Security update fails with code FFFFFFFF - Possible Virus:Win32/Alureon.A

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

THFC

Thread Starter
Joined
Apr 8, 2007
Messages
16
Hi,

I noticed that a recent security update failed (KB979683) with code FFFFFFFF. I read that this maybe down to a malware infection. I tried MWBAM and AVG but no infections were found, I ran online scans at Panda Scan and Kaspersky but there were no errors so I tried MRT and it detects Virus:Win32/Alureon.A and reports partial deletion, however after reboot it is still there and the security update still fails.

I would be most grateful if anyone help me fix this problem

The latop is running Vista Home Premium SP2

Here is the MRT log file

Regards

Paul.
---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.6, April 2010
Started On Sat Apr 24 18:34:36 2010

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:1124 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{22223743-4d6f-11df-a6db-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{40674e6f-4d2d-11df-87d7-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{40674e74-4d2d-11df-87d7-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{40674e81-4d2d-11df-87d7-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{40674e8f-4d2d-11df-87d7-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{4c3fe604-38af-11df-9c98-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{4c3fe608-38af-11df-9c98-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{4c3fe60c-38af-11df-9c98-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{4f011c44-4c93-11df-b8f3-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{6c2ae1fa-4be4-11df-a6d0-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{77201b5c-3dd6-11df-b12e-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{77201b60-3dd6-11df-b12e-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{77201b86-3dd6-11df-b12e-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{77201b8b-3dd6-11df-b12e-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{804858e2-3451-11df-9727-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{88f2be58-4d72-11df-9105-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{88f2be69-4d72-11df-9105-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{94510160-4eba-11df-9b6b-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{94510166-4eba-11df-9b6b-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{94510240-4eba-11df-9b6b-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{c08a6f8d-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{c08a6f98-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{c08a6f9d-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{c08a6fa2-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{c08a6fa7-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{c08a6faf-4d1d-11df-adfc-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{d177cae3-4f70-11df-900c-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{d177cbb4-4f70-11df-900c-0016d4a49b74}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{d177cc29-4f70-11df-900c-001641f734e6}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
Threat detected: Virus:Win32/Alureon.A
rootkit://Alureon->c:\windows\system32\drivers\atapi.sys
SigSeq: 0x00000FA930E8ACF1

Extended Scan Removal Results
----------------
Start 'clean' for rootkit://Alureon->c:\windows\system32\drivers\atapi.sys
Operation was scheduled to be completed after next reboot.


Results Summary:
----------------
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 24 21:13:07 2010


Return code: 10 (0xa)
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, THFC :)

Welcome.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------​
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------​
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------​
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
 

THFC

Thread Starter
Joined
Apr 8, 2007
Messages
16
Hi,

Thanks for picking up this problem for me.

I downloaded and ran Combofix as directed. It did flash up a message saying that there was rootkit activity and it rebooted and ran again.

Here is the log it has produced.

Regards

Paul.

ComboFix 10-04-21.01 - Paul 25/04/2010 9:32.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3063.2144 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-25 08:41 . 2010-04-25 08:41 -------- d-----w- c:\users\Paul\AppData\Local\temp
2010-04-25 08:41 . 2010-04-25 08:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-25 08:41 . 2010-04-25 08:41 -------- d-----w- c:\users\Josh\AppData\Local\temp
2010-04-25 08:41 . 2010-04-25 08:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-24 20:12 . 2010-04-24 20:12 19944 ----a-w- c:\windows\system32\drivers\awbasvzj.sys
2010-04-23 09:38 . 2010-04-23 09:38 -------- d-----w- c:\programdata\WindowsSearch
2010-04-23 09:29 . 2010-04-24 21:42 -------- d-----w- c:\windows\system32\catroot2
2010-04-21 22:14 . 2010-04-21 22:14 -------- d-----w- C:\Downloads
2010-04-21 18:29 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-21 18:28 . 2010-04-21 18:28 -------- d-----w- c:\program files\Panda Security
2010-04-21 17:07 . 2010-04-21 17:07 -------- d-----w- c:\programdata\Research In Motion
2010-04-21 17:06 . 2010-04-21 17:06 19944 ----a-w- c:\windows\system32\drivers\znaakeos.sys
2010-04-21 10:02 . 2010-04-21 10:02 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-21 10:02 . 2010-04-21 10:02 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2010-04-21 08:41 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 08:39 . 2010-04-21 08:39 -------- d-----w- c:\program files\iPod
2010-04-21 08:39 . 2010-04-21 08:39 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 08:36 . 2010-04-21 08:37 -------- d-----w- c:\program files\QuickTime
2010-04-21 08:33 . 2010-04-21 08:33 -------- d-----w- c:\program files\Bonjour
2010-04-21 08:32 . 2010-04-21 08:32 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-21 08:30 . 2010-04-21 08:30 19944 ----a-w- c:\windows\system32\drivers\khdvhmgi.sys
2010-04-21 08:28 . 2010-04-21 08:28 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-21 08:25 . 2010-04-21 08:25 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-21 08:23 . 2010-04-21 08:23 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-21 08:17 . 2010-04-24 21:46 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-19 19:01 . 2010-04-19 19:01 4255072 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-19 19:00 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-19 18:59 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-01 22:49 . 2010-04-01 22:49 -------- d-----w- c:\program files\Common Files\Java
2010-04-01 21:55 . 2010-04-01 21:55 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-01 21:55 . 2010-04-01 21:55 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-01 21:55 . 2010-04-01 21:55 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-01 21:55 . 2010-04-01 21:55 341272 ----a-w- c:\programdata\avg9\update\backup\avgxch32.dll
2010-04-01 21:55 . 2010-04-01 21:55 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-01 21:55 . 2010-04-01 21:55 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-01 21:55 . 2010-04-01 21:55 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-01 21:55 . 2010-04-01 21:55 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-01 21:55 . 2010-04-01 21:55 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-01 21:55 . 2010-04-01 21:55 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-01 21:55 . 2010-04-01 21:55 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-01 21:55 . 2010-04-01 21:55 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-01 21:45 . 2010-04-01 21:45 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-03-26 08:44 . 2008-04-14 14:39 9344 ----a-w- c:\windows\system32\drivers\CPQBttn.sys
2010-03-26 08:44 . 2007-06-18 17:12 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2010-03-26 08:44 . 2006-11-02 07:09 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2010-03-26 08:44 . 2008-08-06 17:06 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2010-03-26 08:44 . 2006-06-30 06:46 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
2010-03-26 08:44 . 2005-10-31 15:30 987136 ----a-w- c:\windows\system32\BttnCmn.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 08:29 . 2009-06-12 17:54 6396 ----a-w- c:\windows\bthservsdp.dat
2010-04-24 17:33 . 2009-08-22 12:27 -------- d-----w- c:\users\Josh\AppData\Roaming\HpUpdate
2010-04-24 17:33 . 2009-08-11 18:00 -------- d-----w- c:\users\Paul\AppData\Roaming\HpUpdate
2010-04-23 09:39 . 2009-10-01 21:12 -------- d-----w- c:\program files\Google
2010-04-21 14:48 . 2009-06-12 20:59 -------- d-----w- c:\program files\Opera
2010-04-21 10:05 . 2010-03-12 17:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 08:41 . 2009-10-01 20:49 -------- d-----w- c:\program files\Java
2010-04-21 08:39 . 2009-12-25 09:39 -------- d-----w- c:\program files\iTunes
2010-04-21 08:39 . 2009-06-12 21:07 -------- d-----w- c:\program files\Common Files\Apple
2010-04-21 08:30 . 2009-06-12 21:01 -------- d-----w- c:\program files\Safari
2010-04-21 08:25 . 2009-06-12 20:54 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-20 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-20 15:56 . 2009-06-12 21:39 -------- d-----w- c:\programdata\Microsoft Help
2010-03-29 23:46 . 2010-03-12 17:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2010-03-12 17:27 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 09:12 . 2009-12-01 17:55 -------- d-----w- c:\programdata\Roxio
2010-03-26 08:44 . 2009-06-13 07:49 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-26 08:44 . 2009-06-12 21:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 08:43 . 2009-12-01 17:57 -------- d-----w- c:\users\Josh\AppData\Roaming\InstallShield
2010-03-19 16:42 . 2009-10-07 17:43 680 ----a-w- c:\users\Josh\AppData\Local\d3d9caps.dat
2010-03-19 10:47 . 2010-03-19 10:39 -------- d-----w- c:\users\Paul\AppData\Roaming\IObit
2010-03-19 10:47 . 2010-03-19 10:39 -------- d-----w- c:\program files\IObit
2010-03-17 21:29 . 2010-03-17 21:29 -------- d-----w- c:\program files\Scratch
2010-03-17 20:50 . 2010-03-17 20:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 20:50 . 2009-06-12 20:54 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 20:49 . 2009-06-12 20:54 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-16 17:11 . 2010-03-16 17:11 10827096 ----a-w- c:\users\Josh\AppData\Roaming\Research In Motion\BlackBerry Media Sync\AutoUpdate\Updates\3.0.0.39\BlackBerryMediaSync.exe
2010-03-16 15:12 . 2010-03-16 15:11 -------- d-----w- c:\program files\PDFCreator
2010-03-16 14:17 . 2009-11-15 18:28 -------- d-----w- c:\programdata\avg9
2010-03-12 23:01 . 2009-06-12 21:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-12 22:17 . 2009-12-01 17:47 256 ----a-w- c:\windows\system32\pool.bin
2010-03-12 18:09 . 2010-03-12 18:09 388096 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-12 18:09 . 2010-03-12 18:09 -------- d-----w- c:\program files\TrendMicro
2010-03-12 17:27 . 2010-03-12 17:27 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2010-03-12 17:27 . 2010-03-12 17:27 -------- d-----w- c:\programdata\Malwarebytes
2010-03-12 17:20 . 2009-06-12 19:14 130624 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-05 14:01 . 2010-04-19 19:05 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 17:55 . 2009-12-01 17:47 -------- d-----w- c:\users\Josh\AppData\Roaming\Research In Motion
2010-03-01 17:11 . 2009-06-12 21:18 130624 ----a-w- c:\users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 20:34 . 2010-02-26 20:34 15416 ----a-w- c:\windows\system32\HPMDPCoInst.dll
2010-02-26 20:34 . 2010-02-26 20:34 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2010-02-26 20:34 . 2010-02-26 20:34 26168 ----a-w- c:\windows\system32\hpservice.exe
2010-02-26 20:34 . 2010-02-26 20:34 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-02-26 20:33 . 2010-02-26 20:33 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2010-02-23 11:10 . 2010-04-19 19:05 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-19 19:05 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-19 19:05 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-04-19 19:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-19 19:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-19 19:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-19 19:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-12 23:37 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 23:37 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 23:37 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:07 . 2010-04-19 19:05 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 13:30 . 2010-04-19 19:05 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-19 19:05 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:32 . 2010-02-28 20:47 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:00 . 2010-02-28 14:38 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-28 14:38 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-28 14:38 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-28 14:38 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-28 14:38 332288 ----a-w- c:\windows\system32\msdrm.dll
.

