 . 2010-03-12 17:27 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-26 09:12 . 2009-12-01 17:55 -------- d-----w- c:\programdata\Roxio
    2010-03-26 08:44 . 2009-06-13 07:49 -------- d-----w- c:\program files\Hewlett-Packard
    2010-03-26 08:44 . 2009-06-12 21:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-26 08:43 . 2009-12-01 17:57 -------- d-----w- c:\users\Josh\AppData\Roaming\InstallShield
    2010-03-19 16:42 . 2009-10-07 17:43 680 ----a-w- c:\users\Josh\AppData\Local\d3d9caps.dat
    2010-03-19 10:47 . 2010-03-19 10:39 -------- d-----w- c:\users\Paul\AppData\Roaming\IObit
    2010-03-19 10:47 . 2010-03-19 10:39 -------- d-----w- c:\program files\IObit
    2010-03-17 21:29 . 2010-03-17 21:29 -------- d-----w- c:\program files\Scratch
    2010-03-17 20:50 . 2010-03-17 20:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-17 20:50 . 2009-06-12 20:54 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-17 20:49 . 2009-06-12 20:54 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-16 17:11 . 2010-03-16 17:11 10827096 ----a-w- c:\users\Josh\AppData\Roaming\Research In Motion\BlackBerry Media Sync\AutoUpdate\Updates\3.0.0.39\BlackBerryMediaSync.exe
    2010-03-16 15:12 . 2010-03-16 15:11 -------- d-----w- c:\program files\PDFCreator
    2010-03-16 14:17 . 2009-11-15 18:28 -------- d-----w- c:\programdata\avg9
    2010-03-12 23:01 . 2009-06-12 21:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-03-12 18:09 . 2010-03-12 18:09 388096 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-03-12 18:09 . 2010-03-12 18:09 -------- d-----w- c:\program files\TrendMicro
    2010-03-12 17:27 . 2010-03-12 17:27 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
    2010-03-12 17:27 . 2010-03-12 17:27 -------- d-----w- c:\programdata\Malwarebytes
    2010-03-12 17:20 . 2009-06-12 19:14 130624 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-03-05 14:01 . 2010-04-19 19:05 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-01 17:55 . 2009-12-01 17:47 -------- d-----w- c:\users\Josh\AppData\Roaming\Research In Motion
    2010-03-01 17:11 . 2009-06-12 21:18 130624 ----a-w- c:\users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-26 20:34 . 2010-02-26 20:34 15416 ----a-w- c:\windows\system32\HPMDPCoInst.dll
    2010-02-26 20:34 . 2010-02-26 20:34 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
    2010-02-26 20:34 . 2010-02-26 20:34 26168 ----a-w- c:\windows\system32\hpservice.exe
    2010-02-26 20:34 . 2010-02-26 20:34 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
    2010-02-26 20:33 . 2010-02-26 20:33 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
    2010-02-23 11:10 . 2010-04-19 19:05 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-02-23 11:10 . 2010-04-19 19:05 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-02-23 11:10 . 2010-04-19 19:05 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-23 06:39 . 2010-04-19 19:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33 . 2010-04-19 19:05 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33 . 2010-04-19 19:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55 . 2010-04-19 19:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-20 23:06 . 2010-03-12 23:37 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-02-20 23:05 . 2010-03-12 23:37 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-02-20 20:53 . 2010-03-12 23:37 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-02-18 14:07 . 2010-04-19 19:05 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-02-18 13:30 . 2010-04-19 19:05 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2010-02-18 11:28 . 2010-04-19 19:05 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-02-12 10:32 . 2010-02-28 20:47 293376 ----a-w- c:\windows\system32\browserchoice.exe
    .