((((((((((((((((((((((((((((( [email protected]_22.11.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-19 19:05 . 2010-02-18 11:51 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\netiougc.exe
+ 2010-04-19 19:05 . 2010-02-18 14:00 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\netiomig.dll
+ 2010-04-19 19:05 . 2010-02-18 12:04 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\netiougc.exe
+ 2010-04-19 19:05 . 2010-02-18 14:21 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\netiomig.dll
+ 2010-04-19 19:05 . 2010-02-23 11:16 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8d25cfd8a024cf75\mrxsmb20.sys
+ 2010-04-19 19:05 . 2010-02-23 11:10 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8cb9a1f386f18fd3\mrxsmb20.sys
+ 2010-04-19 19:05 . 2010-02-23 11:30 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8b3a5c7ea302fb9e\mrxsmb20.sys
+ 2010-04-19 19:05 . 2010-02-23 11:32 78848 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18431_none_8abb8db989dd42bc\mrxsmb20.sys
+ 2010-04-19 19:05 . 2010-02-23 11:30 58368 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21230_none_895dc3b6a5d56b80\mrxsmb20.sys
+ 2010-04-19 19:05 . 2010-02-23 13:14 58368 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.17025_none_88e3f6638cab3151\mrxsmb20.sys
+ 2010-03-12 23:37 . 2010-02-20 23:12 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhstipm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:12 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhst_pm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:12 48128 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3wphost.dll
+ 2010-03-12 23:37 . 2010-02-20 23:12 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3tp.dll
+ 2009-12-25 09:32 . 2009-11-09 12:32 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhstipm.dll
+ 2009-12-25 09:32 . 2009-11-09 12:32 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhst_pm.dll
+ 2009-12-25 09:32 . 2009-11-09 12:32 47616 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3wphost.dll
+ 2009-12-25 09:32 . 2009-11-09 12:32 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3tp.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhstipm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhst_pm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3wphost.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3tp.dll
+ 2009-12-25 09:32 . 2009-11-09 13:23 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhstipm.dll
+ 2009-12-25 09:32 . 2009-11-09 13:23 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhst_pm.dll
+ 2009-12-25 09:32 . 2009-11-09 13:23 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3wphost.dll
+ 2009-12-25 09:32 . 2009-11-09 13:23 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3tp.dll
+ 2010-03-12 23:37 . 2010-02-20 23:36 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhstipm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:36 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhst_pm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:36 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3wphost.dll
+ 2010-03-12 23:37 . 2010-02-20 23:36 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3tp.dll
+ 2010-03-12 23:37 . 2010-02-20 23:55 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhstipm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:55 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhst_pm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:55 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3wphost.dll
+ 2010-03-12 23:37 . 2010-02-20 23:55 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3tp.dll
+ 2010-03-12 23:37 . 2010-02-20 23:10 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22343_none_75f500438adc1033\nshhttp.dll
+ 2010-03-12 23:37 . 2010-02-20 23:06 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18210_none_7588d25e71a8d091\nshhttp.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22638_none_741e5fb98da91dd1\nshhttp.dll
+ 2010-03-12 23:37 . 2010-02-20 23:39 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18428_none_739f90f4748364ef\nshhttp.dll
+ 2010-03-12 23:37 . 2010-02-20 23:35 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21227_none_7241c6f1907b8db3\nshhttp.dll
+ 2010-03-12 23:37 . 2010-02-20 23:54 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.17022_none_71b326ce7762720f\nshhttp.dll
+ 2010-04-19 19:05 . 2010-02-18 17:36 98192 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\FWPKCLNT.SYS
+ 2010-04-19 19:05 . 2010-02-18 11:50 85504 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\FWPKCLNT.SYS
+ 2010-03-12 23:34 . 2009-10-14 14:12 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\WMM2EXT.dll
+ 2009-08-04 21:24 . 2009-04-11 06:28 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2EXT.dll
+ 2010-03-12 23:34 . 2009-10-14 15:08 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\WMM2EXT.dll
+ 2006-11-02 12:36 . 2006-11-02 12:36 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2EXT.dll
+ 2010-03-12 23:34 . 2009-10-14 14:51 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\WMM2EXT.dll
+ 2010-03-12 23:34 . 2009-10-14 15:06 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\WMM2EXT.dll
+ 2010-04-19 19:05 . 2010-02-18 11:43 31232 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22341_none_88630ed21bd06a58\tcpipreg.sys
+ 2010-03-12 23:37 . 2010-02-20 23:12 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\wamregps.dll
+ 2010-03-12 23:37 . 2010-02-20 23:11 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\rscaext.dll
+ 2010-03-12 23:37 . 2010-02-20 23:11 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\rsca.dll
+ 2010-03-12 23:37 . 2010-02-20 23:08 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iissyspr.dll
+ 2010-03-12 23:37 . 2010-02-20 21:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisrstas.exe
+ 2010-03-12 23:37 . 2010-02-20 21:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisreset.exe
+ 2010-03-12 23:37 . 2010-02-20 23:08 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisreg.dll
+ 2010-03-12 23:37 . 2010-02-20 23:07 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\ahadmin.dll
+ 2010-03-12 23:37 . 2010-02-20 23:06 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\admwprox.dll
+ 2009-12-25 09:32 . 2009-11-09 12:32 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\wamregps.dll
+ 2009-12-25 09:32 . 2009-11-09 12:32 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\rscaext.dll
+ 2009-12-25 09:32 . 2009-11-09 12:32 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\rsca.dll
+ 2009-12-25 09:32 . 2009-11-09 12:30 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iissyspr.dll
+ 2009-12-25 09:32 . 2009-11-09 10:48 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisrstas.exe
+ 2009-12-25 09:32 . 2009-11-09 10:48 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisreset.exe
+ 2009-12-25 09:32 . 2009-11-09 12:30 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisreg.dll
+ 2009-12-25 09:32 . 2009-11-09 12:28 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\ahadmin.dll
+ 2009-12-25 09:32 . 2009-11-09 12:28 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\admwprox.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\wamregps.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\rscaext.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\rsca.dll
+ 2010-03-12 23:37 . 2010-02-20 23:29 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iissyspr.dll
+ 2010-03-12 23:37 . 2010-02-20 21:35 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisrstas.exe
+ 2010-03-12 23:37 . 2010-02-20 21:35 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisreset.exe
+ 2010-03-12 23:37 . 2010-02-20 23:29 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisreg.dll
+ 2010-03-12 23:37 . 2010-02-20 23:26 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\ahadmin.dll
+ 2010-03-12 23:37 . 2010-02-20 23:26 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\admwprox.dll
+ 2009-12-25 09:32 . 2009-11-09 13:23 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\wamregps.dll
+ 2009-12-25 09:32 . 2009-11-09 13:23 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\rscaext.dll
+ 2009-12-25 09:32 . 2009-11-09 13:23 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\rsca.dll
+ 2009-12-25 09:32 . 2009-11-09 13:20 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iissyspr.dll
+ 2009-12-25 09:32 . 2009-11-09 11:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisrstas.exe
+ 2009-12-25 09:32 . 2009-11-09 11:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisreset.exe
+ 2009-12-25 09:32 . 2009-11-09 13:20 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisreg.dll
+ 2009-12-25 09:32 . 2009-11-09 13:18 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\ahadmin.dll
+ 2009-12-25 09:32 . 2009-11-09 13:18 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\admwprox.dll
+ 2010-03-12 23:37 . 2010-02-20 23:36 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\wamregps.dll
+ 2010-03-12 23:37 . 2010-02-20 23:35 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\rsca.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iissyspr.dll
+ 2010-03-12 23:37 . 2010-02-20 21:31 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisrstas.exe
+ 2010-03-12 23:37 . 2010-02-20 21:31 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisreset.exe
+ 2010-03-12 23:37 . 2010-02-20 23:31 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisreg.dll
+ 2010-03-12 23:37 . 2010-02-20 23:30 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\admwprox.dll
+ 2010-03-12 23:37 . 2010-02-20 23:55 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\wamregps.dll
+ 2010-03-12 23:37 . 2010-02-20 23:55 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\rsca.dll
+ 2010-03-12 23:37 . 2010-02-20 23:52 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iissyspr.dll
+ 2010-03-12 23:37 . 2010-02-20 21:46 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisrstas.exe
+ 2010-03-12 23:37 . 2010-02-20 21:46 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisreset.exe
+ 2010-03-12 23:37 . 2010-02-20 23:52 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisreg.dll
+ 2010-03-12 23:37 . 2010-02-20 23:50 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\admwprox.dll
+ 2010-03-12 23:37 . 2010-02-20 23:12 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\w3dt.dll
+ 2010-03-12 23:37 . 2010-02-20 23:08 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\hwebcore.dll
+ 2010-03-12 23:37 . 2010-02-20 23:07 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\w3dt.dll
+ 2009-12-25 09:32 . 2009-11-09 12:30 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\hwebcore.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\w3dt.dll
+ 2010-03-12 23:37 . 2010-02-20 23:29 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\hwebcore.dll
+ 2010-03-12 23:37 . 2010-02-20 23:40 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\w3dt.dll
+ 2009-12-25 09:32 . 2009-11-09 13:20 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\hwebcore.dll
+ 2010-03-12 23:37 . 2010-02-20 23:36 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\w3dt.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\hwebcore.dll
+ 2010-03-12 23:37 . 2010-02-20 23:55 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\w3dt.dll
+ 2010-03-12 23:37 . 2010-02-20 23:51 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\hwebcore.dll
+ 2010-04-19 19:05 . 2010-02-23 15:00 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22995_none_a8e727c18da89e3a\iesetup.dll
+ 2010-04-19 19:05 . 2010-02-23 15:00 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22995_none_a8e727c18da89e3a\iernonce.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18904_none_a8bddbde7442e6c7\iesetup.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18904_none_a8bddbde7442e6c7\iernonce.dll
+ 2010-03-29 18:39 . 2010-02-18 12:44 64000 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22993_none_8403fa7f601b45f7\iecompat.dll
+ 2010-03-29 18:39 . 2010-02-18 04:45 64000 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18902_none_83daae9c46b58e84\iecompat.dll
+ 2010-04-19 19:05 . 2010-02-23 13:25 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22995_none_df6461a709f15891\msfeedssync.exe
+ 2010-04-19 19:05 . 2010-02-23 15:01 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22995_none_df6461a709f15891\msfeedsbs.dll
+ 2010-04-19 19:05 . 2010-02-23 04:54 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18904_none_df3b15c3f08ba11e\msfeedssync.exe
+ 2010-04-19 19:05 . 2010-02-23 06:34 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18904_none_df3b15c3f08ba11e\msfeedsbs.dll
+ 2010-04-19 19:05 . 2010-02-23 15:06 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22995_none_e4ff661ad10266b2\WininetPlugin.dll
+ 2010-04-19 19:05 . 2010-02-23 15:01 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22995_none_e4ff661ad10266b2\jsproxy.dll
+ 2010-04-19 19:05 . 2010-02-23 06:39 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18904_none_e4d61a37b79caf3f\WininetPlugin.dll
+ 2010-04-19 19:05 . 2010-02-23 06:34 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18904_none_e4d61a37b79caf3f\jsproxy.dll
+ 2010-04-19 19:05 . 2010-02-18 11:42 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.22341_none_1428eb9d92bddb72\tunnel.sys
+ 2010-04-19 19:05 . 2010-02-18 11:42 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.22341_none_1428eb9d92bddb72\TUNMP.SYS
+ 2010-04-19 19:05 . 2010-02-18 11:28 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c\tunnel.sys
+ 2008-01-21 02:24 . 2008-01-21 02:24 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c\TUNMP.SYS
+ 2010-04-19 19:05 . 2010-02-18 12:00 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.22636_none_12524b13958ae910\tunnel.sys
+ 2010-04-19 19:05 . 2010-02-18 12:00 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.22636_none_12524b13958ae910\TUNMP.SYS
+ 2010-04-19 19:05 . 2010-02-18 11:52 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985\tunnel.sys
+ 2008-01-21 02:24 . 2008-01-21 02:24 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985\TUNMP.SYS