    ((((((((((((((((((((((((((((( SnapShot_2010-04-25_08.41.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2010-04-25 15:51 83700 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-06-12 19:15 . 2010-04-25 15:51 12354 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3964209802-1692051119-3322520709-1000_UserData.bin
    - 2009-06-23 17:35 . 2010-04-25 08:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-06-23 17:35 . 2010-04-25 15:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-06-23 17:35 . 2010-04-25 15:47 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-06-23 17:35 . 2010-04-25 08:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-06-23 17:35 . 2010-04-25 15:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-06-23 17:35 . 2010-04-25 08:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-04-25 08:30 . 2010-04-25 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2010-04-25 15:47 . 2010-04-25 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-04-25 08:30 . 2010-04-25 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-04-25 15:47 . 2010-04-25 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 13:05 . 2010-04-25 15:51 106914 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 10:33 . 2010-04-25 15:55 641686 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2010-04-25 08:37 641686 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2010-04-25 15:55 122590 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2010-04-25 08:37 122590 c:\windows\System32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
    "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-22 53248]
    "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-10-15 36864]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-11-16 604008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):4e,05,c3,e1,4c,15,ca,01

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 133104]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-12 721904]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
    S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
    S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
    S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
    S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-25 c:\windows\Tasks\AutoSmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-23 11:57]

    2010-04-25 c:\windows\Tasks\AWC Startup.job
    - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-19 13:54]

    2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 21:12]

    2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 21:12]

    2010-04-25 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-23 11:57]

    2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{928B05A5-213B-490A-9217-19EDD566514F}.job
    - c:\windows\system32\msfeedssync.exe [2010-04-19 04:54]

    2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{C84F3DB5-27A3-4859-8F05-A0E6FFC2FE81}.job
    - c:\windows\system32\msfeedssync.exe [2010-04-19 04:54]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-25 16:59
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll atapi.sys >>UNKNOWN [0x87D538C8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x8a5add24
    \Driver\ACPI -> acpi.sys @ 0x8289ad68
    \Driver\atapi -> atapi.sys @ 0x829df9b0
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-04-25 17:02:14
    ComboFix-quarantined-files.txt 2010-04-25 16:02
    ComboFix2.txt 2010-04-25 08:44
    ComboFix3.txt 2010-04-21 18:15
    ComboFix4.txt 2010-03-12 22:14

    Pre-Run: 275,812,962,304 bytes free
    Post-Run: 275,756,371,968 bytes free

    - - End Of File - - 5896528B6655DADDD9567B499ED2C8A4
    Upload was successful


    GMER Log File

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-25 17:36:54
    Windows 6.0.6002 Service Pack 2
    Running: gmer.exe; Driver: C:\Users\Paul\AppData\Local\Temp\fxtdipob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x829E3000]
    ? C:\Users\Paul\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
    ? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641f734e6
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xB1 0x64 0x6D 0x99 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xE6 0x4C 0x1A 0x5F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x2E 0x01 0xE7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x2C 0x79 0x1A 0x17 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x32 0x89 0xD8 0x99 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x6E 0x60 0xA5 0xEC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD9 0xC7 0xB4 0xF2 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected]12 0x36 0xC8 0x6D 0x60 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641f734e6 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xB1 0x64 0x6D 0x99 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xE6 0x4C 0x1A 0x5F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x2E 0x01 0xE7 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x2C 0x79 0x1A 0x17 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x32 0x89 0xD8 0x99 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x6E 0x60 0xA5 0xEC ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD9 0xC7 0xB4 0xF2 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x36 0xC8 0x6D 0x60 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x2F 0x68 0x5B 0x09 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\system32\drivers\atapi.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    The atapi.sys is patched.

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start. Change the following settings
      • Under the Custom Scan box paste this in

        /md5start
        atapi.sys
        /md5stop

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
      • Please post the contents of these files in your next reply.
     
  7. THFC

    THFC Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    16
    Hi,

    Here are the OTL Logs

    Regards

    Paul.