+ 2010-04-19 19:05 . 2010-02-18 11:50 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.21226_none_1076b295985c7249\tunnel.sys
+ 2010-04-19 19:05 . 2010-02-18 11:50 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.21226_none_1076b295985c7249\TUNMP.SYS
+ 2010-04-19 19:05 . 2010-02-18 12:04 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5\tunnel.sys
+ 2010-04-19 19:05 . 2010-02-18 12:04 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5\TUNMP.SYS
+ 2010-03-12 23:37 . 2010-02-20 23:07 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22343_none_22e5433d125cc342\authsspi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:04 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.18210_none_22791557f92983a0\authsspi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:27 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.22638_none_210ea2b31529d0e0\authsspi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:35 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.18428_none_208fd3edfc0417fe\authsspi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:30 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.21227_none_1f3209eb17fc40c2\authsspi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:50 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.17022_none_1ea369c7fee3251e\authsspi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:08 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22343_none_f7f4165eb3ad7c4d\httpapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:05 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18210_none_f787e8799a7a3cab\httpapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:29 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22638_none_f61d75d4b67a89eb\httpapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:37 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18428_none_f59ea70f9d54d109\httpapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21227_none_f440dd0cb94cf9cd\httpapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:51 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.17022_none_f3b23ce9a033de29\httpapi.dll
+ 2010-04-19 18:59 . 2010-01-13 17:48 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6002.22311_none_3a689ec7f7c9ca5e\cabview.dll
+ 2010-04-19 18:59 . 2010-01-13 17:34 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6002.18184_none_39965180dee23d09\cabview.dll
+ 2010-04-19 18:59 . 2010-01-13 18:51 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6001.22605_none_3890fdf3fa97bea5\cabview.dll
+ 2010-04-19 18:59 . 2010-01-15 00:04 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6001.18404_none_38065ef8e17b085d\cabview.dll
+ 2010-04-19 18:59 . 2010-01-13 18:12 97792 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6000.21203_none_36a894f5fd733121\cabview.dll
+ 2010-04-19 18:59 . 2010-01-13 18:23 97792 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6000.17002_none_361df5fae4567ad9\cabview.dll
+ 2008-01-21 01:58 . 2010-04-25 08:33 83504 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-06-13 17:42 . 2010-04-21 08:50 12062 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3964209802-1692051119-3322520709-1001_UserData.bin
+ 2009-06-12 19:15 . 2010-04-25 08:33 12318 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3964209802-1692051119-3322520709-1000_UserData.bin
+ 2010-03-16 15:11 . 1998-07-06 00:00 23552 c:\windows\System32\MSMPIDE.DLL
- 2010-01-04 21:08 . 1998-07-06 00:00 23552 c:\windows\System32\MSMPIDE.DLL
- 2010-01-22 18:55 . 2010-01-02 04:56 13312 c:\windows\System32\msfeedssync.exe
+ 2010-04-19 19:05 . 2010-02-23 04:54 13312 c:\windows\System32\msfeedssync.exe
- 2010-01-22 18:55 . 2010-01-02 06:33 55296 c:\windows\System32\msfeedsbs.dll
+ 2010-04-19 19:05 . 2010-02-23 06:34 55296 c:\windows\System32\msfeedsbs.dll
+ 2010-04-19 19:05 . 2010-02-23 06:39 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2010-01-22 18:55 . 2010-01-02 06:38 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2010-01-22 18:55 . 2010-01-02 06:32 25600 c:\windows\System32\jsproxy.dll
+ 2010-04-19 19:05 . 2010-02-23 06:34 25600 c:\windows\System32\jsproxy.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 55808 c:\windows\System32\iernonce.dll
- 2010-01-22 18:55 . 2010-01-02 06:32 55808 c:\windows\System32\iernonce.dll
+ 2009-10-16 01:33 . 2009-10-16 01:33 41472 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_131516ed\usbaapl.sys
+ 2010-03-26 08:44 . 2007-06-18 17:12 16768 c:\windows\System32\DriverStore\FileRepository\hpqkbfiltr.inf_d1c4824b\HpqKbFiltr.sys
+ 2010-02-26 20:34 . 2010-02-26 20:34 26168 c:\windows\System32\DriverStore\FileRepository\accelerometer.inf_f600e8ed\x86\hpservice.exe
+ 2010-02-26 20:34 . 2010-02-26 20:34 15416 c:\windows\System32\DriverStore\FileRepository\accelerometer.inf_f600e8ed\x86\HPMDPCoInst.dll
+ 2010-02-26 20:34 . 2010-02-26 20:34 25656 c:\windows\System32\DriverStore\FileRepository\accelerometer.inf_f600e8ed\x86\hpdskflt.sys
+ 2010-02-26 20:34 . 2010-02-26 20:34 15416 c:\windows\System32\DriverStore\FileRepository\accelerometer.inf_f600e8ed\x86\accelerometerdll.DLL
+ 2010-02-26 20:33 . 2010-02-26 20:33 33848 c:\windows\System32\DriverStore\FileRepository\accelerometer.inf_f600e8ed\x86\Accelerometer.sys
+ 2009-10-16 01:33 . 2009-10-16 01:33 41472 c:\windows\System32\drivers\usbaapl.sys
- 2009-06-12 19:07 . 2010-03-12 21:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-12 19:07 . 2010-04-25 07:45 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-12 19:07 . 2010-03-12 21:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-12 19:07 . 2010-04-25 07:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-12 19:07 . 2010-03-12 21:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-12 19:07 . 2010-04-25 07:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-13 07:55 . 2010-03-12 21:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-13 07:55 . 2010-04-24 16:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-13 07:55 . 2010-03-12 21:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-13 07:55 . 2010-04-24 16:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-13 07:55 . 2010-03-12 21:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-13 07:55 . 2010-04-24 16:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-23 17:35 . 2010-03-12 21:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-23 17:35 . 2010-04-25 08:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-23 17:35 . 2010-03-12 21:58 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-23 17:35 . 2010-04-25 08:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-23 17:35 . 2010-04-25 08:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-23 17:35 . 2010-03-12 21:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-18 16:30 . 2010-03-18 16:30 22528 c:\windows\Installer\11107a.msi
- 2009-06-12 21:45 . 2010-02-11 07:48 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-06-12 21:45 . 2010-02-11 07:48 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-06-12 21:45 . 2010-02-11 07:48 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 49152 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
- 2009-12-01 21:28 . 2009-12-01 21:28 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe
+ 2009-12-01 21:28 . 2010-04-21 17:08 69632 c:\windows\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe
+ 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-23 09:39 . 2010-04-23 09:39 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ARPPRODUCTICON.exe
+ 2009-12-21 20:09 . 2009-12-21 20:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 01:57 . 2009-12-22 01:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 20:02 . 2009-12-21 20:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 23:21 . 2009-12-21 23:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-21 23:37 . 2009-12-21 23:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 18:39 . 2009-12-21 18:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 18:27 . 2009-12-21 18:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 18:27 . 2009-12-21 18:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 99672 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres2052.dll
+ 2008-10-25 08:18 . 2008-10-25 08:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 08:18 . 2008-10-25 08:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
- 2006-11-02 10:25 . 2010-03-12 17:38 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-04-21 17:08 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2010-03-12 17:38 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2010-04-21 17:09 51200 c:\windows\inf\infpub.dat
+ 2010-03-12 23:37 . 2010-02-20 23:12 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\w3ctrlps.dll
+ 2010-03-12 23:37 . 2010-02-20 23:08 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisrstap.dll
+ 2009-12-25 09:32 . 2009-11-09 12:32 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\w3ctrlps.dll
+ 2009-12-25 09:32 . 2009-11-09 12:30 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisrstap.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\w3ctrlps.dll
+ 2010-03-12 23:37 . 2010-02-20 23:29 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisrstap.dll
+ 2009-12-25 09:32 . 2009-11-09 13:23 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\w3ctrlps.dll
+ 2009-12-25 09:32 . 2009-11-09 13:20 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisrstap.dll
+ 2010-03-12 23:37 . 2010-02-20 23:35 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\w3ctrlps.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisrstap.dll
+ 2010-03-12 23:37 . 2010-02-20 23:55 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\w3ctrlps.dll
+ 2010-03-12 23:37 . 2010-02-20 23:52 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisrstap.dll
+ 2010-03-26 08:44 . 2008-04-14 14:39 9344 c:\windows\System32\DriverStore\FileRepository\hpqlb.inf_4a3099ce\CPQBttn.sys
+ 2010-04-25 08:30 . 2010-04-25 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-12 21:58 . 2010-03-12 21:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-25 08:30 . 2010-04-25 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-12 21:58 . 2010-03-12 21:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-19 19:00 . 2009-12-23 12:12 172032 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6002.22293_none_f1c001a2b09b160b\wintrust.dll
+ 2010-04-19 19:00 . 2009-12-23 11:33 172032 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6002.18169_none_f15cd657975fba78\wintrust.dll
+ 2010-04-19 19:00 . 2009-12-23 12:29 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6001.22588_none_efe96118b36823a9\wintrust.dll
+ 2010-04-19 19:00 . 2009-12-23 12:43 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6001.18387_none_ef5ec21d9a4b6d61\wintrust.dll
+ 2010-04-19 19:00 . 2009-12-23 12:14 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6000.21186_none_ee00f81ab6439625\wintrust.dll
+ 2010-04-19 19:00 . 2009-12-23 12:45 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6000.16984_none_ed7582999d27906b\wintrust.dll
+ 2010-04-19 19:05 . 2010-02-18 14:01 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpipcfg.dll
+ 2010-04-19 19:05 . 2010-02-18 11:51 818688 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
+ 2010-04-19 19:05 . 2010-02-18 14:22 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpipcfg.dll
+ 2010-04-19 19:05 . 2010-02-18 12:05 815104 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
+ 2010-04-19 19:05 . 2010-02-18 14:22 910216 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
+ 2010-04-19 19:05 . 2010-02-18 14:07 904576 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
+ 2010-04-19 19:05 . 2010-02-18 17:36 902024 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
+ 2010-04-19 19:05 . 2010-02-18 14:49 898952 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
+ 2010-04-19 19:05 . 2010-02-23 11:16 106496 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.22346_none_81dc4772677c5da2\mrxsmb.sys
+ 2010-04-19 19:05 . 2010-02-23 11:10 106496 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18213_none_8170198d4e491e00\mrxsmb.sys
+ 2010-04-19 19:05 . 2010-02-23 11:30 106496 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.22641_none_7ff0d4186a5a89cb\mrxsmb.sys
+ 2010-04-19 19:05 . 2010-02-23 11:32 105984 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18431_none_7f7205535134d0e9\mrxsmb.sys
+ 2010-04-19 19:05 . 2010-02-23 11:30 102912 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.21230_none_7e143b506d2cf9ad\mrxsmb.sys
+ 2010-04-19 19:05 . 2010-02-23 13:14 102400 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.17025_none_7d9a6dfd5402bf7e\mrxsmb.sys
+ 2010-04-19 19:05 . 2010-02-23 11:16 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8aef65c661cd9c04\mrxsmb10.sys
+ 2010-04-19 19:05 . 2010-02-23 11:10 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8a8337e1489a5c62\mrxsmb10.sys
+ 2010-04-19 19:05 . 2010-02-23 11:30 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8903f26c64abc82d\mrxsmb10.sys
+ 2010-04-19 19:05 . 2010-02-23 11:32 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18431_none_888523a74b860f4b\mrxsmb10.sys
+ 2010-04-19 19:05 . 2010-02-23 11:30 211968 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.21230_none_872759a4677e380f\mrxsmb10.sys
+ 2010-04-19 19:05 . 2010-02-23 13:14 211968 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.17025_none_86ad8c514e53fde0\mrxsmb10.sys
+ 2010-04-19 19:05 . 2010-03-05 22:19 420352 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.23000_none_2bcc9be85cd2112b\vbscript.dll
+ 2010-04-19 19:05 . 2010-03-05 14:01 420352 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18909_none_2b4c2b7b43ac1f55\vbscript.dll
+ 2010-03-12 23:37 . 2010-02-20 23:08 374272 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\iisw3adm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:05 373760 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\iisw3adm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:29 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\iisw3adm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:37 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\iisw3adm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\iisw3adm.dll