    OTL Log File


    OTL logfile created on: 25/04/2010 21:45:28 - Run 1
    OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Paul\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 256.33 Gb Free Space | 85.99% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TC4400V
    Current User Name: Paul
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/04/25 21:43:57 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    PRC - [2010/04/21 09:24:59 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/04/19 12:57:22 | 002,708,824 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    PRC - [2010/04/01 22:50:20 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/03/17 21:50:07 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/03/17 21:49:59 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/03/17 21:49:43 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2009/10/07 14:49:26 | 000,239,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
    PRC - [2009/10/07 14:48:44 | 000,604,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
    PRC - [2009/10/07 14:48:44 | 000,376,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
    PRC - [2009/10/07 14:48:44 | 000,097,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe
    PRC - [2009/04/11 07:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
    PRC - [2009/04/11 07:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/03/18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2008/01/21 03:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/04/25 21:43:57 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    MOD - [2009/04/11 07:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
    MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/17 21:49:59 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2009/10/07 14:49:26 | 000,239,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
    SRV - [2009/10/07 14:48:44 | 000,376,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
    SRV - [2009/10/07 14:48:44 | 000,097,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
    SRV - [2009/10/03 19:37:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/03/18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
    SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2010/04/21 09:25:05 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/03/17 21:50:06 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/03/17 21:49:44 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/02/26 21:34:18 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2010/02/26 21:33:56 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
    DRV - [2009/06/12 21:56:24 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
    DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/06/18 21:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2008/06/18 21:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2008/04/24 17:26:28 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2008/04/14 15:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2008/03/21 17:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 03:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 03:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/12/12 13:12:38 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2007/12/12 13:12:38 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2007/12/12 13:12:38 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2007/09/15 03:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/08/28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
    DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/05/02 04:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2007/04/25 14:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
    DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/09/14 18:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
    FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
    FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
    FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 09:46:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/23 22:31:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 10:03:15 | 000,000,000 | ---D | M]

    [2009/06/12 22:28:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
    [2010/04/25 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions
    [2009/07/14 13:37:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/09/30 20:26:15 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
    [2010/03/12 19:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
    [2010/03/12 19:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}-trash
    [2010/04/21 15:10:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions\[email protected]
    [2010/04/25 17:47:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/21 09:41:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/04/21 10:03:08 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/04/21 10:03:08 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/04/21 10:03:08 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/04/21 10:03:08 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/04/21 19:10:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
    O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
    O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/04/25 21:43:55 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    [2010/04/25 17:02:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/04/25 17:02:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/04/25 17:02:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\temp
    [2010/04/25 16:40:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/04/24 21:12:21 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\awbasvzj.sys
    [2010/04/23 10:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2010/04/23 10:29:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
    [2010/04/21 23:14:46 | 000,000,000 | ---D | C] -- C:\Downloads
    [2010/04/21 19:29:11 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
    [2010/04/21 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2010/04/21 18:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
    [2010/04/21 18:06:52 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\znaakeos.sys
    [2010/04/21 09:41:27 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2010/04/21 09:41:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2010/04/21 09:41:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2010/04/21 09:41:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2010/04/21 09:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/04/21 09:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/04/21 09:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/04/21 09:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/04/21 09:30:07 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\khdvhmgi.sys
    [2010/04/21 09:17:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
    [2010/04/19 20:05:52 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
    [2010/04/19 20:05:38 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010/04/19 20:05:38 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2010/04/19 20:05:38 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/04/19 20:05:37 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2010/04/19 20:05:37 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2010/04/19 20:05:37 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2010/04/19 20:05:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2010/04/19 20:05:37 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2010/04/19 20:05:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2010/04/19 20:05:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2010/04/19 20:05:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2010/04/19 20:05:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2010/04/19 20:05:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/04/19 20:05:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2010/04/19 20:05:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2010/04/19 20:05:14 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
    [2010/04/19 20:05:14 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
    [2010/04/01 23:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/04/01 23:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