+ 2010-03-12 23:37 . 2010-02-20 23:52 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\iisw3adm.dll
+ 2010-04-19 19:05 . 2010-02-18 13:59 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\IKEEXT.DLL
+ 2010-04-19 19:05 . 2010-02-18 13:59 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\FWPUCLNT.DLL
+ 2010-04-19 19:05 . 2010-02-18 13:57 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\BFE.DLL
+ 2010-04-19 19:05 . 2010-02-18 13:56 416768 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\IKEEXT.DLL
+ 2010-04-19 19:05 . 2010-02-18 13:56 543232 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\FWPUCLNT.DLL
+ 2010-04-19 19:05 . 2010-02-18 13:55 317440 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\BFE.DLL
+ 2010-04-19 19:05 . 2010-02-18 17:36 220040 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22636_none_570aa516ce7e04c9\netio.sys
+ 2010-04-19 19:05 . 2010-02-18 14:34 213896 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21226_none_552f0c98d14f8e02\netio.sys
+ 2010-03-12 23:34 . 2009-10-14 14:12 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\WMM2AE.dll
+ 2010-03-12 23:34 . 2009-10-14 12:23 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\MOVIEMK.exe
+ 2009-08-04 21:24 . 2009-04-11 06:28 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2AE.dll
+ 2009-08-04 21:24 . 2009-04-11 06:27 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.exe
+ 2010-03-12 23:34 . 2009-10-14 15:08 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\WMM2AE.dll
+ 2010-03-12 23:34 . 2009-10-14 13:16 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\MOVIEMK.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2AE.dll
+ 2010-03-12 23:34 . 2009-10-14 12:43 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\MOVIEMK.exe
+ 2010-03-12 23:34 . 2009-10-14 14:51 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\WMM2AE.dll
+ 2010-03-12 23:34 . 2009-10-14 12:44 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\MOVIEMK.exe
+ 2010-03-12 23:34 . 2009-10-14 15:06 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\WMM2AE.dll
+ 2010-03-12 23:34 . 2009-10-14 12:54 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\MOVIEMK.exe
+ 2010-03-12 23:37 . 2010-02-20 23:10 333312 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\nativerd.dll
+ 2010-03-12 23:37 . 2010-02-20 23:08 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisutil.dll
+ 2010-03-12 23:37 . 2010-02-20 21:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iissetup.exe
+ 2010-03-12 23:37 . 2010-02-20 23:08 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisRtl.dll
+ 2010-03-12 23:37 . 2010-02-20 21:22 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisres.dll
+ 2010-03-12 23:37 . 2010-02-20 23:11 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iismig.dll
+ 2010-03-12 23:37 . 2010-02-20 21:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\aspnetca.exe
+ 2010-03-12 23:37 . 2010-02-20 23:07 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\appobj.dll
+ 2010-03-12 23:37 . 2010-02-20 21:22 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\appcmd.exe
+ 2009-12-25 09:32 . 2009-11-09 12:31 331264 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\nativerd.dll
+ 2009-12-25 09:32 . 2009-11-09 12:30 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisutil.dll
+ 2009-12-25 09:32 . 2009-11-09 10:49 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iissetup.exe
+ 2009-12-25 09:32 . 2009-11-09 12:30 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisRtl.dll
+ 2009-12-25 09:32 . 2009-11-09 10:48 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisres.dll
+ 2009-12-25 09:32 . 2009-11-09 12:32 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iismig.dll
+ 2009-12-25 09:32 . 2009-11-09 10:49 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\aspnetca.exe
+ 2009-12-25 09:32 . 2009-11-09 12:28 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\appobj.dll
+ 2009-12-25 09:32 . 2009-11-09 10:48 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\appcmd.exe
+ 2010-03-12 23:37 . 2010-02-20 23:30 331776 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\nativerd.dll
+ 2010-03-12 23:37 . 2010-02-20 23:29 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisutil.dll
+ 2010-03-12 23:37 . 2010-02-20 21:35 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iissetup.exe
+ 2010-03-12 23:37 . 2010-02-20 23:29 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisRtl.dll
+ 2010-03-12 23:37 . 2010-02-20 21:35 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisres.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iismig.dll
+ 2010-03-12 23:37 . 2010-02-20 21:35 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\aspnetca.exe
+ 2010-03-12 23:37 . 2010-02-20 23:26 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\appobj.dll
+ 2010-03-12 23:37 . 2010-02-20 21:35 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\appcmd.exe
+ 2009-12-25 09:32 . 2009-11-09 13:22 326656 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\nativerd.dll
+ 2009-12-25 09:32 . 2009-11-09 13:20 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisutil.dll
+ 2009-12-25 09:32 . 2009-11-09 11:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iissetup.exe
+ 2009-12-25 09:32 . 2009-11-09 13:20 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisRtl.dll
+ 2009-12-25 09:32 . 2009-11-09 11:21 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisres.dll
+ 2009-12-25 09:32 . 2009-11-09 13:23 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iismig.dll
+ 2009-12-25 09:32 . 2009-11-09 11:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\aspnetca.exe
+ 2009-12-25 09:32 . 2009-11-09 13:18 311296 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\appobj.dll
+ 2009-12-25 09:32 . 2009-11-09 11:21 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\appcmd.exe
+ 2010-03-12 23:37 . 2010-02-20 23:34 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\nativerd.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisutil.dll
+ 2010-03-12 23:37 . 2010-02-20 21:31 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iissetup.exe
+ 2010-03-12 23:37 . 2010-02-20 23:31 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisRtl.dll
+ 2010-03-12 23:37 . 2010-02-20 20:21 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisres.dll
+ 2010-03-12 23:37 . 2010-02-20 23:35 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iismig.dll
+ 2010-03-12 23:37 . 2010-02-20 21:31 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\aspnetca.exe
+ 2010-03-12 23:37 . 2010-02-20 23:30 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\appobj.dll
+ 2010-03-12 23:37 . 2010-02-20 21:31 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\appcmd.exe
+ 2010-03-12 23:37 . 2010-02-20 23:54 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\nativerd.dll
+ 2010-03-12 23:37 . 2010-02-20 23:52 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisutil.dll
+ 2010-03-12 23:37 . 2010-02-20 21:47 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iissetup.exe
+ 2010-03-12 23:37 . 2010-02-20 23:52 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisRtl.dll
+ 2010-03-12 23:37 . 2010-02-20 20:30 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisres.dll
+ 2010-03-12 23:37 . 2010-02-20 23:55 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iismig.dll
+ 2010-03-12 23:37 . 2010-02-20 21:47 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\aspnetca.exe
+ 2010-03-12 23:37 . 2010-02-20 23:50 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\appobj.dll
+ 2010-03-12 23:37 . 2010-02-20 21:47 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\appcmd.exe
+ 2010-03-12 23:37 . 2010-02-20 23:08 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.22343_none_6bd150839a36b650\isapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:05 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.18210_none_6b65229e810376ae\isapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:29 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.22638_none_69faaff99d03c3ee\isapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:37 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.18428_none_697be13483de0b0c\isapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:32 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.21227_none_681e17319fd633d0\isapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:52 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.17022_none_678f770e86bd182c\isapi.dll
+ 2010-03-12 23:37 . 2010-02-20 23:08 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\iiscore.dll
+ 2010-03-12 23:37 . 2010-02-20 23:05 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\iiscore.dll
+ 2010-03-12 23:37 . 2010-02-20 23:29 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\iiscore.dll
+ 2010-03-12 23:37 . 2010-02-20 23:37 189952 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\iiscore.dll
+ 2010-03-12 23:37 . 2010-02-20 23:31 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\iiscore.dll
+ 2010-03-12 23:37 . 2010-02-20 23:52 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\iiscore.dll
+ 2010-04-19 19:05 . 2010-02-23 15:00 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22995_none_47b8df3cdd4e5e15\ieui.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18904_none_478f9359c3e8a6a2\ieui.dll
+ 2010-04-19 19:05 . 2010-02-23 15:00 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22995_none_fea88c6de92bdaff\iesysprep.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18904_none_fe7f408acfc6238c\iesysprep.dll
+ 2010-04-19 19:05 . 2010-02-23 13:25 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22995_none_a8e727c18da89e3a\ie4uinit.exe
+ 2010-04-19 19:05 . 2010-02-23 04:55 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18904_none_a8bddbde7442e6c7\ie4uinit.exe
+ 2010-04-19 19:05 . 2010-02-23 15:05 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22995_none_2aba1cf6bbb3850f\sqmapi.dll
+ 2010-04-19 19:05 . 2010-02-23 06:38 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18904_none_2a90d113a24dcd9c\sqmapi.dll
+ 2010-04-19 19:05 . 2010-02-23 15:04 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22995_none_1a3cdac943526a7d\occache.dll
+ 2010-04-19 19:05 . 2010-02-23 06:37 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18904_none_1a138ee629ecb30a\occache.dll
+ 2010-04-19 19:05 . 2010-02-23 15:06 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
+ 2010-04-19 19:05 . 2010-02-23 13:26 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\ieUnatt.exe
+ 2010-04-19 19:05 . 2010-02-23 06:39 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
+ 2010-04-19 19:05 . 2010-02-23 04:55 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\ieUnatt.exe
+ 2010-04-19 19:05 . 2010-02-23 15:00 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22995_none_2aa3a292c968579f\IEShims.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18904_none_2a7a56afb002a02c\IEShims.dll
+ 2010-04-19 19:05 . 2010-02-23 15:00 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22995_none_734556fc79bff131\ieproxy.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18904_none_731c0b19605a39be\ieproxy.dll
+ 2010-04-19 19:05 . 2010-02-23 15:01 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22995_none_42fcfce969a5b96a\msfeeds.dll
+ 2010-04-19 19:05 . 2010-02-23 06:34 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18904_none_42d3b106504001f7\msfeeds.dll
+ 2010-04-19 19:05 . 2010-02-23 15:00 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22995_none_1fd9f74c213d2f14\iepeers.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18904_none_1fb0ab6907d777a1\iepeers.dll
+ 2010-04-19 19:05 . 2010-02-23 15:00 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22995_none_5766df1686ac8779\iedkcs32.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18904_none_573d93336d46d006\iedkcs32.dll
+ 2010-04-19 19:05 . 2010-02-23 15:06 919040 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22995_none_e4ff661ad10266b2\wininet.dll
+ 2010-04-19 19:05 . 2010-02-23 06:39 916480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18904_none_e4d61a37b79caf3f\wininet.dll
+ 2010-04-19 19:05 . 2010-02-18 13:42 211456 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.22341_none_1428eb9d92bddb72\iphlpsvc.dll
+ 2010-04-19 19:05 . 2010-02-18 13:30 200704 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c\iphlpsvc.dll
+ 2010-04-19 19:05 . 2010-02-18 14:00 201216 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.22636_none_12524b13958ae910\iphlpsvc.dll
+ 2010-04-19 19:05 . 2010-02-18 14:11 190464 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985\iphlpsvc.dll
+ 2010-04-19 19:05 . 2010-02-18 13:57 179712 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.21226_none_1076b295985c7249\iphlpsvc.dll
+ 2010-04-19 19:05 . 2010-02-18 14:19 179712 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5\iphlpsvc.dll
+ 2010-04-19 19:05 . 2010-02-23 15:02 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.22995_none_c3dc1941aba1ff8e\mstime.dll
+ 2010-04-19 19:05 . 2010-02-23 06:35 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18904_none_c3b2cd5e923c481b\mstime.dll
+ 2010-03-12 23:37 . 2010-02-20 21:06 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22343_none_af08d5a82f3c8f92\http.sys
+ 2010-03-12 23:37 . 2010-02-20 20:53 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18210_none_ae9ca7c316094ff0\http.sys
+ 2010-03-12 23:37 . 2010-02-20 21:20 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22638_none_ad32351e32099d30\http.sys
+ 2010-03-12 23:37 . 2010-02-20 21:18 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18428_none_acb3665918e3e44e\http.sys
+ 2010-03-12 23:37 . 2010-02-20 21:16 398848 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21227_none_ab559c5634dc0d12\http.sys
+ 2010-03-12 23:37 . 2010-02-20 21:30 396800 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.17022_none_aac6fc331bc2f16e\http.sys