    ========== Files - Modified Within 30 Days ==========

    [2010/04/25 21:44:41 | 006,553,600 | -HS- | M] () -- C:\Users\Paul\ntuser.dat
    [2010/04/25 21:43:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C84F3DB5-27A3-4859-8F05-A0E6FFC2FE81}.job
    [2010/04/25 21:43:57 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    [2010/04/25 21:43:47 | 007,128,064 | ---- | M] () -- C:\Users\Paul\Desktop\CP Issue.pst
    [2010/04/25 21:36:20 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{928B05A5-213B-490A-9217-19EDD566514F}.job
    [2010/04/25 21:35:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/04/25 20:47:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/04/25 20:47:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/04/25 17:08:57 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
    [2010/04/25 17:07:29 | 000,293,376 | ---- | M] () -- C:\Users\Paul\Desktop\gmer.exe
    [2010/04/25 17:04:39 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
    [2010/04/25 17:02:56 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
    [2010/04/25 16:59:36 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/04/25 16:55:01 | 000,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/04/25 16:55:01 | 000,641,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/04/25 16:55:01 | 000,122,590 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/04/25 16:48:06 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/04/25 16:48:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
    [2010/04/25 16:47:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/04/25 16:47:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/04/25 16:46:03 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/04/25 16:46:00 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/25 16:46:00 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2010/04/25 13:36:04 | 059,257,955 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2010/04/25 10:00:50 | 002,644,899 | -H-- | M] () -- C:\Users\Paul\AppData\Local\IconCache.db
    [2010/04/25 08:49:01 | 003,923,062 | R--- | M] () -- C:\Users\Paul\Desktop\ComboFix.exe
    [2010/04/24 22:25:29 | 000,002,515 | ---- | M] () -- C:\Users\Paul\Desktop\HiJackThis.lnk
    [2010/04/24 21:12:21 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\awbasvzj.sys
    [2010/04/23 10:39:36 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2010/04/21 19:10:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/04/21 18:08:03 | 000,001,887 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2010/04/21 18:08:03 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
    [2010/04/21 18:06:52 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\znaakeos.sys
    [2010/04/21 15:48:20 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
    [2010/04/21 09:42:28 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/04/21 09:39:44 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/04/21 09:30:17 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2010/04/21 09:30:07 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\khdvhmgi.sys
    [2010/04/21 09:25:05 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2010/04/20 16:55:46 | 000,000,204 | ---- | M] () -- C:\Windows\System32\MRT.INI
    [2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/03/28 21:38:00 | 000,031,744 | ---- | M] () -- C:\Users\Paul\Documents\THLFCBrentford28Mar10.doc
    [2010/03/27 21:54:14 | 000,001,730 | -H-- | M] () -- C:\Users\Paul\Documents\Default.rdp

    ========== Files Created - No Company Name ==========

    [2010/04/25 08:49:32 | 003,923,062 | R--- | C] () -- C:\Users\Paul\Desktop\ComboFix.exe
    [2010/04/23 23:09:18 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\AutoSmartDefrag.job
    [2010/04/23 10:39:36 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2010/04/21 18:08:03 | 000,001,887 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2010/04/21 18:08:03 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
    [2010/04/21 15:48:20 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
    [2010/04/21 09:39:44 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/04/20 16:55:46 | 000,000,204 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2010/03/28 21:38:00 | 000,031,744 | ---- | C] () -- C:\Users\Paul\Documents\THLFCBrentford28Mar10.doc
    [2010/01/04 22:08:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
    [2009/08/04 22:25:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/16 21:02:05 | 000,000,162 | ---- | C] () -- C:\Windows\System32\AddPort.ini
    [2009/06/16 21:01:32 | 000,000,840 | ---- | C] () -- C:\Windows\hpntwksetup.ini
    [2008/06/18 21:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
    [2007/12/04 13:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/09/06 13:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\hppapr02.dll
    [2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
    [2001/07/07 05:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
    [1998/05/07 04:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

    ========== Custom Scans ==========



    < MD5 for: ATAPI.SYS >
    [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
    [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
    [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
    [2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
    [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys
    < End of report >