+ 2009-06-13 12:28 . 2010-04-05 18:32 449818 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-04-25 08:33 106866 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 10:33 . 2010-03-12 22:05 641686 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-04-25 08:37 641686 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-03-12 22:05 122590 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-04-25 08:37 122590 c:\windows\System32\perfc009.dat
+ 2010-04-19 19:05 . 2010-02-23 06:37 206848 c:\windows\System32\occache.dll
- 2010-01-22 18:55 . 2010-01-02 06:36 206848 c:\windows\System32\occache.dll
+ 2010-04-19 19:05 . 2010-02-23 06:35 611840 c:\windows\System32\mstime.dll
- 2009-06-12 20:48 . 2009-03-08 11:32 611840 c:\windows\System32\mstime.dll
+ 2010-04-19 19:05 . 2010-02-23 06:34 594432 c:\windows\System32\msfeeds.dll
- 2010-01-22 18:55 . 2010-01-02 06:33 594432 c:\windows\System32\msfeeds.dll
+ 2010-04-21 08:41 . 2010-04-12 16:29 153376 c:\windows\System32\javaws.exe
- 2009-11-22 18:25 . 2009-10-11 04:17 145184 c:\windows\System32\javaw.exe
+ 2010-04-21 08:41 . 2010-04-12 16:29 145184 c:\windows\System32\javaw.exe
- 2009-11-22 18:25 . 2009-10-11 04:17 145184 c:\windows\System32\java.exe
+ 2010-04-21 08:41 . 2010-04-12 16:29 145184 c:\windows\System32\java.exe
+ 2010-04-19 19:05 . 2010-02-23 06:33 164352 c:\windows\System32\ieui.dll
- 2010-01-22 18:55 . 2010-01-02 06:32 164352 c:\windows\System32\ieui.dll
- 2010-01-22 18:55 . 2010-01-02 06:32 184320 c:\windows\System32\iepeers.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 184320 c:\windows\System32\iepeers.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 387584 c:\windows\System32\iedkcs32.dll
- 2010-01-22 18:55 . 2010-01-02 06:32 387584 c:\windows\System32\iedkcs32.dll
+ 2010-04-19 19:05 . 2010-02-23 04:55 173056 c:\windows\System32\ie4uinit.exe
- 2010-01-22 18:55 . 2010-01-02 04:56 173056 c:\windows\System32\ie4uinit.exe
- 2009-06-12 21:28 . 2010-03-12 17:25 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-12 21:28 . 2010-04-23 09:36 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-04-01 22:42 . 2010-04-21 08:41 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2010-03-21 20:47 . 2010-03-21 16:51 245760 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-04-21 08:33 . 2010-04-21 08:33 791552 c:\windows\Installer\e1b3b.msi
+ 2009-12-01 17:46 . 2010-03-16 17:12 974848 c:\windows\Installer\408e63.msi
- 2009-12-01 17:46 . 2009-12-01 17:46 974848 c:\windows\Installer\408e63.msi
+ 2010-04-01 22:49 . 2010-04-01 22:49 180224 c:\windows\Installer\3b70ba.msi
+ 2010-04-21 08:30 . 2010-04-21 08:30 307200 c:\windows\Installer\{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}\SafariIco.exe
+ 2010-04-21 08:39 . 2010-04-21 08:39 372736 c:\windows\Installer\{996A2FAA-7514-4628-9D12-A8FC34A0016E}\iTunesIco.exe
- 2009-06-12 21:45 . 2010-02-11 07:48 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-06-12 21:45 . 2010-02-11 07:48 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-12 21:45 . 2010-02-11 07:48 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-12 21:45 . 2010-02-11 07:48 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-06-12 21:45 . 2010-02-11 07:48 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-06-12 21:45 . 2010-02-11 07:48 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-06-12 21:45 . 2010-02-11 07:48 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-12-21 18:35 . 2009-12-21 18:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 18:34 . 2009-12-21 18:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 19:18 . 2009-11-09 19:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 20:02 . 2009-12-21 20:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-21 18:43 . 2009-12-21 18:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 01:57 . 2009-12-22 01:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 18:15 . 2009-12-21 18:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 19:32 . 2009-12-21 19:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-21 19:15 . 2009-12-21 19:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2009-11-19 22:29 . 2009-11-19 22:29 144728 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\WebLink.dll
+ 2009-11-19 22:28 . 2009-11-19 22:28 423256 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\RIMCXLServer.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 623960 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\rimautoupdate.exe
+ 2009-11-19 22:28 . 2009-11-19 22:28 894296 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\rim_hh.dll
+ 2009-11-19 22:28 . 2009-11-19 22:28 496984 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\rim_asci.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 972120 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\ras_connection_manager.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 439640 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\product.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 771416 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\media_sync.dll
+ 2009-11-19 22:28 . 2009-11-19 22:28 820568 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\DeviceOptions.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 546136 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\device_switch.dll
+ 2009-11-19 22:28 . 2009-11-19 22:28 935256 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\device_file_access_dll.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 566616 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\cxlbresources.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres2070.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1057.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1055.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1049.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1046.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1045.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1043.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 103768 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1042.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 103768 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1041.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1040.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1038.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 103768 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1037.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1036.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1034.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1032.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1031.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1029.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 103768 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1028.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 107864 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\autoupdateres1025.dll
+ 2008-10-25 07:52 . 2008-10-25 07:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 07:52 . 2008-10-25 07:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
- 2006-11-02 10:25 . 2010-03-12 17:38 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2010-04-21 17:09 143360 c:\windows\inf\infstrng.dat
+ 2010-04-19 19:05 . 2010-03-04 12:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22364_none_f4bb53f581eb46da\OESpamFilter.dat
+ 2010-04-19 19:05 . 2010-03-04 12:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18226_none_f45ef76e68ab69fa\OESpamFilter.dat
+ 2010-04-19 19:05 . 2010-03-04 12:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22654_none_f2dfb1f984bcd5c5\OESpamFilter.dat
+ 2010-04-19 19:05 . 2010-03-04 13:36 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18444_none_f260e3346b971ce3\OESpamFilter.dat
+ 2010-04-19 19:05 . 2010-03-04 13:34 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21242_none_f10218e787902c50\OESpamFilter.dat
+ 2010-04-19 19:05 . 2010-03-04 13:41 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.17040_none_f07679a26e745cb1\OESpamFilter.dat
+ 2010-04-19 19:05 . 2010-02-23 15:00 1986048 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22995_none_2aba1cf6bbb3850f\iertutil.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18904_none_2a90d113a24dcd9c\iertutil.dll
+ 2010-04-19 19:05 . 2010-02-23 15:01 5946880 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22995_none_f65985395158cfe8\mshtml.dll
+ 2010-04-19 19:05 . 2010-02-23 06:34 5944832 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18904_none_f630395637f31875\mshtml.dll
+ 2010-04-19 19:05 . 2010-02-23 15:05 1209856 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22995_none_97f98a7905f9401f\urlmon.dll
+ 2010-04-19 19:05 . 2010-02-23 06:39 1209344 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18904_none_97d03e95ec9388ac\urlmon.dll
+ 2009-10-16 01:33 . 2009-10-16 01:33 3003680 c:\windows\System32\usbaaplrc.dll
+ 2010-04-19 19:05 . 2010-02-23 06:39 1209344 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2010-04-20 17:12 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-03-01 17:08 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-04-19 19:05 . 2010-02-23 06:34 5944832 c:\windows\System32\mshtml.dll
- 2010-01-22 18:55 . 2010-01-02 06:32 1985536 c:\windows\System32\iertutil.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 1985536 c:\windows\System32\iertutil.dll
+ 2009-10-16 01:33 . 2009-10-16 01:33 3003680 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_131516ed\usbaaplrc.dll
+ 2010-03-26 08:44 . 2006-11-02 07:09 1419232 c:\windows\System32\DriverStore\FileRepository\hpqkbfiltr.inf_d1c4824b\wdfcoinstaller01005.dll
+ 2006-11-02 12:47 . 2010-03-13 08:12 4331446 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2006-11-02 12:47 . 2009-10-30 13:17 4331446 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2010-04-21 08:39 . 2010-04-21 08:39 4911104 c:\windows\Installer\e2aa7.msi
+ 2010-04-21 08:37 . 2010-04-21 08:37 9472000 c:\windows\Installer\e2309.msi
+ 2010-04-21 08:34 . 2010-04-21 08:34 3165184 c:\windows\Installer\e1b85.msi
+ 2010-04-21 08:33 . 2010-04-21 08:33 1984000 c:\windows\Installer\e1b4b.msi
+ 2010-04-21 08:31 . 2010-04-21 08:31 1689600 c:\windows\Installer\e1b31.msi
+ 2010-04-21 08:30 . 2010-04-21 08:30 2449920 c:\windows\Installer\e1b1f.msi
+ 2010-04-23 09:39 . 2010-04-23 09:39 1235968 c:\windows\Installer\7ecdf.msi
+ 2010-02-21 00:03 . 2010-02-21 00:03 4472832 c:\windows\Installer\71349.msp
+ 2010-02-21 00:02 . 2010-02-21 00:02 4195840 c:\windows\Installer\7132d.msp
+ 2010-03-11 22:59 . 2010-03-11 22:59 5031424 c:\windows\Installer\71317.msp
+ 2010-02-04 17:24 . 2010-02-04 17:24 9122304 c:\windows\Installer\208670.msp
+ 2010-02-21 01:00 . 2010-02-21 01:00 8480768 c:\windows\Installer\20865a.msp
+ 2010-02-04 00:59 . 2010-02-04 00:59 5031936 c:\windows\Installer\208644.msp
+ 2010-04-21 14:48 . 2010-04-21 14:48 2233344 c:\windows\Installer\103741e.msi
- 2009-06-12 21:45 . 2010-02-11 07:48 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-06-12 21:45 . 2010-02-11 07:48 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-06-12 21:45 . 2010-04-20 15:56 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-12-21 18:29 . 2009-12-21 18:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 20:34 . 2009-10-27 20:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 23:31 . 2009-12-21 23:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 2970968 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\product_common.dll
+ 2009-11-19 22:29 . 2009-11-19 22:29 1807704 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\DesktopMgr.exe
+ 2009-11-19 22:28 . 2009-11-19 22:28 1054040 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\backup_restore.dll
+ 2009-11-19 22:28 . 2009-11-19 22:28 1586520 c:\windows\Installer\$PatchCache$\Managed\2815A5028CFE52C46BD11C468FFF0484\5.0.1\application_loader.dll
+ 2009-03-06 04:00 . 2009-03-06 04:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 10:49 . 2008-11-10 10:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-24 22:16 . 2008-11-24 22:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2010-03-12 23:34 . 2009-10-14 14:10 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\MOVIEMK.dll
+ 2010-03-12 23:34 . 2009-10-14 13:58 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.dll
+ 2010-03-12 23:34 . 2009-10-14 15:06 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\MOVIEMK.dll
+ 2010-03-12 23:34 . 2009-10-14 14:45 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\MOVIEMK.dll
+ 2010-03-12 23:34 . 2009-10-14 14:48 10921984 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\MOVIEMK.dll
+ 2010-03-12 23:34 . 2009-10-14 15:02 10922496 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\MOVIEMK.dll
+ 2010-04-19 19:05 . 2010-02-23 15:00 11073024 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22995_none_47b8df3cdd4e5e15\ieframe.dll
+ 2010-04-19 19:05 . 2010-02-23 06:33 11070976 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18904_none_478f9359c3e8a6a2\ieframe.dll
+ 2006-11-02 10:24 . 2010-04-06 09:52 31971272 c:\windows\System32\mrt.exe
+ 2010-04-19 19:05 . 2010-02-23 06:33 11070976 c:\windows\System32\ieframe.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\e2b66.msp
+ 2010-03-22 15:03 . 2010-03-22 15:03 11732992 c:\windows\Installer\7135f.msp
+ 2010-04-21 17:06 . 2010-04-21 17:06 44665344 c:\windows\Installer\18316b5.msp
+ 2009-12-21 23:21 . 2009-12-21 23:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
+ 2009-04-03 18:46 . 2009-04-03 18:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2009-06-12 20:44 . 2010-04-20 15:51 165020718 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-22 53248]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-10-15 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-11-16 604008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4e,05,c3,e1,4c,15,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 133104]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-12 721904]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-25 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-23 11:57]

2010-04-25 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-19 13:54]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 21:12]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 21:12]

2010-04-24 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-23 11:57]

2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{928B05A5-213B-490A-9217-19EDD566514F}.job
- c:\windows\system32\msfeedssync.exe [2010-04-19 04:54]

2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{C84F3DB5-27A3-4859-8F05-A0E6FFC2FE81}.job
- c:\windows\system32\msfeedssync.exe [2010-04-19 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 09:41
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll atapi.sys >>UNKNOWN [0x87B558C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a5b3d24
\Driver\ACPI -> acpi.sys @ 0x8289fd68
\Driver\atapi -> atapi.sys @ 0x829e49b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-25 09:44:15
ComboFix-quarantined-files.txt 2010-04-25 08:44
ComboFix2.txt 2010-04-21 18:15
ComboFix3.txt 2010-03-12 22:14

Pre-Run: 233,104,523,264 bytes free
Post-Run: 233,271,320,576 bytes free

- - End Of File - - 1EBCB755C2197BBF07A615011F7487B1
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
No Rootkit was included in the report. I would like to check a couple of suspicious files.
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
Suspect::
c:\windows\system32\drivers\znaakeos.sys
c:\windows\system32\drivers\awbasvzj.sys


Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Combofix created a zipped file in the C:\Qoobox\Quarantine folder labeled in the form of [4]-Submit_Date_Time.zip. Please have this file uploaded to the following location:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Indicate a link to this address and let me know when ready.

==========================================================

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report in your next reply.
 

THFC

Thread Starter
Joined
Apr 8, 2007
Messages
16
Hi,

I have uploaded the quarantine zip file and linked it to the link of this thread.

What follows are the ComboFix log file and the GMER log file

Thanks

Paul.

ComboFix Log File


ComboFix 10-04-21.01 - Paul 25/04/2010 16:51:36.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3063.2140 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
Command switches used :: c:\users\Paul\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\windows\System32\drivers\awbasvzj.sys
file zipped: c:\windows\System32\drivers\znaakeos.sys
.

((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-25 15:59 . 2010-04-25 15:59 -------- d-----w- c:\users\Paul\AppData\Local\temp
2010-04-25 15:59 . 2010-04-25 15:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-25 15:59 . 2010-04-25 15:59 -------- d-----w- c:\users\Josh\AppData\Local\temp
2010-04-25 15:59 . 2010-04-25 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-24 20:12 . 2010-04-24 20:12 19944 ----a-w- c:\windows\system32\drivers\awbasvzj.sys
2010-04-23 09:38 . 2010-04-23 09:38 -------- d-----w- c:\programdata\WindowsSearch
2010-04-23 09:29 . 2010-04-24 21:42 -------- d-----w- c:\windows\system32\catroot2
2010-04-21 22:14 . 2010-04-21 22:14 -------- d-----w- C:\Downloads
2010-04-21 18:29 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-21 18:28 . 2010-04-21 18:28 -------- d-----w- c:\program files\Panda Security
2010-04-21 17:07 . 2010-04-21 17:07 -------- d-----w- c:\programdata\Research In Motion
2010-04-21 17:06 . 2010-04-21 17:06 19944 ----a-w- c:\windows\system32\drivers\znaakeos.sys
2010-04-21 10:02 . 2010-04-21 10:02 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-21 10:02 . 2010-04-21 10:02 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2010-04-21 08:41 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 08:39 . 2010-04-21 08:39 -------- d-----w- c:\program files\iPod
2010-04-21 08:39 . 2010-04-21 08:39 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 08:36 . 2010-04-21 08:37 -------- d-----w- c:\program files\QuickTime
2010-04-21 08:33 . 2010-04-21 08:33 -------- d-----w- c:\program files\Bonjour
2010-04-21 08:32 . 2010-04-21 08:32 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-21 08:30 . 2010-04-21 08:30 19944 ----a-w- c:\windows\system32\drivers\khdvhmgi.sys
2010-04-21 08:28 . 2010-04-21 08:28 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-21 08:25 . 2010-04-21 08:25 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-21 08:23 . 2010-04-21 08:23 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-21 08:17 . 2010-04-24 21:46 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-19 19:01 . 2010-04-19 19:01 4255072 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-19 19:00 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-19 18:59 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-01 22:49 . 2010-04-01 22:49 -------- d-----w- c:\program files\Common Files\Java
2010-04-01 21:55 . 2010-04-01 21:55 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-01 21:55 . 2010-04-01 21:55 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-01 21:55 . 2010-04-01 21:55 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-01 21:55 . 2010-04-01 21:55 341272 ----a-w- c:\programdata\avg9\update\backup\avgxch32.dll
2010-04-01 21:55 . 2010-04-01 21:55 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-01 21:55 . 2010-04-01 21:55 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-01 21:55 . 2010-04-01 21:55 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-01 21:55 . 2010-04-01 21:55 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-01 21:55 . 2010-04-01 21:55 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-01 21:55 . 2010-04-01 21:55 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-01 21:55 . 2010-04-01 21:55 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-01 21:55 . 2010-04-01 21:55 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-01 21:45 . 2010-04-01 21:45 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 15:46 . 2009-06-12 17:54 6396 ----a-w- c:\windows\bthservsdp.dat
2010-04-25 08:44 . 2009-12-01 17:47 256 ----a-w- c:\windows\system32\pool.bin
2010-04-24 17:33 . 2009-08-22 12:27 -------- d-----w- c:\users\Josh\AppData\Roaming\HpUpdate
2010-04-24 17:33 . 2009-08-11 18:00 -------- d-----w- c:\users\Paul\AppData\Roaming\HpUpdate
2010-04-23 09:39 . 2009-10-01 21:12 -------- d-----w- c:\program files\Google
2010-04-21 14:48 . 2009-06-12 20:59 -------- d-----w- c:\program files\Opera
2010-04-21 10:05 . 2010-03-12 17:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 08:41 . 2009-10-01 20:49 -------- d-----w- c:\program files\Java
2010-04-21 08:39 . 2009-12-25 09:39 -------- d-----w- c:\program files\iTunes
2010-04-21 08:39 . 2009-06-12 21:07 -------- d-----w- c:\program files\Common Files\Apple
2010-04-21 08:30 . 2009-06-12 21:01 -------- d-----w- c:\program files\Safari
2010-04-21 08:25 . 2009-06-12 20:54 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-20 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-20 15:56 . 2009-06-12 21:39 -------- d-----w- c:\programdata\Microsoft Help
2010-03-29 23:46 . 2010-03-12 17:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2010-03-12 17:27 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 09:12 . 2009-12-01 17:55 -------- d-----w- c:\programdata\Roxio
2010-03-26 08:44 . 2009-06-13 07:49 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-26 08:44 . 2009-06-12 21:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 08:43 . 2009-12-01 17:57 -------- d-----w- c:\users\Josh\AppData\Roaming\InstallShield
2010-03-19 16:42 . 2009-10-07 17:43 680 ----a-w- c:\users\Josh\AppData\Local\d3d9caps.dat
2010-03-19 10:47 . 2010-03-19 10:39 -------- d-----w- c:\users\Paul\AppData\Roaming\IObit
2010-03-19 10:47 . 2010-03-19 10:39 -------- d-----w- c:\program files\IObit
2010-03-17 21:29 . 2010-03-17 21:29 -------- d-----w- c:\program files\Scratch
2010-03-17 20:50 . 2010-03-17 20:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 20:50 . 2009-06-12 20:54 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 20:49 . 2009-06-12 20:54 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-16 17:11 . 2010-03-16 17:11 10827096 ----a-w- c:\users\Josh\AppData\Roaming\Research In Motion\BlackBerry Media Sync\AutoUpdate\Updates\3.0.0.39\BlackBerryMediaSync.exe
2010-03-16 15:12 . 2010-03-16 15:11 -------- d-----w- c:\program files\PDFCreator
2010-03-16 14:17 . 2009-11-15 18:28 -------- d-----w- c:\programdata\avg9
2010-03-12 23:01 . 2009-06-12 21:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-12 18:09 . 2010-03-12 18:09 388096 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-12 18:09 . 2010-03-12 18:09 -------- d-----w- c:\program files\TrendMicro
2010-03-12 17:27 . 2010-03-12 17:27 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2010-03-12 17:27 . 2010-03-12 17:27 -------- d-----w- c:\programdata\Malwarebytes
2010-03-12 17:20 . 2009-06-12 19:14 130624 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-05 14:01 . 2010-04-19 19:05 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 17:55 . 2009-12-01 17:47 -------- d-----w- c:\users\Josh\AppData\Roaming\Research In Motion
2010-03-01 17:11 . 2009-06-12 21:18 130624 ----a-w- c:\users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 20:34 . 2010-02-26 20:34 15416 ----a-w- c:\windows\system32\HPMDPCoInst.dll
2010-02-26 20:34 . 2010-02-26 20:34 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2010-02-26 20:34 . 2010-02-26 20:34 26168 ----a-w- c:\windows\system32\hpservice.exe
2010-02-26 20:34 . 2010-02-26 20:34 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-02-26 20:33 . 2010-02-26 20:33 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2010-02-23 11:10 . 2010-04-19 19:05 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-19 19:05 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-19 19:05 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-04-19 19:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-19 19:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-19 19:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-19 19:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-12 23:37 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 23:37 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 23:37 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:07 . 2010-04-19 19:05 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 13:30 . 2010-04-19 19:05 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-19 19:05 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:32 . 2010-02-28 20:47 293376 ----a-w- c:\windows\system32\browserchoice.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-04-25_08.41.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-04-25 15:51 83700 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-06-12 19:15 . 2010-04-25 15:51 12354 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3964209802-1692051119-3322520709-1000_UserData.bin
- 2009-06-23 17:35 . 2010-04-25 08:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-23 17:35 . 2010-04-25 15:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-23 17:35 . 2010-04-25 15:47 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-23 17:35 . 2010-04-25 08:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-23 17:35 . 2010-04-25 15:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-23 17:35 . 2010-04-25 08:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-25 08:30 . 2010-04-25 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-25 15:47 . 2010-04-25 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-25 08:30 . 2010-04-25 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-25 15:47 . 2010-04-25 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2010-04-25 15:51 106914 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2010-04-25 15:55 641686 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-04-25 08:37 641686 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-04-25 15:55 122590 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-04-25 08:37 122590 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-22 53248]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-10-15 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-11-16 604008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4e,05,c3,e1,4c,15,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 133104]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-12 721904]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-25 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-23 11:57]

2010-04-25 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-19 13:54]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 21:12]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 21:12]

2010-04-25 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-23 11:57]

2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{928B05A5-213B-490A-9217-19EDD566514F}.job
- c:\windows\system32\msfeedssync.exe [2010-04-19 04:54]

2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{C84F3DB5-27A3-4859-8F05-A0E6FFC2FE81}.job
- c:\windows\system32\msfeedssync.exe [2010-04-19 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 16:59
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll atapi.sys >>UNKNOWN [0x87D538C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a5add24
\Driver\ACPI -> acpi.sys @ 0x8289ad68
\Driver\atapi -> atapi.sys @ 0x829df9b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-25 17:02:14
ComboFix-quarantined-files.txt 2010-04-25 16:02
ComboFix2.txt 2010-04-25 08:44
ComboFix3.txt 2010-04-21 18:15
ComboFix4.txt 2010-03-12 22:14

Pre-Run: 275,812,962,304 bytes free
Post-Run: 275,756,371,968 bytes free

- - End Of File - - 5896528B6655DADDD9567B499ED2C8A4
Upload was successful


GMER Log File

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 17:36:54
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Paul\AppData\Local\Temp\fxtdipob.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x829E3000]
? C:\Users\Paul\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641f734e6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xB1 0x64 0x6D 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xE6 0x4C 0x1A 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x2E 0x01 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x2C 0x79 0x1A 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x32 0x89 0xD8 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x6E 0x60 0xA5 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD9 0xC7 0xB4 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x36 0xC8 0x6D 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641f734e6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xB1 0x64 0x6D 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xE6 0x4C 0x1A 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x2E 0x01 0xE7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x2C 0x79 0x1A 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x32 0x89 0xD8 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x6E 0x60 0xA5 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD9 0xC7 0xB4 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x36 0xC8 0x6D 0x60 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x2F 0x68 0x5B 0x09 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
The atapi.sys is patched.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Under the Custom Scan box paste this in

      /md5start
      atapi.sys
      /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.
 

THFC

Thread Starter
Joined
Apr 8, 2007
Messages
16
Hi,

Here are the OTL Logs

Regards

Paul.

OTL Log File


OTL logfile created on: 25/04/2010 21:45:28 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 256.33 Gb Free Space | 85.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TC4400V
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/25 21:43:57 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2010/04/21 09:24:59 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/19 12:57:22 | 002,708,824 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2010/04/01 22:50:20 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/17 21:50:07 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 21:49:59 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 21:49:43 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/07 14:49:26 | 000,239,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
PRC - [2009/10/07 14:48:44 | 000,604,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
PRC - [2009/10/07 14:48:44 | 000,376,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2009/10/07 14:48:44 | 000,097,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe
PRC - [2009/04/11 07:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 07:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/03/18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/01/21 03:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/25 21:43:57 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
MOD - [2009/04/11 07:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/17 21:49:59 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/07 14:49:26 | 000,239,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2009/10/07 14:48:44 | 000,376,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2009/10/07 14:48:44 | 000,097,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV - [2009/10/03 19:37:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/03/18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/04/21 09:25:05 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 21:50:06 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 21:49:44 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/26 21:34:18 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/02/26 21:33:56 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/12 21:56:24 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/06/18 21:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/18 21:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/04/24 17:26:28 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/14 15:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/03/21 17:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/12 13:12:38 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/12/12 13:12:38 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/12/12 13:12:38 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/09/15 03:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/08/28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/02 04:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/04/25 14:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/09/14 18:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 09:46:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/23 22:31:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 10:03:15 | 000,000,000 | ---D | M]

[2009/06/12 22:28:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2010/04/25 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions
[2009/07/14 13:37:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/30 20:26:15 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010/03/12 19:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/03/12 19:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}-trash
[2010/04/21 15:10:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\xvjcab62.default\extensions\[email protected]
[2010/04/25 17:47:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 09:41:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/21 10:03:08 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/21 10:03:08 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/21 10:03:08 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/21 10:03:08 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/21 19:10:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/25 21:43:55 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/04/25 17:02:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/25 17:02:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/25 17:02:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\temp
[2010/04/25 16:40:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/24 21:12:21 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\awbasvzj.sys
[2010/04/23 10:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/23 10:29:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/04/21 23:14:46 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/04/21 19:29:11 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010/04/21 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/04/21 18:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/04/21 18:06:52 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\znaakeos.sys
[2010/04/21 09:41:27 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/21 09:41:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/21 09:41:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/21 09:41:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/21 09:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/21 09:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 09:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/21 09:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/21 09:30:07 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\khdvhmgi.sys
[2010/04/21 09:17:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/04/19 20:05:52 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/19 20:05:38 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/19 20:05:38 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/19 20:05:38 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/19 20:05:37 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/19 20:05:37 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/19 20:05:37 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/19 20:05:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/19 20:05:37 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/19 20:05:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/19 20:05:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/19 20:05:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/19 20:05:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/19 20:05:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/19 20:05:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/19 20:05:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/19 20:05:14 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/19 20:05:14 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/01 23:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/01 23:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2010/04/25 21:44:41 | 006,553,600 | -HS- | M] () -- C:\Users\Paul\ntuser.dat
[2010/04/25 21:43:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C84F3DB5-27A3-4859-8F05-A0E6FFC2FE81}.job
[2010/04/25 21:43:57 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/04/25 21:43:47 | 007,128,064 | ---- | M] () -- C:\Users\Paul\Desktop\CP Issue.pst
[2010/04/25 21:36:20 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{928B05A5-213B-490A-9217-19EDD566514F}.job
[2010/04/25 21:35:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 20:47:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/25 20:47:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/25 17:08:57 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/04/25 17:07:29 | 000,293,376 | ---- | M] () -- C:\Users\Paul\Desktop\gmer.exe
[2010/04/25 17:04:39 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2010/04/25 17:02:56 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
[2010/04/25 16:59:36 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/25 16:55:01 | 000,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/25 16:55:01 | 000,641,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/25 16:55:01 | 000,122,590 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/25 16:48:06 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 16:48:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2010/04/25 16:47:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/25 16:47:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/25 16:46:03 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/25 16:46:00 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/25 16:46:00 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/25 13:36:04 | 059,257,955 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/25 10:00:50 | 002,644,899 | -H-- | M] () -- C:\Users\Paul\AppData\Local\IconCache.db
[2010/04/25 08:49:01 | 003,923,062 | R--- | M] () -- C:\Users\Paul\Desktop\ComboFix.exe
[2010/04/24 22:25:29 | 000,002,515 | ---- | M] () -- C:\Users\Paul\Desktop\HiJackThis.lnk
[2010/04/24 21:12:21 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\awbasvzj.sys
[2010/04/23 10:39:36 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/21 19:10:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/21 18:08:03 | 000,001,887 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/04/21 18:08:03 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2010/04/21 18:06:52 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\znaakeos.sys
[2010/04/21 15:48:20 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/04/21 09:42:28 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/21 09:39:44 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/21 09:30:17 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/21 09:30:07 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\khdvhmgi.sys
[2010/04/21 09:25:05 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/20 16:55:46 | 000,000,204 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/28 21:38:00 | 000,031,744 | ---- | M] () -- C:\Users\Paul\Documents\THLFCBrentford28Mar10.doc
[2010/03/27 21:54:14 | 000,001,730 | -H-- | M] () -- C:\Users\Paul\Documents\Default.rdp

========== Files Created - No Company Name ==========

[2010/04/25 08:49:32 | 003,923,062 | R--- | C] () -- C:\Users\Paul\Desktop\ComboFix.exe
[2010/04/23 23:09:18 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2010/04/23 10:39:36 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/21 18:08:03 | 000,001,887 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/04/21 18:08:03 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2010/04/21 15:48:20 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/04/21 09:39:44 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/20 16:55:46 | 000,000,204 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/03/28 21:38:00 | 000,031,744 | ---- | C] () -- C:\Users\Paul\Documents\THLFCBrentford28Mar10.doc
[2010/01/04 22:08:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/08/04 22:25:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/16 21:02:05 | 000,000,162 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2009/06/16 21:01:32 | 000,000,840 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2008/06/18 21:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2007/12/04 13:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/06 13:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\hppapr02.dll
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/07/07 05:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[1998/05/07 04:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys
< End of report >


EXTRAS Log

OTL Extras logfile created on: 25/04/2010 21:45:28 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 256.33 Gb Free Space | 85.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TC4400V
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007FAAB6-8F95-465A-BF41-2B68E955331F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{00E3E3AA-5CB6-4430-A1B7-EA32119684AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13CD90A9-D6E2-4754-BBC0-3548E109FC89}" = lport=10243 | protocol=6 | dir=in | app=system |
"{15C355B5-5D0D-44B8-AF3D-E5547337EDD9}" = rport=137 | protocol=17 | dir=out | app=system |
"{18FCEF40-77CF-4C0F-8E60-ECD7BEDCE0FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{27254C9E-38C2-46CC-8ED7-9E23F6B80DC0}" = rport=445 | protocol=6 | dir=out | app=system |
"{272AC9A8-73C7-4C3A-8934-B5C63F8A1788}" = rport=139 | protocol=6 | dir=out | app=system |
"{28FAE8E5-545E-4D71-9188-A113AB7A046F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2F2A1932-666F-40EC-958B-2B1EC0B92615}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E18CAFF-BD00-48E3-BFF6-D8BEF76027A1}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{46CF93CF-036B-40FE-9851-2DF518557C34}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C53CB9B-A09C-4231-8F17-3044496698F0}" = lport=138 | protocol=17 | dir=in | app=system |
"{739FF2A2-E3AD-4D15-A1B2-BA7D4F668B39}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{77645B33-B31A-49CB-A50B-E045985AD46B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7DE210C9-AA43-4F60-BBB5-675A4D469549}" = lport=139 | protocol=6 | dir=in | app=system |
"{83E20D9A-67DA-4333-83A3-B03923BA4372}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{894B63EF-F2F4-4050-98D5-903564DBD581}" = lport=445 | protocol=6 | dir=in | app=system |
"{89CE4A6C-005C-49C8-BD37-E4FF9A1CC9B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E066520-EFF5-446D-9CE3-D7824576E076}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FCE7F42-E996-437C-BCE1-6EC3CB8562FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99686C27-97A7-4FD4-A833-6E2DB01348ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9ADE1F49-A2F5-432F-A177-733FE9009E3E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EA6275E-5D53-43C4-A395-EB78318E4B53}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A0889558-6C44-42B4-A2C4-DA1A0EAD6128}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1999883-4ACC-401E-B0A7-12B62D2908F1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B7BFA388-529F-4A32-AA9D-FE4151D3BB2E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B92995BB-8709-4F71-839B-C88011BAACC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4B91FA8-C6D0-4C2A-814E-5AFBD9E1641E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C9F8F9C4-991D-4BE3-A049-B3C3AA32CDA5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DCE56F2A-802B-4AF3-B6D6-C45E1C7618A2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E3FCDE07-067D-4EA8-9FCB-D7A592831907}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EDB506C1-BA1D-410E-97FB-5F1B024C6085}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF0EBD6D-2555-4359-BFCC-A605200CC24F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F02C930C-8FD3-4482-A765-CB5DD91F1070}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3FA2F74-9540-42F2-B1C2-DAB7C32BC543}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FD9A7913-A30D-451F-A53C-AFEFD6E166A7}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C86EA8-6CED-40F5-942A-757844D1CDED}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{056FC4BC-E57D-4504-9800-2585D804DACC}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{0C22A83A-5572-4B74-AEAA-BD0699CBDB78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13992644-9136-48AE-B9D2-748589818386}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1634E874-ECD8-4B29-A9B0-B6754602E52E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{175BE241-3291-4BB3-BC0B-8D163E6E8B90}" = protocol=1 | dir=out | [email protected],-28544 |
"{2C9BDE00-2D7D-4858-8795-452CE1A823E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35E3260D-DDD6-49B7-8B81-D108FFE544E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{37373126-D553-4867-BA09-23267F895308}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3CC9B395-C54F-41B1-A7BA-AB78F5D7176F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B68CF5A-9E20-4701-97DE-19EA356234D9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4BAED37F-9F36-4999-B1C2-5D5339D589A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E3FE846-5A5E-4115-B7F7-855F5DA73D68}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{5102D26F-72BF-4A75-A2C8-D7023B0642A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{554630B4-1C12-4D0C-B590-CD09E77BF1BC}" = protocol=6 | dir=out | app=system |
"{5F9230A8-0FBA-4CE6-A4B6-413DFCBDF1F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F7ADC3D-2FAA-47E4-9BE2-7FFF9CBD3A88}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{712C170C-DDF9-43F5-8F87-430F8805046F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7AAD3B22-E646-47D1-999E-E6D16232D750}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85EAF2ED-E5E1-4C58-AF9A-6F25FBE8B414}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{862026C5-2957-4E20-8222-0AC6F9F8C64D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8E1124C0-98F3-43C3-BD0E-0F3055D87CA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{91AAD4AE-1260-452E-819A-D51128638BCC}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{A43DDCD2-A4F1-4595-B239-5B87DB5DF105}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A7E34C40-B5BB-46FC-8361-962F861D8777}" = protocol=58 | dir=out | [email protected],-28546 |
"{AEDBD7A9-A585-4FB5-A5EA-44D357BDB7D9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B8119AA6-C5FE-4543-B833-5C1D14006FA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8B95402-8A56-44A7-8832-902D5D52A433}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBDE1643-FC38-464E-87DF-597BECEA94B3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CCB4149E-228B-4BCC-8011-AE0365867BCF}" = protocol=58 | dir=in | [email protected],-28545 |
"{DD08075A-DDF2-4E14-884E-D199ACDA1093}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DD231C9A-D4C6-4410-8132-DE9E7DA7D400}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E23CE60D-41EC-41F0-8E4B-0E73683050FD}" = protocol=1 | dir=in | [email protected],-28543 |
"{F146D15D-A2D9-4E1A-9B39-DAB994CE43B5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F65BA6E9-4539-471C-B818-F674D6BD715D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FFA2915E-4E3D-4A6B-8E8C-C0B7EFFA005A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4BE7E033-F3BF-4CC1-8F7B-C4386B5E611B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{668F8586-B4A2-428B-85C2-F0812C5D4608}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{6B8AF0A2-3C09-4997-8AF3-D738DD527647}C:\windows\system32\mstsc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mstsc.exe |
"UDP Query User{E90C8856-FE1A-4CB0-8A18-5D2B1613D54E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{E943DF4D-3503-42A8-9393-B30200D77BA2}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{EEED7F8F-D745-47A1-A4F7-0B52037A3037}C:\windows\system32\mstsc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mstsc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6000
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47B588CB-B42A-41E2-9825-D29B358C8CBB}" = hppTLBXFX2605
"{491D49D0-FE50-482C-AAD0-2500060E0F97}" = hppCLJ2605
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57DA304D-27B0-40D1-A796-92CEFF20FA32}" = hppIOFiles
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8595BCF5-FCE0-4ECE-9FBA-E5FBB741D4F1}" = hppusg2605
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C27ABEFA-EBB8-401B-826A-13E6F42DBFFA}" = hpzTLBXFX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF969A8C-052F-401F-A2C8-C8819757C001}" = hppManuals2605
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG Free 9.0
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Chuzzle Deluxe 1.01" = Chuzzle Deluxe 1.01
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Color LaserJet 2605" = HP Color LaserJet 2605 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Scratch" = Scratch
"Smart Defrag_is1" = Smart Defrag
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/04/2010 17:45:05 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2010 03:42:59 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2010 04:13:35 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2010 04:22:14 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2010 04:27:36 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2010 04:30:58 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2010 04:35:14 | Computer Name = TC4400V | Source = Google Update | ID = 20
Description =

Error - 25/04/2010 05:23:42 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2010 11:48:34 | Computer Name = TC4400V | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2010 12:13:19 | Computer Name = TC4400V | Source = Perflib | ID = 1010
Description =

[ OSession Events ]
Error - 13/06/2009 14:11:32 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/09/2009 12:13:23 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1920
seconds with 780 seconds of active time. This session ended with a crash.

Error - 04/10/2009 13:41:00 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10099
seconds with 7440 seconds of active time. This session ended with a crash.

Error - 06/10/2009 17:39:58 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17512
seconds with 8220 seconds of active time. This session ended with a crash.

Error - 07/10/2009 16:36:10 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12854
seconds with 5220 seconds of active time. This session ended with a crash.

Error - 16/10/2009 12:44:32 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4312
seconds with 2400 seconds of active time. This session ended with a crash.

Error - 11/11/2009 18:16:44 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8740
seconds with 2940 seconds of active time. This session ended with a crash.

Error - 06/12/2009 08:20:44 | Computer Name = TC4400V | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9460
seconds with 900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/11/2009 12:08:39 | Computer Name = TC4400V | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 0019D2268496 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/11/2009 12:10:08 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
Description =

Error - 10/11/2009 16:21:29 | Computer Name = TC4400V | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 11/11/2009 13:41:24 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
Description =

Error - 11/11/2009 14:48:41 | Computer Name = TC4400V | Source = BROWSER | ID = 8032
Description =

Error - 12/11/2009 03:25:49 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
Description =

Error - 12/11/2009 06:56:43 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
Description =

Error - 12/11/2009 11:15:07 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
Description =

Error - 12/11/2009 13:25:59 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
Description =

Error - 12/11/2009 16:26:14 | Computer Name = TC4400V | Source = Service Control Manager | ID = 7022
Description =


< End of report >
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
We will need to replace the current atapi.sys driver. It will be simpler and safely to perform this action throughout the VISTA Repair Options.
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as Fix.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, Rightclick on the file and select "Run as an Administrator".
Code:
@Echo Off
MD C:\Backup
Copy C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys C:\Backup
Exit
This batch file should create a Backup folder under C:\ and transfer a good copy of the atapi.sys driver to this new folder.

Boot the computer to the repair options.


Boot the computer and Tap on F8 to reach the Advanced menu. Select Repair Your Computer, then the command prompt.

See above. I am assuing the Operating System is in the C: drive. At the prompt type the following and press Enter after each line:

C:
cd \
cd Backup
Copy /y atapi.sys C:\Windows\System32\Drivers


You should receive a 1 file copied message.

Type Exit and restart the computer. Run GMER once again and post its report.

===========================================

If you are having problems with these instructions let me know and we can try other method.
 

THFC

Thread Starter
Joined
Apr 8, 2007
Messages
16
Hi,

I don't have a restore partition so I do not get the advanced options. Can I do this by booting in safe mode with command prompt?

Regards

Paul.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi,

I don't have a restore partition so I do not get the advanced options. Can I do this by booting in safe mode with command prompt?

Regards

Paul.
No. It wont work. You can reach the Repair Your Computer option with the VISTA CD. Else follow these steps.

Create and run the Fix.bat. The following instructions assume there is a backup folder under C:\ and that a copy of the atapi.sys file is in this folder.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:
Begin copying here:
Files to move:
C:\Backup\atapi.sys|C:\Windows\System32\Drivers\atapi.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger&#8217;s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a GMER report.
 

THFC

Thread Starter
Joined
Apr 8, 2007
Messages
16
Hi,

I booted the laptop from the Vista DVD and ran the recovery console in command prompt mode. I copied the replacement file over and rebooted. I then ran GMER again (log file below). The good news is the security update installed ok, I do however have one small problem with my DVD emulator (DAEMON Tools Lite) giving the error message:

"This program requires at least Windows 2000 with SPTD 1.51 or higher. Kernel debugger must be deactivated."

I know there is a new version of the program available, should I just unistall the old version and install the new one? I don't understand the reference to "Kernel debugger must be deactivated".

Regards

Paul.

GMER Log File

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-26 10:37:53
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Paul\AppData\Local\Temp\fxtdipob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641f734e6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xB1 0x64 0x6D 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xE6 0x4C 0x1A 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016[email protected] 0x9B 0x2E 0x01 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x2C 0x79 0x1A 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x32 0x89 0xD8 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x6E 0x60 0xA5 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD9 0xC7 0xB4 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x36 0xC8 0x6D 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641f734e6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xB1 0x64 0x6D 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xE6 0x4C 0x1A 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x2E 0x01 0xE7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x2C 0x79 0x1A 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x32 0x89 0xD8 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x6E 0x60 0xA5 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD9 0xC7 0xB4 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x36 0xC8 0x6D 0x60 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x2E 0x06 0xFA 0x74 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\[email protected] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy29.gthr
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\[email protected] 29

---- EOF - GMER 1.0.15 ----
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
The new application should take care of that, but wait until all is clear.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please run the F-Secure Online Scanner

  • For information click Here.
  • Allow the installation of the Add-ons and Accept the License Agreement.
  • Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
 

THFC

Thread Starter
Joined
Apr 8, 2007
Messages
16
Hi,

The MWBAM scan is clear.

The F-Secure scan is running now.

Regards

Paul.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4038

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

26/04/2010 16:43:44
mbam-log-2010-04-26 (16-43-44).txt

Scan type: Quick scan
Objects scanned: 122095
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

THFC

Thread Starter
Joined
Apr 8, 2007
Messages
16
Hi,

Here is the completed F-Secure log file:

Regards

Paul.

Scanning Report
Monday, April 26, 2010 17:07:28 - 17:36:13

Computer name: TC4400V
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\
13 malware found
TrackingCookie.Questionmarket (spyware)

* System (Disinfected)

TrackingCookie.Advertising (spyware)

* System (Disinfected)

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Adtech (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

TrackingCookie.Revsci (spyware)

* System (Disinfected)

TrackingCookie.Adbrite (spyware)

* System (Disinfected)

TrackingCookie.Xiti (spyware)

* System (Disinfected)

TrackingCookie.Mediaplex (spyware)

* System (Disinfected)

TrackingCookie.Tradedoubler (spyware)

* System (Disinfected)

TrackingCookie.Statcounter (spyware)

* System (Disinfected)

TrackingCookie.Atwola (spyware)

* System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 49135
* System: 3980
* Not scanned: 21

Actions:

* Disinfected: 13
* Renamed: 0
* Deleted: 0
* Not cleaned: 0
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\USERS\PAUL\APPDATA\LOCAL\TEMP\HSPERFDATA_PAUL\2340
* C:\USERS\PAUL\APPDATA\LOCAL\TEMP\HSPERFDATA_PAUL\6024
* C:\USERS\PAUL\APPDATA\LOCAL\MICROSOFT\INPUTPERSONALIZATION\INKSTORE.MDB
* C:\SYSTEM VOLUME INFORMATION\{1320A91F-504C-11DF-9198-001641F734E6}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{C3F07C30-5110-11DF-9E39-001641F734E6}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\BOOT\BCD

Options
Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Looks clear. Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.
  • Rename Combofix to Uninstall and click on it. That should remove the application.
Launch OTL and click on the Cleanup button. Follow the prompts.

Manually remove any tool left.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  3. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  4. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  5. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  6. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Remove and reinstall DAEMON Tools Lite. Let me know if you experience any problems.

Best wishes!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top