    EXTRAS Log

    OTL Extras logfile created on: 25/04/2010 21:45:28 - Run 1
    OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Paul\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 256.33 Gb Free Space | 85.99% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TC4400V
    Current User Name: Paul
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{007FAAB6-8F95-465A-BF41-2B68E955331F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{00E3E3AA-5CB6-4430-A1B7-EA32119684AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{13CD90A9-D6E2-4754-BBC0-3548E109FC89}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{15C355B5-5D0D-44B8-AF3D-E5547337EDD9}" = rport=137 | protocol=17 | dir=out | app=system |
    "{18FCEF40-77CF-4C0F-8E60-ECD7BEDCE0FD}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{27254C9E-38C2-46CC-8ED7-9E23F6B80DC0}" = rport=445 | protocol=6 | dir=out | app=system |
    "{272AC9A8-73C7-4C3A-8934-B5C63F8A1788}" = rport=139 | protocol=6 | dir=out | app=system |
    "{28FAE8E5-545E-4D71-9188-A113AB7A046F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{2F2A1932-666F-40EC-958B-2B1EC0B92615}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3E18CAFF-BD00-48E3-BFF6-D8BEF76027A1}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{46CF93CF-036B-40FE-9851-2DF518557C34}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4C53CB9B-A09C-4231-8F17-3044496698F0}" = lport=138 | protocol=17 | dir=in | app=system |
    "{739FF2A2-E3AD-4D15-A1B2-BA7D4F668B39}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{77645B33-B31A-49CB-A50B-E045985AD46B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7DE210C9-AA43-4F60-BBB5-675A4D469549}" = lport=139 | protocol=6 | dir=in | app=system |
    "{83E20D9A-67DA-4333-83A3-B03923BA4372}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{894B63EF-F2F4-4050-98D5-903564DBD581}" = lport=445 | protocol=6 | dir=in | app=system |
    "{89CE4A6C-005C-49C8-BD37-E4FF9A1CC9B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8E066520-EFF5-446D-9CE3-D7824576E076}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8FCE7F42-E996-437C-BCE1-6EC3CB8562FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{99686C27-97A7-4FD4-A833-6E2DB01348ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9ADE1F49-A2F5-432F-A177-733FE9009E3E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9EA6275E-5D53-43C4-A395-EB78318E4B53}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{A0889558-6C44-42B4-A2C4-DA1A0EAD6128}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A1999883-4ACC-401E-B0A7-12B62D2908F1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B7BFA388-529F-4A32-AA9D-FE4151D3BB2E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{B92995BB-8709-4F71-839B-C88011BAACC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C4B91FA8-C6D0-4C2A-814E-5AFBD9E1641E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{C9F8F9C4-991D-4BE3-A049-B3C3AA32CDA5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{DCE56F2A-802B-4AF3-B6D6-C45E1C7618A2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{E3FCDE07-067D-4EA8-9FCB-D7A592831907}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{EDB506C1-BA1D-410E-97FB-5F1B024C6085}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{EF0EBD6D-2555-4359-BFCC-A605200CC24F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F02C930C-8FD3-4482-A765-CB5DD91F1070}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F3FA2F74-9540-42F2-B1C2-DAB7C32BC543}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{FD9A7913-A30D-451F-A53C-AFEFD6E166A7}" = rport=10243 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04C86EA8-6CED-40F5-942A-757844D1CDED}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
    "{056FC4BC-E57D-4504-9800-2585D804DACC}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
    "{0C22A83A-5572-4B74-AEAA-BD0699CBDB78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{13992644-9136-48AE-B9D2-748589818386}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1634E874-ECD8-4B29-A9B0-B6754602E52E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{175BE241-3291-4BB3-BC0B-8D163E6E8B90}" = protocol=1 | dir=out | [email protected],-28544 |
    "{2C9BDE00-2D7D-4858-8795-452CE1A823E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{35E3260D-DDD6-49B7-8B81-D108FFE544E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{37373126-D553-4867-BA09-23267F895308}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{3CC9B395-C54F-41B1-A7BA-AB78F5D7176F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4B68CF5A-9E20-4701-97DE-19EA356234D9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{4BAED37F-9F36-4999-B1C2-5D5339D589A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4E3FE846-5A5E-4115-B7F7-855F5DA73D68}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{5102D26F-72BF-4A75-A2C8-D7023B0642A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{554630B4-1C12-4D0C-B590-CD09E77BF1BC}" = protocol=6 | dir=out | app=system |
    "{5F9230A8-0FBA-4CE6-A4B6-413DFCBDF1F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6F7ADC3D-2FAA-47E4-9BE2-7FFF9CBD3A88}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{712C170C-DDF9-43F5-8F87-430F8805046F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{7AAD3B22-E646-47D1-999E-E6D16232D750}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{85EAF2ED-E5E1-4C58-AF9A-6F25FBE8B414}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{862026C5-2957-4E20-8222-0AC6F9F8C64D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8E1124C0-98F3-43C3-BD0E-0F3055D87CA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{91AAD4AE-1260-452E-819A-D51128638BCC}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{A43DDCD2-A4F1-4595-B239-5B87DB5DF105}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{A7E34C40-B5BB-46FC-8361-962F861D8777}" = protocol=58 | dir=out | [email protected],-28546 |
    "{AEDBD7A9-A585-4FB5-A5EA-44D357BDB7D9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{B8119AA6-C5FE-4543-B833-5C1D14006FA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C8B95402-8A56-44A7-8832-902D5D52A433}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CBDE1643-FC38-464E-87DF-597BECEA94B3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{CCB4149E-228B-4BCC-8011-AE0365867BCF}" = protocol=58 | dir=in | [email protected],-28545 |
    "{DD08075A-DDF2-4E14-884E-D199ACDA1093}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{DD231C9A-D4C6-4410-8132-DE9E7DA7D400}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{E23CE60D-41EC-41F0-8E4B-0E73683050FD}" = protocol=1 | dir=in | [email protected],-28543 |
    "{F146D15D-A2D9-4E1A-9B39-DAB994CE43B5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F65BA6E9-4539-471C-B818-F674D6BD715D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{FFA2915E-4E3D-4A6B-8E8C-C0B7EFFA005A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{4BE7E033-F3BF-4CC1-8F7B-C4386B5E611B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{668F8586-B4A2-428B-85C2-F0812C5D4608}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{6B8AF0A2-3C09-4997-8AF3-D738DD527647}C:\windows\system32\mstsc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mstsc.exe |
    "UDP Query User{E90C8856-FE1A-4CB0-8A18-5D2B1613D54E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{E943DF4D-3503-42A8-9393-B30200D77BA2}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{EEED7F8F-D745-47A1-A4F7-0B52037A3037}C:\windows\system32\mstsc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mstsc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6000
    "{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
    "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
    "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
    "{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{47B588CB-B42A-41E2-9825-D29B358C8CBB}" = hppTLBXFX2605
    "{491D49D0-FE50-482C-AAD0-2500060E0F97}" = hppCLJ2605
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{57DA304D-27B0-40D1-A796-92CEFF20FA32}" = hppIOFiles
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
    "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8595BCF5-FCE0-4ECE-9FBA-E5FBB741D4F1}" = hppusg2605
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
    "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
    "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
    "{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C27ABEFA-EBB8-401B-826A-13E6F42DBFFA}" = hpzTLBXFX
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF969A8C-052F-401F-A2C8-C8819757C001}" = hppManuals2605
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced SystemCare 3_is1" = Advanced SystemCare 3
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "AVG9Uninstall" = AVG Free 9.0
    "BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
    "Chuzzle Deluxe 1.01" = Chuzzle Deluxe 1.01
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Color LaserJet 2605" = HP Color LaserJet 2605 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
    "Scratch" = Scratch
    "Smart Defrag_is1" = Smart Defrag
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 24/04/2010 17:45:05 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
    Description =

    Error - 25/04/2010 03:42:59 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
    Description =

    Error - 25/04/2010 04:13:35 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
    Description =

    Error - 25/04/2010 04:22:14 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
    Description =

    Error - 25/04/2010 04:27:36 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
    Description =

    Error - 25/04/2010 04:30:58 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
    Description =

    Error - 25/04/2010 04:35:14 | Computer Name = TC4400V | Source = Google Update | ID = 20
    Description =

    Error - 25/04/2010 05:23:42 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
    Description =

    Error - 25/04/2010 11:48:34 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
    Description =

    Error - 25/04/2010 12:13:19 | Computer Name = TC4400V | Source = Perflib | ID = 1010
    Description =

    [ OSession Events ]
    Error - 13/06/2009 14:11:32 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 28/09/2009 12:13:23 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1920
    seconds with 780 seconds of active time. This session ended with a crash.

    Error - 04/10/2009 13:41:00 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10099
    seconds with 7440 seconds of active time. This session ended with a crash.

    Error - 06/10/2009 17:39:58 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17512
    seconds with 8220 seconds of active time. This session ended with a crash.

    Error - 07/10/2009 16:36:10 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12854
    seconds with 5220 seconds of active time. This session ended with a crash.

    Error - 16/10/2009 12:44:32 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4312
    seconds with 2400 seconds of active time. This session ended with a crash.

    Error - 11/11/2009 18:16:44 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8740
    seconds with 2940 seconds of active time. This session ended with a crash.

    Error - 06/12/2009 08:20:44 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9460
    seconds with 900 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/11/2009 12:08:39 | Computer Name = TC4400V | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.4 for the Network Card with network
    address 0019D2268496 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 10/11/2009 12:10:08 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
    Description =

    Error - 10/11/2009 16:21:29 | Computer Name = TC4400V | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 11/11/2009 13:41:24 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
    Description =

    Error - 11/11/2009 14:48:41 | Computer Name = TC4400V | Source = BROWSER | ID = 8032
    Description =

    Error - 12/11/2009 03:25:49 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
    Description =

    Error - 12/11/2009 06:56:43 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
    Description =

    Error - 12/11/2009 11:15:07 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
    Description =

    Error - 12/11/2009 13:25:59 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
    Description =

    Error - 12/11/2009 16:26:14 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
    Description =


    < End of report >
     
  8. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    We will need to replace the current atapi.sys driver. It will be simpler and safely to perform this action throughout the VISTA Repair Options.
    • Copy the entire contents of the Quote Box below to Notepad.
    • Name the file as Fix.bat
    • Change the Save as Type to All Files
    • and Save it on the desktop
    • Once saved, Rightclick on the file and select "Run as an Administrator".
    Code:
    @Echo Off
    MD C:\Backup
    Copy C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys C:\Backup
    Exit
    This batch file should create a Backup folder under C:\ and transfer a good copy of the atapi.sys driver to this new folder.

    Boot the computer to the repair options.
    [​IMG]

    Boot the computer and Tap on F8 to reach the Advanced menu. Select Repair Your Computer, then the command prompt.
    [​IMG]
    See above. I am assuing the Operating System is in the C: drive. At the prompt type the following and press Enter after each line:

    C:
    cd \
    cd Backup
    Copy /y atapi.sys C:\Windows\System32\Drivers


    You should receive a 1 file copied message.

    Type Exit and restart the computer. Run GMER once again and post its report.

    ===========================================

    If you are having problems with these instructions let me know and we can try other method.
     
  9. THFC

    THFC Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    16
    Hi,

    I don't have a restore partition so I do not get the advanced options. Can I do this by booting in safe mode with command prompt?

    Regards

    Paul.
     
  10. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    No. It wont work. You can reach the Repair Your Computer option with the VISTA CD. Else follow these steps.

    Create and run the Fix.bat. The following instructions assume there is a backup folder under C:\ and that a copy of the atapi.sys file is in this folder.

    1. Please download The Avenger by Swandog46 to your Desktop.
    • Right click on the Avenger.zip folder and select "Extract All..."
    • Follow the prompts and extract the avenger folder to your desktop
    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

    Code:
    Begin copying here:
    Files to move:
    C:\Backup\atapi.sys|C:\Windows\System32\Drivers\atapi.sys

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
    • Right click on the window under Input script here:, and select Paste.
    • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
    • Click on Execute
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger&#8217;s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply along with a GMER report.
     
  11. THFC

    THFC Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    16
    Hi,

    I booted the laptop from the Vista DVD and ran the recovery console in command prompt mode. I copied the replacement file over and rebooted. I then ran GMER again (log file below). The good news is the security update installed ok, I do however have one small problem with my DVD emulator (DAEMON Tools Lite) giving the error message:

    "This program requires at least Windows 2000 with SPTD 1.51 or higher. Kernel debugger must be deactivated."

    I know there is a new version of the program available, should I just unistall the old version and install the new one? I don't understand the reference to "Kernel debugger must be deactivated".

    Regards

    Paul.

    GMER Log File

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-26 10:37:53
    Windows 6.0.6002 Service Pack 2
    Running: gmer.exe; Driver: C:\Users\Paul\AppData\Local\Temp\fxtdipob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641f734e6
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xB1 0x64 0x6D 0x99 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xE6 0x4C 0x1A 0x5F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x2E 0x01 0xE7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x2C 0x79 0x1A 0x17 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x32 0x89 0xD8 0x99 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x6E 0x60 0xA5 0xEC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD9 0xC7 0xB4 0xF2 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x36 0xC8 0x6D 0x60 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641f734e6 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xB1 0x64 0x6D 0x99 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xE6 0x4C 0x1A 0x5F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x2E 0x01 0xE7 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x2C 0x79 0x1A 0x17 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x32 0x89 0xD8 0x99 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x6E 0x60 0xA5 0xEC ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD9 0xC7 0xB4 0xF2 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x36 0xC8 0x6D 0x60 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x2E 0x06 0xFA 0x74 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\[email protected] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy29.gthr
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\[email protected] 29

    ---- EOF - GMER 1.0.15 ----
     
  12. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    The new application should take care of that, but wait until all is clear.

    [​IMG] Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    Please run the F-Secure Online Scanner

    • For information click Here.
    • Allow the installation of the Add-ons and Accept the License Agreement.
    • Click Full System Scan
    • Once the download completes,the scan will begin automatically.
    • The scan will take some time to finish,so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • Click the Show Report button and Copy&Paste the entire report in your next reply.
     
  13. THFC

    THFC Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    16
    Hi,

    The MWBAM scan is clear.

    The F-Secure scan is running now.

    Regards

    Paul.

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 4038

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18904

    26/04/2010 16:43:44
    mbam-log-2010-04-26 (16-43-44).txt

    Scan type: Quick scan
    Objects scanned: 122095
    Time elapsed: 5 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  14. THFC

    THFC Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    16
    Hi,

    Here is the completed F-Secure log file:

    Regards

    Paul.

    Scanning Report
    Monday, April 26, 2010 17:07:28 - 17:36:13

    Computer name: TC4400V
    Scanning type: Scan system for malware, spyware and rootkits
    Target: C:\
    13 malware found
    TrackingCookie.Questionmarket (spyware)

    * System (Disinfected)

    TrackingCookie.Advertising (spyware)

    * System (Disinfected)

    TrackingCookie.Atdmt (spyware)

    * System (Disinfected)

    TrackingCookie.Adtech (spyware)

    * System (Disinfected)

    TrackingCookie.Doubleclick (spyware)

    * System (Disinfected)

    TrackingCookie.Revsci (spyware)

    * System (Disinfected)

    TrackingCookie.Adbrite (spyware)

    * System (Disinfected)

    TrackingCookie.Xiti (spyware)

    * System (Disinfected)

    TrackingCookie.Mediaplex (spyware)

    * System (Disinfected)

    TrackingCookie.Tradedoubler (spyware)

    * System (Disinfected)

    TrackingCookie.Statcounter (spyware)

    * System (Disinfected)

    TrackingCookie.Atwola (spyware)

    * System (Disinfected)

    TrackingCookie.Yieldmanager (spyware)

    * System (Disinfected)

    Statistics
    Scanned:

    * Files: 49135
    * System: 3980
    * Not scanned: 21

    Actions:

    * Disinfected: 13
    * Renamed: 0
    * Deleted: 0
    * Not cleaned: 0
    * Submitted: 0

    Files not scanned:

    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
    * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
    * C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
    * C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
    * C:\USERS\PAUL\APPDATA\LOCAL\TEMP\HSPERFDATA_PAUL\2340
    * C:\USERS\PAUL\APPDATA\LOCAL\TEMP\HSPERFDATA_PAUL\6024
    * C:\USERS\PAUL\APPDATA\LOCAL\MICROSOFT\INPUTPERSONALIZATION\INKSTORE.MDB
    * C:\SYSTEM VOLUME INFORMATION\{1320A91F-504C-11DF-9198-001641F734E6}{3808876B-C176-4E48-B7AE-04046E6CC752}
    * C:\SYSTEM VOLUME INFORMATION\{C3F07C30-5110-11DF-9E39-001641F734E6}{3808876B-C176-4E48-B7AE-04046E6CC752}
    * C:\BOOT\BCD

    Options
    Scanning engines:

    Scanning options:

    * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
    * Use advanced heuristics
     
  15. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Looks clear. Congratulations.

    Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

    Follow these steps to uninstall Combofix.
    • Rename Combofix to Uninstall and click on it. That should remove the application.
    Launch OTL and click on the Cleanup button. Follow the prompts.

    Manually remove any tool left.

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
    2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
    3. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    4. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    5. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    6. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

    Remove and reinstall DAEMON Tools Lite. Let me know if you experience any problems.

    Best wishes! [​IMG]
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/919018

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice