Cant run Malwarebytes' Anti-Malware in Safe Mode [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Cant run Malwarebytes' Anti-Malware in Safe Mode [Solved]

#1 vee2008

Group: Member
Posts: 9
Joined: 23-January 08

Posted 03 September 2009 - 09:50 AM

I have a Dell Dimension 4600 desktop which opens with the MS Windows XP splash screen and then goes blank displaying nothing, except the mouse which responds when moved. The keyboard does not respond.

I have read "Malware and Spyware Cleaning Guide". Booted in safe mode, logged on as administrator but cant run Malwarebytes' Anti-Malware (tried renaming it) or Ad-aware. When I double click the files I get no response - the computer seems to think for a while and then do nothing. It looks like I can't access the internet in safe mode. I have laptop that I could use to download files if needed.

Just before all this happened, I did get some warnings about virus saying the computer was infected - but I did not note the name. Explorer.exe was not working but I managed to copy a version from another computer and explorer.exe appears ok now.

Thanks in advance

#2 Essexboy

Group: GeekU Moderator
Posts: 55,545
Joined: 31-May 06

Posted 03 September 2009 - 12:45 PM

Hi there, OK I have three programmes for you to run so that I can see where the problem lies

FIRST

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

SECOND

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

THIRD

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new Window should appear.
Make sure Scan all drives is selected and click on the Start button.
When it is complete a new Window will appear to indicate that the scan is finished.
The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

#3 vee2008

Group: Member
Posts: 9
Joined: 23-January 08

Posted 05 September 2009 - 04:14 AM

Thanks. Unfortunately I cant reach this stage as the computer comes up with a blank black screen in safe mode (with the word ‘safe’ in each corner of the screen). When I boot in normal mode the computer freezes at the Windows splash screen.

CTRL ALT DEL did work in safe mode but now is not working.

Any ideas?

#4 Essexboy

Group: GeekU Moderator
Posts: 55,545
Joined: 31-May 06

Posted 05 September 2009 - 05:35 AM

So you can do nothing in safe mode at all ?

#5 vee2008

Group: Member
Posts: 9
Joined: 23-January 08

Posted 05 September 2009 - 05:54 AM

Sometimes, CTRL ALT DEL works, so I copied explorer.exe from stick and ran win32kdiag. Find below the Win32kDiag.txt

OTS ran for a few minutes and then closed itself! Tried again and get the message “Windows cannot access the specified device...you may not have permissions”

When running SpyProt I got the message “Failed to start service needs to be run with admin privilages” after clicking Create Log. Then the program closed itself!

Win32kDiag.txt
Log file is located at: C:\Documents and Settings\vee\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17B.tmp\ZAP17B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP197.tmp\ZAP197.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP199.tmp\ZAP199.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP390.tmp\ZAP390.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP65.tmp\ZAP65.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Crystal\Crystal
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\explorer.exe
[1] 2007-06-13 12:26:03 1033216 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe (Microsoft Corporation)
[1] 2007-06-13 11:23:07 1033216 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe (Microsoft Corporation)
[1] 2002-08-29 06:00:00 1004032 C:\WINDOWS\$NtUninstallKB820291$\explorer.exe (Microsoft Corporation)
[1] 2004-08-04 08:56:49 1032192 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe (Microsoft Corporation)
[1] 2008-04-14 01:12:20 1033728 C:\WINDOWS\explorer.exe ()
[1] 2008-04-14 01:12:19 1033728 C:\WINDOWS\ServicePackFiles\i386\explorer.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Java\TrustLib\TrustLib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\MUI\MUI
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SECURITY\LOGS\LOGS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\MMC\MMC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012004090220040903\MSHist012004090220040903
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Pictures\Dell Image Expert Images\Dell Image Expert Images
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\Dell\SystemProfiler\SystemProfiler
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\SYSTEM32\eventlog.dll
[1] 2004-08-04 08:56:42 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 01:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 01:11:53 62464 C:\WINDOWS\SYSTEM32\eventlog.dll ()
[2] 2008-04-14 01:11:53 56320 C:\WINDOWS\SYSTEM32\logevent.dll (Microsoft Corporation)
[1] 2002-08-29 06:00:00 49152 C:\i386\EVENTLOG.DLL (Microsoft Corporation)

Found mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\SYSTEM32\hkcmd.exe
[1] 2003-04-07 01:07:38 114688 C:\WINDOWS\SYSTEM32\hkcmd.exe ()
[1] 2003-04-07 01:07:38 114688 C:\WINDOWS\SYSTEM32\ReinstallBackups\0017\DriverFiles\hkcmd.exe (Intel Corporation)

Found mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\WBEM\SNMP\SNMP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\WINS\WINS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\Μicrosoft\Μicrosoft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^

Finished!

#6 Essexboy

Group: GeekU Moderator
Posts: 55,545
Joined: 31-May 06

Posted 05 September 2009 - 08:03 AM

OK explorer is infected

1. Please download The Avenger2 by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Files to move:
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll | C:\WINDOWS\SYSTEM32\eventlog.dll
C:\WINDOWS\ServicePackFiles\i386\explorer.exe | C:\WINDOWS\explorer.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply

THEN

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.
"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

FINALLY

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a OTL log so we can continue cleaning the system.

#7 vee2008

Group: Member
Posts: 9
Joined: 23-January 08

Posted 05 September 2009 - 11:07 AM

Avenger
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\ServicePackFiles\i386\eventlog.dll|C:\WINDOWS\SYSTEM32\eventlog.dll" completed successfully.

Error: file "C:\WINDOWS\explorer.exe" is whitelisted
File move operation "C:\WINDOWS\ServicePackFiles\i386\explorer.exe|C:\WINDOWS\explorer.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Completed script processing.

*******************

Finished! Terminate.

I could not find a file named C:\ComboFix.txt

win32kdiag.txt

Log file is located at: C:\Documents and Settings\Administrator.D8KQGZ0J\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Cannot access: C:\WINDOWS\$NtUninstallKB824141$\user32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB824141$\user32.dll

[1] 2005-03-02 19:19:56 577024 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll (Microsoft Corporation)

[1] 2007-03-08 16:48:36 578048 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll (Microsoft Corporation)

[1] 2007-03-08 16:36:28 577536 C:\WINDOWS\$NtServicePackUninstall$\user32.dll (Microsoft Corporation)

[1] 2002-11-01 23:26:46 528896 C:\WINDOWS\$NtUninstallKB824141$\user32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 560128 C:\WINDOWS\$NtUninstallKB826939$\user32.dll ()

[1] 2004-08-04 08:56:46 577024 C:\WINDOWS\$NtUninstallKB890859$\user32.dll (Microsoft Corporation)

[1] 2005-03-02 19:09:30 577024 C:\WINDOWS\$NtUninstallKB925902$\user32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:08 578560 C:\WINDOWS\ServicePackFiles\i386\user32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:08 578560 C:\WINDOWS\SYSTEM32\user32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 560128 C:\i386\USER32.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB824141$\win32k.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB824141$\win32k.sys

[1] 2005-03-02 02:11:25 1836160 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2005-10-06 01:10:04 1839360 C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2007-03-08 14:49:49 1843968 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2008-03-19 10:40:27 1845888 C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2008-09-15 13:25:27 1846912 C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys (Microsoft Corporation)

[1] 2009-02-09 12:08:53 1847552 C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys (Microsoft Corporation)

[1] 2009-04-17 11:50:18 1847808 C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys (Microsoft Corporation)

[1] 2008-03-19 10:47:00 1845248 C:\WINDOWS\$NtServicePackUninstall$\win32k.sys (Microsoft Corporation)

[1] 2003-07-15 17:01:52 1677056 C:\WINDOWS\$NtUninstallKB824141$\win32k.sys (Microsoft Corporation)

[1] 2004-08-04 07:17:40 1835904 C:\WINDOWS\$NtUninstallKB890859$\win32k.sys (Microsoft Corporation)

[1] 2005-03-02 02:06:57 1836288 C:\WINDOWS\$NtUninstallKB896424$\win32k.sys (Microsoft Corporation)

[1] 2005-10-06 01:05:59 1839488 C:\WINDOWS\$NtUninstallKB925902$\win32k.sys (Microsoft Corporation)

[1] 2007-03-08 14:47:48 1843584 C:\WINDOWS\$NtUninstallKB941693$\win32k.sys (Microsoft Corporation)

[1] 2008-04-13 20:30:10 1845632 C:\WINDOWS\$NtUninstallKB954211$\win32k.sys (Microsoft Corporation)

[1] 2008-09-15 13:12:56 1846400 C:\WINDOWS\$NtUninstallKB958690$\win32k.sys (Microsoft Corporation)

[1] 2009-02-09 12:13:27 1846784 C:\WINDOWS\$NtUninstallKB968537$\win32k.sys (Microsoft Corporation)

[1] 2008-04-13 20:30:10 1845632 C:\WINDOWS\ServicePackFiles\i386\win32k.sys (Microsoft Corporation)

[1] 2009-04-17 13:26:40 1847168 C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys (Microsoft Corporation)

[1] 2009-04-17 13:26:40 1847168 C:\WINDOWS\SYSTEM32\win32k.sys (Microsoft Corporation)

[2] 2009-02-09 12:13:27 1846784 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1080\A0173725.sys (Microsoft Corporation)

[2] 2009-02-09 12:13:27 1846784 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1080\A0173854.dll (Microsoft Corporation)

[1] 2003-07-15 17:01:52 1677056 C:\i386\win32k.sys (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe

[1] 2004-08-04 08:56:47 183808 C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 179200 C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:11 184320 C:\WINDOWS\ServicePackFiles\i386\accwiz.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:11 184320 C:\WINDOWS\SYSTEM32\accwiz.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 179200 C:\i386\ACCWIZ.EXE (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll

[1] 2004-08-04 08:56:41 60416 C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 53248 C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 62464 C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 62464 C:\WINDOWS\SYSTEM32\cryptsvc.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 53248 C:\i386\CRYPTSVC.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll

[1] 2005-05-27 03:08:59 41472 C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll (Microsoft Corporation)

[1] 2005-05-27 03:04:27 41472 C:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll (Microsoft Corporation)

[1] 2003-03-20 16:57:24 37888 C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:42 38912 C:\WINDOWS\$NtUninstallKB896358$\hhsetup.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:54 41472 C:\WINDOWS\ServicePackFiles\i386\hhsetup.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:54 41472 C:\WINDOWS\SYSTEM32\hhsetup.dll (Microsoft Corporation)

[1] 2003-03-20 16:57:24 37888 C:\i386\hhsetup.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\itss.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\itss.dll

[1] 2005-05-27 03:08:59 137216 C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll (Microsoft Corporation)

[1] 2005-05-27 03:04:27 137216 C:\WINDOWS\$NtServicePackUninstall$\itss.dll (Microsoft Corporation)

[1] 2003-03-20 16:57:26 122368 C:\WINDOWS\$NtUninstallKB826939$\itss.dll (Microsoft Corporation)

[1] 2003-01-10 22:43:48 122368 C:\WINDOWS\$NtUninstallKB840315$\itss.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:42 134144 C:\WINDOWS\$NtUninstallKB896358$\itss.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:55 138240 C:\WINDOWS\ServicePackFiles\i386\itss.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:55 138240 C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

[1] 2003-03-20 16:57:26 122368 C:\i386\itss.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\locator.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\locator.exe

[1] 2004-08-04 08:56:50 75264 C:\WINDOWS\$NtServicePackUninstall$\locator.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 68096 C:\WINDOWS\$NtUninstallKB826939$\locator.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:24 75264 C:\WINDOWS\ServicePackFiles\i386\locator.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:24 75264 C:\WINDOWS\SYSTEM32\locator.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 68096 C:\i386\LOCATOR.EXE (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\magnify.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\magnify.exe

[1] 2004-08-04 08:56:50 72704 C:\WINDOWS\$NtServicePackUninstall$\magnify.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 67584 C:\WINDOWS\$NtUninstallKB826939$\magnify.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:24 72704 C:\WINDOWS\ServicePackFiles\i386\magnify.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:24 72704 C:\WINDOWS\SYSTEM32\magnify.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 67584 C:\i386\MAGNIFY.EXE (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe

[1] 2005-04-28 01:12:57 245248 C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe (Microsoft Corporation)

[2] 2005-04-28 01:12:57 241152 C:\WINDOWS\$NtServicePackUninstall$\migwiza.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 230400 C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe (Microsoft Corporation)

[1] 2004-08-04 08:56:51 240128 C:\WINDOWS\$NtUninstallKB896344$\migwiz.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:25 245248 C:\WINDOWS\ServicePackFiles\i386\migwiz.exe (Microsoft Corporation)

[2] 2008-04-14 01:12:25 241152 C:\WINDOWS\ServicePackFiles\i386\migwiza.exe (Microsoft Corporation)

[2] 2004-08-04 08:56:51 236032 C:\WINDOWS\ServicePackFiles\i386\migwiz_a.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:25 245248 C:\WINDOWS\SYSTEM32\USMT\migwiz.exe (Microsoft Corporation)

[2] 2008-04-14 01:12:25 241152 C:\WINDOWS\SYSTEM32\USMT\migwiza.exe (Microsoft Corporation)

[2] 2004-08-04 08:56:51 236032 C:\WINDOWS\SYSTEM32\USMT\migwiz_a.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 230400 C:\i386\MIGWIZ.EXE (Microsoft Corporation)

[2] 2002-08-29 06:00:00 226816 C:\i386\MIGWIZ_A.EXE (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys

[1] 2005-01-19 04:51:57 451584 C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys (Microsoft Corporation)

[1] 2004-10-28 02:15:16 448128 C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys (Microsoft Corporation)

[1] 2006-05-05 11:16:39 454400 C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys (Microsoft Corporation)

[1] 2008-10-24 12:41:11 455936 C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys (Microsoft Corporation)

[1] 2006-05-05 10:41:45 453120 C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 407552 C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys (Microsoft Corporation)

[1] 2004-10-28 02:14:18 448128 C:\WINDOWS\$NtUninstallKB885250$\mrxsmb.sys (Microsoft Corporation)

[1] 2004-08-04 07:15:16 451456 C:\WINDOWS\$NtUninstallKB885835$\mrxsmb.sys (Microsoft Corporation)

[1] 2005-01-19 05:26:52 451584 C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys (Microsoft Corporation)

[1] 2008-04-13 20:17:01 456576 C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys (Microsoft Corporation)

[1] 2008-10-24 12:21:09 455296 C:\WINDOWS\Driver Cache\I386\mrxsmb.sys (Microsoft Corporation)

[1] 2008-04-13 20:17:01 456576 C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys (Microsoft Corporation)

[1] 2008-10-24 12:21:09 455296 C:\WINDOWS\SYSTEM32\DLLCACHE\mrxsmb.sys (Microsoft Corporation)

[1] 2008-10-24 12:21:09 455296 C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 407552 C:\i386\MRXSMB.SYS (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\narrator.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\narrator.exe

[1] 2004-08-04 08:56:54 53760 C:\WINDOWS\$NtServicePackUninstall$\narrator.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 51200 C:\WINDOWS\$NtUninstallKB826939$\narrator.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:29 53760 C:\WINDOWS\ServicePackFiles\i386\narrator.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:29 53760 C:\WINDOWS\SYSTEM32\narrator.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 51200 C:\i386\NARRATOR.EXE (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\newdev.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\newdev.dll

[1] 2004-08-04 08:56:44 248832 C:\WINDOWS\$NtServicePackUninstall$\newdev.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 238080 C:\WINDOWS\$NtUninstallKB826939$\newdev.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:02 247808 C:\WINDOWS\ServicePackFiles\i386\newdev.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:02 247808 C:\WINDOWS\SYSTEM32\newdev.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 238080 C:\i386\NEWDEV.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll

[1] 2009-02-09 11:56:35 715264 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntdll.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:36 708096 C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 668672 C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:24 706048 C:\WINDOWS\$NtUninstallKB956572$\ntdll.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:24 706048 C:\WINDOWS\ServicePackFiles\i386\ntdll.dll (Microsoft Corporation)

[1] 2009-02-09 13:10:48 714752 C:\WINDOWS\SYSTEM32\DLLCACHE\ntdll.dll (Microsoft Corporation)

[1] 2009-02-09 13:10:48 714752 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 668672 C:\i386\NTDLL.DLL (Microsoft Corporation)

[1] 2002-08-29 08:00:00 668672 C:\i386\SYSTEM32\NTDLL.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll

[1] 2004-08-04 08:56:44 102400 C:\WINDOWS\$NtServicePackUninstall$\pchshell.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 97792 C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:02 102912 C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchshell.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:02 102912 C:\WINDOWS\ServicePackFiles\i386\pchshell.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys

[1] 2004-08-04 07:14:26 48384 C:\WINDOWS\$NtServicePackUninstall$\raspptp.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 46336 C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys (Microsoft Corporation)

[1] 2008-04-13 20:19:48 48384 C:\WINDOWS\ServicePackFiles\i386\raspptp.sys (Microsoft Corporation)

[1] 2008-04-13 20:19:48 48384 C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 46336 C:\i386\RASPPTP.SYS (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\shell32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\shell32.dll

[1] 2004-12-21 21:50:55 8451072 C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2005-03-01 00:06:29 8451584 C:\WINDOWS\$hf_mig$\KB893086\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2005-09-23 04:18:20 8452608 C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-03-17 05:46:31 8454656 C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-07-13 15:03:23 8457728 C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-12-19 22:50:10 8458752 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 20:04:34 8461824 C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll (Microsoft Corporation)

[1] 2007-10-26 04:34:01 8460288 C:\WINDOWS\$NtServicePackUninstall$\shell32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8336384 C:\WINDOWS\$NtUninstallKB826939$\shell32.dll (Microsoft Corporation)

[1] 2003-06-11 21:43:48 8240640 C:\WINDOWS\$NtUninstallKB833998$\shell32.dll ()

[1] 2004-02-21 04:07:54 8348160 C:\WINDOWS\$NtUninstallKB839645$\shell32.dll ()

[1] 2004-08-04 08:56:45 8384000 C:\WINDOWS\$NtUninstallKB890047$\shell32.dll (Microsoft Corporation)

[1] 2004-12-21 21:49:36 8450048 C:\WINDOWS\$NtUninstallKB893086$\shell32.dll (Microsoft Corporation)

[1] 2005-03-01 00:11:18 8450048 C:\WINDOWS\$NtUninstallKB900725$\shell32.dll (Microsoft Corporation)

[1] 2005-09-23 04:05:29 8450560 C:\WINDOWS\$NtUninstallKB908531$\shell32.dll (Microsoft Corporation)

[1] 2006-03-17 05:03:54 8452096 C:\WINDOWS\$NtUninstallKB921398$\shell32.dll (Microsoft Corporation)

[1] 2006-07-13 14:33:27 8453632 C:\WINDOWS\$NtUninstallKB928255$\shell32.dll (Microsoft Corporation)

[1] 2006-12-19 22:52:18 8453632 C:\WINDOWS\$NtUninstallKB943460$\shell32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:05 8461312 C:\WINDOWS\$NtUninstallKB967715$\shell32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:05 8461312 C:\WINDOWS\ServicePackFiles\i386\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 20:02:19 8461312 C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 20:02:19 8461312 C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8336384 C:\i386\SHELL32.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll

[1] 2004-08-04 08:56:45 239104 C:\WINDOWS\$NtServicePackUninstall$\srrstr.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 226304 C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:07 239104 C:\WINDOWS\ServicePackFiles\i386\srrstr.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:07 239104 C:\WINDOWS\SYSTEM32\srrstr.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 226304 C:\i386\SRRSTR.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\srv.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\srv.sys

[1] 2005-05-10 01:22:21 332544 C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\srv.sys (Microsoft Corporation)

[1] 2006-04-21 07:46:15 332800 C:\WINDOWS\$hf_mig$\KB917159\SP2QFE\srv.sys (Microsoft Corporation)

[1] 2006-08-14 13:00:42 332928 C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys (Microsoft Corporation)

[1] 2008-09-08 12:37:19 333824 C:\WINDOWS\$hf_mig$\KB957095\SP3QFE\srv.sys (Microsoft Corporation)

[1] 2008-12-11 13:33:59 333952 C:\WINDOWS\$hf_mig$\KB958687\SP3QFE\srv.sys (Microsoft Corporation)

[1] 2006-08-14 11:34:41 332928 C:\WINDOWS\$NtServicePackUninstall$\srv.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 330368 C:\WINDOWS\$NtUninstallKB826939$\srv.sys (Microsoft Corporation)

[1] 2004-08-04 07:14:45 336256 C:\WINDOWS\$NtUninstallKB896422$\srv.sys (Microsoft Corporation)

[1] 2005-05-10 01:17:51 332544 C:\WINDOWS\$NtUninstallKB917159$\srv.sys (Microsoft Corporation)

[1] 2006-04-21 07:12:27 332800 C:\WINDOWS\$NtUninstallKB923414$\srv.sys (Microsoft Corporation)

[1] 2008-04-13 20:15:11 334848 C:\WINDOWS\$NtUninstallKB957095$\srv.sys (Microsoft Corporation)

[1] 2008-09-08 11:41:42 333824 C:\WINDOWS\$NtUninstallKB958687$\srv.sys (Microsoft Corporation)

[1] 2008-04-13 20:15:11 334848 C:\WINDOWS\ServicePackFiles\i386\srv.sys (Microsoft Corporation)

[1] 2008-12-11 11:57:09 333952 C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys (Microsoft Corporation)

[1] 2008-12-11 11:57:09 333952 C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 330368 C:\i386\SRV.SYS (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb

[1] 2009-03-27 07:33:14 1203922 C:\WINDOWS\$hf_mig$\KB923561\SP3QFE\sysmain.sdb ()

[1] 2006-10-04 15:06:21 1197294 C:\WINDOWS\$NtServicePackUninstall$\sysmain.sdb ()

[1] 2002-08-29 06:00:00 1082436 C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb ()

[1] 2008-04-14 01:15:28 1202774 C:\WINDOWS\$NtUninstallKB923561$\sysmain.sdb ()

[1] 2004-08-04 09:02:14 1190796 C:\WINDOWS\$NtUninstallKB926239$\sysmain.sdb ()

[1] 2002-11-01 22:13:00 1080070 C:\WINDOWS\$NtUninstallQ814995$\sysmain.sdb ()

[1] 2009-03-27 07:58:38 1203922 C:\WINDOWS\AppPatch\sysmain.sdb ()

[1] 2008-04-14 01:15:28 1202774 C:\WINDOWS\ServicePackFiles\i386\sysmain.sdb ()

[1] 2009-03-27 07:58:38 1203922 C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb ()

[1] 2002-08-29 06:00:00 1082436 C:\i386\SYSMAIN.SDB ()

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\user32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\user32.dll

[1] 2005-03-02 19:19:56 577024 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll (Microsoft Corporation)

[1] 2007-03-08 16:48:36 578048 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll (Microsoft Corporation)

[1] 2007-03-08 16:36:28 577536 C:\WINDOWS\$NtServicePackUninstall$\user32.dll (Microsoft Corporation)

[1] 2002-11-01 23:26:46 528896 C:\WINDOWS\$NtUninstallKB824141$\user32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 560128 C:\WINDOWS\$NtUninstallKB826939$\user32.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:46 577024 C:\WINDOWS\$NtUninstallKB890859$\user32.dll (Microsoft Corporation)

[1] 2005-03-02 19:09:30 577024 C:\WINDOWS\$NtUninstallKB925902$\user32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:08 578560 C:\WINDOWS\ServicePackFiles\i386\user32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:08 578560 C:\WINDOWS\SYSTEM32\user32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 560128 C:\i386\USER32.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll

[1] 2005-03-02 19:19:56 291328 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll (Microsoft Corporation)

[1] 2005-09-01 02:44:05 291840 C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll (Microsoft Corporation)

[1] 2007-03-17 14:45:03 292864 C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll (Microsoft Corporation)

[1] 2007-03-17 14:43:01 292864 C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 276480 C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:46 290816 C:\WINDOWS\$NtUninstallKB890859$\winsrv.dll (Microsoft Corporation)

[1] 2005-03-02 19:09:30 291328 C:\WINDOWS\$NtUninstallKB900725$\winsrv.dll (Microsoft Corporation)

[1] 2005-09-01 02:41:54 291840 C:\WINDOWS\$NtUninstallKB930178$\winsrv.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:09 293376 C:\WINDOWS\ServicePackFiles\i386\winsrv.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:09 293376 C:\WINDOWS\SYSTEM32\winsrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 276480 C:\i386\WINSRV.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll

[1] 2006-05-19 14:46:40 112128 C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll (Microsoft Corporation)

[1] 2006-05-19 13:59:41 111616 C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 99840 C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:42 111104 C:\WINDOWS\$NtUninstallKB914388$\dhcpcsvc.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 126976 C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 126976 C:\WINDOWS\SYSTEM32\dhcpcsvc.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 99840 C:\i386\DHCPCSVC.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\ndis.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\ndis.sys

[1] 2004-08-04 07:14:28 182912 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (Microsoft Corporation)

[1] 2003-03-06 11:30:58 162432 C:\WINDOWS\$NtUninstallKB826942$\ndis.sys (Microsoft Corporation)

[1] 2008-04-13 20:20:37 182656 C:\WINDOWS\ServicePackFiles\i386\ndis.sys (Microsoft Corporation)

[1] 2008-04-13 20:20:37 182656 C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys (Microsoft Corporation)

[1] 2003-03-06 11:30:58 162432 C:\i386\ndis.sys (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys

[1] 2004-08-04 07:03:12 12928 C:\WINDOWS\$NtServicePackUninstall$\ndisuio.sys (Microsoft Corporation)

[1] 2003-03-06 11:30:58 12416 C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys (Microsoft Corporation)

[1] 2008-04-13 19:55:58 14592 C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys (Microsoft Corporation)

[1] 2008-04-13 19:55:58 14592 C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys (Microsoft Corporation)

[1] 2003-03-06 11:30:58 12416 C:\i386\ndisuio.sys (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\netshell.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\netshell.dll

[1] 2004-08-04 08:56:44 1708032 C:\WINDOWS\$NtServicePackUninstall$\netshell.dll (Microsoft Corporation)

[1] 2003-03-10 13:25:46 1632768 C:\WINDOWS\$NtUninstallKB826942$\netshell.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:02 1703936 C:\WINDOWS\ServicePackFiles\i386\netshell.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:02 1703936 C:\WINDOWS\SYSTEM32\netshell.dll (Microsoft Corporation)

[1] 2003-03-10 13:25:46 1632768 C:\i386\netshell.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll

[1] 2004-08-04 08:56:46 378368 C:\WINDOWS\$NtServicePackUninstall$\wzcdlg.dll (Microsoft Corporation)

[1] 2003-03-10 13:25:46 57344 C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:11 383488 C:\WINDOWS\ServicePackFiles\i386\wzcdlg.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:11 383488 C:\WINDOWS\SYSTEM32\wzcdlg.dll (Microsoft Corporation)

[1] 2003-03-10 13:25:46 57344 C:\i386\wzcdlg.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll

[1] 2004-08-04 08:56:46 51712 C:\WINDOWS\$NtServicePackUninstall$\wzcsapi.dll (Microsoft Corporation)

[1] 2003-03-10 13:25:48 31232 C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:11 52736 C:\WINDOWS\ServicePackFiles\i386\wzcsapi.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:11 52736 C:\WINDOWS\SYSTEM32\wzcsapi.dll (Microsoft Corporation)

[1] 2003-03-10 13:25:48 31232 C:\i386\wzcsapi.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll

[1] 2004-08-04 08:56:46 359936 C:\WINDOWS\$NtServicePackUninstall$\wzcsvc.dll (Microsoft Corporation)

[1] 2003-03-10 13:25:48 280064 C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:11 483840 C:\WINDOWS\ServicePackFiles\i386\wzcsvc.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:11 483840 C:\WINDOWS\SYSTEM32\wzcsvc.dll (Microsoft Corporation)

[1] 2003-03-10 13:25:48 280064 C:\i386\wzcsvc.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll

[1] 2004-08-04 08:56:42 57344 C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 51200 C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll (Microsoft Corporation)

[1] 2003-09-19 18:37:54 51712 C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll ()

[1] 2008-04-14 01:11:58 57344 C:\WINDOWS\ServicePackFiles\i386\msasn1.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:58 57344 C:\WINDOWS\SYSTEM32\msasn1.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 51200 C:\i386\MSASN1.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

[1] 2005-07-26 05:20:23 225792 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:42 225792 C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 215040 C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:41 229888 C:\WINDOWS\$NtUninstallKB902400$\catsrv.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:50 226304 C:\WINDOWS\ServicePackFiles\i386\catsrv.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:50 226304 C:\WINDOWS\SYSTEM32\catsrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 215040 C:\i386\CATSRV.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

[1] 2005-07-26 05:20:23 625152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:43 625152 C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 582656 C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:41 628224 C:\WINDOWS\$NtUninstallKB902400$\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:50 625664 C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:50 625664 C:\WINDOWS\SYSTEM32\catsrvut.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 582656 C:\i386\CATSRVUT.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

[1] 2005-07-26 05:20:23 110080 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:43 110080 C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 100864 C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:41 110080 C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:50 110592 C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:50 110592 C:\WINDOWS\SYSTEM32\clbcatex.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 100864 C:\i386\CLBCATEX.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

[1] 2005-07-26 05:20:24 498688 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:43 498688 C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 468480 C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:41 501248 C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:50 498688 C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:50 498688 C:\WINDOWS\SYSTEM32\clbcatq.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 468480 C:\i386\CLBCATQ.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

[1] 2005-07-26 05:20:24 60416 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:43 60416 C:\WINDOWS\$NtServicePackUninstall$\colbact.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 56832 C:\WINDOWS\$NtUninstallKB828741$\colbact.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:41 62464 C:\WINDOWS\$NtUninstallKB902400$\colbact.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 60416 C:\WINDOWS\ServicePackFiles\i386\colbact.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 60416 C:\WINDOWS\SYSTEM32\colbact.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 56832 C:\i386\COLBACT.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

[1] 2005-07-26 05:20:24 195072 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:44 195072 C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 186880 C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:41 195584 C:\WINDOWS\$NtUninstallKB902400$\comadmin.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 195072 C:\WINDOWS\ServicePackFiles\i386\comadmin.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 195072 C:\WINDOWS\SYSTEM32\Com\comadmin.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 186880 C:\i386\COMADMIN.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

[1] 2004-08-04 08:56:48 9728 C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8192 C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:15 9728 C:\WINDOWS\ServicePackFiles\i386\comrepl.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:15 9728 C:\WINDOWS\SYSTEM32\Com\comrepl.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8192 C:\i386\COMREPL.EXE (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

[1] 2005-07-26 05:20:27 1267200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:44 1267200 C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1172992 C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:41 1251840 C:\WINDOWS\$NtUninstallKB902400$\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 1267200 C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 1267200 C:\WINDOWS\SYSTEM32\comsvcs.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1172992 C:\i386\COMSVCS.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

[1] 2005-07-26 05:20:28 540160 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:45 540160 C:\WINDOWS\$NtServicePackUninstall$\comuid.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 495616 C:\WINDOWS\$NtUninstallKB828741$\comuid.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:41 540160 C:\WINDOWS\$NtUninstallKB902400$\comuid.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 539648 C:\WINDOWS\ServicePackFiles\i386\comuid.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:51 539648 C:\WINDOWS\SYSTEM32\comuid.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 495616 C:\i386\COMUID.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\es.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\es.dll

[1] 2005-07-26 05:20:28 243200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 21:06:43 253952 C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 21:26:58 253952 C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll (Microsoft Corporation)

[1] 2008-07-07 21:23:18 253952 C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 21:32:22 253952 C:\WINDOWS\$NtServicePackUninstall$\es.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 225280 C:\WINDOWS\$NtUninstallKB828741$\es.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:42 243200 C:\WINDOWS\$NtUninstallKB902400$\es.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:53 246272 C:\WINDOWS\$NtUninstallKB950974$\es.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:45 243200 C:\WINDOWS\$NtUninstallKB950974_0$\es.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:53 246272 C:\WINDOWS\ServicePackFiles\i386\es.dll (Microsoft Corporation)

[1] 2008-07-07 21:26:58 253952 C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll (Microsoft Corporation)

[1] 2008-07-07 21:26:58 253952 C:\WINDOWS\SYSTEM32\es.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 225280 C:\i386\ES.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

[1] 2005-07-26 05:20:29 425472 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 20:34:20 426496 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 15:09:35 428032 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 20:42:42 426496 C:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 359936 C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 425472 C:\WINDOWS\$NtUninstallKB902400$\msdtcprx.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:46 425472 C:\WINDOWS\$NtUninstallKB913580$\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:59 427008 C:\WINDOWS\$NtUninstallKB952004$\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:59 427008 C:\WINDOWS\ServicePackFiles\i386\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 15:23:32 428032 C:\WINDOWS\SYSTEM32\DLLCACHE\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 15:23:32 428032 C:\WINDOWS\SYSTEM32\msdtcprx.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 359936 C:\i386\MSDTCPRX.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

[1] 2005-07-26 05:20:31 945152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 20:34:20 956416 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 15:09:35 956928 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 20:42:42 956416 C:\WINDOWS\$NtServicePackUninstall$\msdtctm.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 869376 C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 949248 C:\WINDOWS\$NtUninstallKB902400$\msdtctm.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:47 945152 C:\WINDOWS\$NtUninstallKB913580$\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:59 956928 C:\WINDOWS\$NtUninstallKB952004$\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:59 956928 C:\WINDOWS\ServicePackFiles\i386\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 15:23:32 956928 C:\WINDOWS\SYSTEM32\DLLCACHE\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 15:23:32 956928 C:\WINDOWS\SYSTEM32\msdtctm.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 869376 C:\i386\MSDTCTM.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

[1] 2005-07-26 05:20:31 161280 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 20:34:20 161280 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 15:09:35 161792 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 20:42:42 161280 C:\WINDOWS\$NtServicePackUninstall$\msdtcuiu.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 151040 C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 161280 C:\WINDOWS\$NtUninstallKB902400$\msdtcuiu.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:47 161280 C:\WINDOWS\$NtUninstallKB913580$\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:59 161792 C:\WINDOWS\$NtUninstallKB952004$\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:59 161792 C:\WINDOWS\ServicePackFiles\i386\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 15:23:32 161792 C:\WINDOWS\SYSTEM32\DLLCACHE\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 15:23:32 161792 C:\WINDOWS\SYSTEM32\msdtcuiu.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 151040 C:\i386\MSDTCUIU.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

[1] 2005-07-26 05:20:39 66560 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 20:34:20 66560 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 15:09:35 66560 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 20:42:42 66560 C:\WINDOWS\$NtServicePackUninstall$\mtxclu.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 61440 C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 66560 C:\WINDOWS\$NtUninstallKB902400$\mtxclu.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:47 66560 C:\WINDOWS\$NtUninstallKB913580$\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:01 66560 C:\WINDOWS\$NtUninstallKB952004$\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:01 66560 C:\WINDOWS\ServicePackFiles\i386\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 15:23:32 66560 C:\WINDOWS\SYSTEM32\DLLCACHE\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 15:23:32 66560 C:\WINDOWS\SYSTEM32\mtxclu.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 61440 C:\i386\MTXCLU.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

[1] 2005-07-26 05:20:40 91136 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 20:34:20 91136 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 15:09:35 91648 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 20:42:42 91136 C:\WINDOWS\$NtServicePackUninstall$\mtxoci.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 83968 C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 90112 C:\WINDOWS\$NtUninstallKB902400$\mtxoci.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:47 91136 C:\WINDOWS\$NtUninstallKB913580$\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:01 91648 C:\WINDOWS\$NtUninstallKB952004$\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:01 91648 C:\WINDOWS\ServicePackFiles\i386\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 15:23:32 91648 C:\WINDOWS\SYSTEM32\DLLCACHE\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 15:23:32 91648 C:\WINDOWS\SYSTEM32\mtxoci.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 83968 C:\i386\MTXOCI.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

[1] 2005-01-14 06:07:42 1284608 C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-04-28 20:35:02 1286144 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-26 05:20:40 1285632 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:48 1285120 C:\WINDOWS\$NtServicePackUninstall$\ole32.dll (Microsoft Corporation)

[1] 2003-08-25 14:53:44 1172992 C:\WINDOWS\$NtUninstallKB828741$\ole32.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 1281536 C:\WINDOWS\$NtUninstallKB873333$\ole32.dll (Microsoft Corporation)

[1] 2005-01-14 09:55:50 1285120 C:\WINDOWS\$NtUninstallKB894391$\ole32.dll (Microsoft Corporation)

[1] 2005-04-28 20:31:11 1285120 C:\WINDOWS\$NtUninstallKB902400$\ole32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:02 1287168 C:\WINDOWS\ServicePackFiles\i386\ole32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:02 1287168 C:\WINDOWS\SYSTEM32\ole32.dll (Microsoft Corporation)

[1] 2003-08-25 14:53:44 1172992 C:\i386\OLE32.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

[1] 2009-04-15 16:24:20 585216 C:\WINDOWS\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll (Microsoft Corporation)

[1] 2007-07-09 14:16:16 582656 C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll (Microsoft Corporation)

[1] 2003-08-25 14:53:46 532480 C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 581120 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:04 584704 C:\WINDOWS\$NtUninstallKB970238$\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:04 584704 C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 15:51:25 585216 C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 15:51:25 585216 C:\WINDOWS\SYSTEM32\rpcrt4.dll (Microsoft Corporation)

[2] 2008-04-14 01:12:04 584704 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1080\A0173802.dll (Microsoft Corporation)

[2] 2008-04-14 01:12:04 584704 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1080\A0173866.dll (Microsoft Corporation)

[1] 2003-08-25 14:53:46 532480 C:\i386\RPCRT4.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

[1] 2005-01-14 06:07:42 395776 C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-04-28 20:35:01 396288 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-26 05:20:40 398336 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 11:56:36 401408 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:49 397824 C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll (Microsoft Corporation)

[1] 2003-08-25 14:53:40 260608 C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 395776 C:\WINDOWS\$NtUninstallKB873333$\rpcss.dll (Microsoft Corporation)

[1] 2005-01-14 09:55:50 395776 C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll (Microsoft Corporation)

[1] 2005-04-28 20:31:11 395776 C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:04 399360 C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:04 399360 C:\WINDOWS\ServicePackFiles\i386\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 13:10:48 401408 C:\WINDOWS\SYSTEM32\DLLCACHE\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 13:10:48 401408 C:\WINDOWS\SYSTEM32\rpcss.dll (Microsoft Corporation)

[1] 2003-08-25 14:53:40 260608 C:\i386\RPCSS.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

[1] 2005-07-26 05:20:40 101376 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll (Microsoft Corporation)

[1] 2005-07-26 05:39:49 101376 C:\WINDOWS\$NtServicePackUninstall$\txflog.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 90624 C:\WINDOWS\$NtUninstallKB828741$\txflog.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:46 101376 C:\WINDOWS\$NtUninstallKB902400$\txflog.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:07 101376 C:\WINDOWS\ServicePackFiles\i386\txflog.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:07 101376 C:\WINDOWS\SYSTEM32\txflog.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 90624 C:\i386\TXFLOG.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB833998$\shell32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB833998$\shell32.dll

[1] 2004-12-21 21:50:55 8451072 C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2005-03-01 00:06:29 8451584 C:\WINDOWS\$hf_mig$\KB893086\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2005-09-23 04:18:20 8452608 C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-03-17 05:46:31 8454656 C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-07-13 15:03:23 8457728 C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-12-19 22:50:10 8458752 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 20:04:34 8461824 C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll (Microsoft Corporation)

[1] 2007-10-26 04:34:01 8460288 C:\WINDOWS\$NtServicePackUninstall$\shell32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8336384 C:\WINDOWS\$NtUninstallKB826939$\shell32.dll (Microsoft Corporation)

[1] 2003-06-11 21:43:48 8240640 C:\WINDOWS\$NtUninstallKB833998$\shell32.dll (Microsoft Corporation)

[1] 2004-02-21 04:07:54 8348160 C:\WINDOWS\$NtUninstallKB839645$\shell32.dll ()

[1] 2004-08-04 08:56:45 8384000 C:\WINDOWS\$NtUninstallKB890047$\shell32.dll (Microsoft Corporation)

[1] 2004-12-21 21:49:36 8450048 C:\WINDOWS\$NtUninstallKB893086$\shell32.dll (Microsoft Corporation)

[1] 2005-03-01 00:11:18 8450048 C:\WINDOWS\$NtUninstallKB900725$\shell32.dll (Microsoft Corporation)

[1] 2005-09-23 04:05:29 8450560 C:\WINDOWS\$NtUninstallKB908531$\shell32.dll (Microsoft Corporation)

[1] 2006-03-17 05:03:54 8452096 C:\WINDOWS\$NtUninstallKB921398$\shell32.dll (Microsoft Corporation)

[1] 2006-07-13 14:33:27 8453632 C:\WINDOWS\$NtUninstallKB928255$\shell32.dll (Microsoft Corporation)

[1] 2006-12-19 22:52:18 8453632 C:\WINDOWS\$NtUninstallKB943460$\shell32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:05 8461312 C:\WINDOWS\$NtUninstallKB967715$\shell32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:05 8461312 C:\WINDOWS\ServicePackFiles\i386\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 20:02:19 8461312 C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 20:02:19 8461312 C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8336384 C:\i386\SHELL32.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB833998$\sxs.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB833998$\sxs.dll

[1] 2006-10-19 14:59:58 713216 C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll (Microsoft Corporation)

[1] 2006-10-19 14:56:32 713216 C:\WINDOWS\$NtServicePackUninstall$\sxs.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 674816 C:\WINDOWS\$NtUninstallKB833998$\sxs.dll (Microsoft Corporation)

[1] 2004-02-21 04:07:54 676864 C:\WINDOWS\$NtUninstallKB839645$\sxs.dll ()

[1] 2004-08-04 08:56:46 713216 C:\WINDOWS\$NtUninstallKB926255$\sxs.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:07 713216 C:\WINDOWS\ServicePackFiles\i386\sxs.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:07 713216 C:\WINDOWS\SYSTEM32\sxs.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 674816 C:\i386\SXS.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

[1] 2004-08-04 08:56:41 385024 C:\WINDOWS\$NtServicePackUninstall$\callcont.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 360448 C:\WINDOWS\$NtUninstallKB835732$\callcont.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:50 385024 C:\WINDOWS\ServicePackFiles\i386\callcont.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 360448 C:\i386\CALLCONT.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll

[1] 2005-10-06 04:18:28 280064 C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2005-12-29 04:04:05 280064 C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2007-03-08 16:48:36 282112 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2007-06-19 14:37:21 282112 C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-02-20 07:52:43 282624 C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 13:43:42 286720 C:\WINDOWS\$hf_mig$\KB956802\SP3QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-02-20 07:51:05 282624 C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 250368 C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:42 278016 C:\WINDOWS\$NtUninstallKB896424$\gdi32.dll (Microsoft Corporation)

[1] 2005-10-06 04:09:36 280064 C:\WINDOWS\$NtUninstallKB912919$\gdi32.dll (Microsoft Corporation)

[1] 2005-12-29 03:54:35 280064 C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll (Microsoft Corporation)

[1] 2007-03-08 16:36:28 281600 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll (Microsoft Corporation)

[1] 2007-06-19 14:31:19 282112 C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:54 285184 C:\WINDOWS\$NtUninstallKB956802$\gdi32.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:54 285184 C:\WINDOWS\ServicePackFiles\i386\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 13:36:14 286720 C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 13:36:14 286720 C:\WINDOWS\SYSTEM32\gdi32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 250368 C:\i386\GDI32.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

[1] 2004-08-04 08:56:57 265728 C:\WINDOWS\$NtServicePackUninstall$\h323.tsp ()

[1] 2002-08-29 06:00:00 252928 C:\WINDOWS\$NtUninstallKB835732$\h323.tsp ()

[1] 2008-04-14 01:12:45 265728 C:\WINDOWS\ServicePackFiles\i386\h323.tsp ()

[1] 2008-04-14 01:12:45 265728 C:\WINDOWS\SYSTEM32\h323.tsp ()

[1] 2002-08-29 06:00:00 252928 C:\i386\H323.TSP ()

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

[1] 2004-08-04 08:56:42 614912 C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 592896 C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:54 614912 C:\WINDOWS\ServicePackFiles\i386\h323msp.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:54 614912 C:\WINDOWS\SYSTEM32\h323msp.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 592896 C:\i386\H323MSP.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

[1] 2004-08-04 08:56:49 768512 C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 742400 C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe (Microsoft Corporation)

[1] 2004-03-30 02:34:15 741376 C:\WINDOWS\$NtUninstallKB840374$\helpctr.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:21 769024 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:21 769024 C:\WINDOWS\ServicePackFiles\i386\helpctr.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

[1] 2004-08-04 08:56:42 331264 C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 435200 C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:55 331264 C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:55 331264 C:\WINDOWS\SYSTEM32\ipnathlp.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 435200 C:\i386\IPNATHLP.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

[1] 2004-10-28 02:28:18 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 13:37:49 726528 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2007-11-07 10:50:47 727040 C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 11:56:36 729088 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-26 10:41:12 730112 C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\lsasrv.dll (Microsoft Corporation)

[1] 2007-11-07 10:26:56 721920 C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 671744 C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:42 721920 C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-28 02:21:01 721920 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 13:28:27 721920 C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:56 728064 C:\WINDOWS\$NtUninstallKB956572$\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 13:10:49 729088 C:\WINDOWS\$NtUninstallKB968389$\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:56 728064 C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 09:25:26 730112 C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 09:25:26 730112 C:\WINDOWS\SYSTEM32\lsasrv.dll (Microsoft Corporation)

[2] 2009-02-09 13:10:49 729088 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1100\A0177662.dll (Microsoft Corporation)

[2] 2009-02-09 13:10:49 729088 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1100\A0177663.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 671744 C:\i386\LSASRV.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll

[1] 2007-03-08 16:48:36 40960 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll (Microsoft Corporation)

[1] 2007-03-08 16:36:28 40960 C:\WINDOWS\$NtServicePackUninstall$\mf3216.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 35328 C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:42 39936 C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:56 40960 C:\WINDOWS\ServicePackFiles\i386\mf3216.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:56 40960 C:\WINDOWS\SYSTEM32\mf3216.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 35328 C:\i386\MF3216.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

[1] 2004-08-04 08:56:42 57344 C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 51200 C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll (Microsoft Corporation)

[1] 2003-09-19 18:37:54 51712 C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:58 57344 C:\WINDOWS\ServicePackFiles\i386\msasn1.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:58 57344 C:\WINDOWS\SYSTEM32\msasn1.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 51200 C:\i386\MSASN1.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

[1] 2004-08-04 08:56:43 994304 C:\WINDOWS\$NtServicePackUninstall$\msgina.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 968192 C:\WINDOWS\$NtUninstallKB835732$\msgina.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:59 997376 C:\WINDOWS\ServicePackFiles\i386\msgina.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:59 997376 C:\WINDOWS\SYSTEM32\msgina.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 968192 C:\i386\MSGINA.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

[1] 2004-08-04 08:56:43 274432 C:\WINDOWS\$NtServicePackUninstall$\mst120.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 249856 C:\WINDOWS\$NtUninstallKB835732$\mst120.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:00 274432 C:\WINDOWS\ServicePackFiles\i386\mst120.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 249856 C:\i386\MST120.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

[1] 2006-07-14 16:41:56 336896 C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2006-08-17 13:37:49 337408 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 17:25:53 339456 C:\WINDOWS\$hf_mig$\KB958644\SP3QFE\netapi32.dll (Microsoft Corporation)

[1] 2006-08-17 13:28:27 332288 C:\WINDOWS\$NtServicePackUninstall$\netapi32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 309248 C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll (Microsoft Corporation)

[1] 2004-03-30 02:48:36 306176 C:\WINDOWS\$NtUninstallKB841873$\netapi32.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 332288 C:\WINDOWS\$NtUninstallKB921883$\netapi32.dll (Microsoft Corporation)

[1] 2006-07-14 16:31:39 332288 C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:01 337408 C:\WINDOWS\$NtUninstallKB958644$\netapi32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:01 337408 C:\WINDOWS\ServicePackFiles\i386\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 17:34:24 337408 C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 17:34:24 337408 C:\WINDOWS\SYSTEM32\netapi32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 309248 C:\i386\NETAPI32.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

[1] 2004-08-04 08:56:44 77824 C:\WINDOWS\$NtServicePackUninstall$\nmcom.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 69632 C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:02 77824 C:\WINDOWS\ServicePackFiles\i386\nmcom.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 69632 C:\i386\NMCOM.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

[1] 2002-08-29 06:00:00 548864 C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:50 991232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 548864 C:\i386\RTCDLL.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

[1] 2007-04-25 21:32:22 144896 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 07:58:08 144896 C:\WINDOWS\$hf_mig$\KB960225\SP3QFE\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 09:41:11 147456 C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll (Microsoft Corporation)

[1] 2007-04-25 15:21:15 144896 C:\WINDOWS\$NtServicePackUninstall$\schannel.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 136704 C:\WINDOWS\$NtUninstallKB835732$\schannel.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 144896 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:05 144384 C:\WINDOWS\$NtUninstallKB960225$\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 07:54:55 144896 C:\WINDOWS\$NtUninstallKB968389$\schannel.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:05 144384 C:\WINDOWS\ServicePackFiles\i386\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 09:25:26 147456 C:\WINDOWS\SYSTEM32\DLLCACHE\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 09:25:26 147456 C:\WINDOWS\SYSTEM32\schannel.dll (Microsoft Corporation)

[2] 2008-12-05 07:54:55 144896 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1100\A0177661.dll (Microsoft Corporation)

[2] 2008-12-05 07:54:55 144896 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1100\A0177666.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 136704 C:\i386\SCHANNEL.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll

[2] 2004-08-04 08:56:29 757248 C:\WINDOWS\$NtServicePackUninstall$\sprb041b.dll (Microsoft Corporation)

[2] 2004-08-04 08:56:30 732160 C:\WINDOWS\$NtServicePackUninstall$\sprb0424.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:36 2897920 C:\WINDOWS\$NtServicePackUninstall$\xpsp2res.dll (Microsoft Corporation)

[1] 2003-03-06 11:27:38 526848 C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll (Microsoft Corporation)

[1] 2004-03-10 18:59:50 593408 C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll ()

[1] 2004-03-10 18:59:50 593408 C:\WINDOWS\$NtUninstallKB841873$\xpsp2res.dll (Microsoft Corporation)

[2] 2008-04-13 19:38:37 757248 C:\WINDOWS\ServicePackFiles\i386\sprb041b.dll (Microsoft Corporation)

[2] 2008-04-13 19:38:36 732160 C:\WINDOWS\ServicePackFiles\i386\sprb0424.dll (Microsoft Corporation)

[1] 2008-04-13 18:39:24 2897920 C:\WINDOWS\ServicePackFiles\i386\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 19:38:37 757248 C:\WINDOWS\SYSTEM32\MUI\041b\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 18:39:24 2897920 C:\WINDOWS\SYSTEM32\MUI\041e\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 19:38:36 732160 C:\WINDOWS\SYSTEM32\MUI\0424\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 18:39:24 2897920 C:\WINDOWS\SYSTEM32\xpsp2res.dll (Microsoft Corporation)

[1] 2003-03-06 11:27:38 526848 C:\i386\xpsp2res.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\dao360.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\dao360.dll

[1] 2008-01-23 05:56:21 554008 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:42 561179 C:\WINDOWS\$NtServicePackUninstall$\dao360.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 557128 C:\WINDOWS\$NtUninstallKB837001$\dao360.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:42 561179 C:\WINDOWS\$NtUninstallKB950749$\dao360.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:25 554008 C:\WINDOWS\ServicePackFiles\i386\dao360.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:25 554008 C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 557128 C:\i386\DAO360.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll

[1] 2004-08-04 08:56:42 380957 C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 380445 C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:53 380445 C:\WINDOWS\ServicePackFiles\i386\expsrv.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:53 380445 C:\WINDOWS\SYSTEM32\expsrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 380445 C:\i386\EXPSRV.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll

[1] 2007-12-10 13:41:11 518944 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 512029 C:\WINDOWS\$NtServicePackUninstall$\msexch40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 512031 C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 512029 C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:28 518944 C:\WINDOWS\ServicePackFiles\i386\msexch40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:28 518944 C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:28 518944 C:\WINDOWS\SYSTEM32\msexch40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 512031 C:\i386\MSEXCH40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll

[1] 2007-12-10 13:41:11 326432 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 319517 C:\WINDOWS\$NtServicePackUninstall$\msexcl40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 319519 C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 319517 C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:30 326432 C:\WINDOWS\ServicePackFiles\i386\msexcl40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:30 326432 C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:30 326432 C:\WINDOWS\SYSTEM32\msexcl40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 319519 C:\i386\MSEXCL40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll

[1] 2007-12-10 13:41:11 1516568 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 1507356 C:\WINDOWS\$NtServicePackUninstall$\msjet40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1503262 C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 1507356 C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:34 1516568 C:\WINDOWS\ServicePackFiles\i386\msjet40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:34 1516568 C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:34 1516568 C:\WINDOWS\SYSTEM32\msjet40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1503262 C:\i386\MSJET40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll

[2] 2004-03-01 19:52:15 358976 C:\WINDOWS\$NtServicePackUninstall$\msjetol1.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 348195 C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll (Microsoft Corporation)

[2] 2004-03-01 19:52:15 358976 C:\WINDOWS\$NtUninstallKB950749$\msjetol1.dll (Microsoft Corporation)

[1] 2004-03-01 19:52:15 358976 C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:40 355112 C:\WINDOWS\SYSTEM32\msjetoledb40.dll ()

[1] 2002-08-29 06:00:00 348195 C:\i386\msjetoledb40.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll

[1] 2008-03-27 08:39:13 151583 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll (Microsoft Corporation)

[1] 2008-03-27 09:12:54 151583 C:\WINDOWS\$NtServicePackUninstall$\msjint40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 151626 C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 151583 C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:00 151583 C:\WINDOWS\ServicePackFiles\i386\msjint40.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:00 151583 C:\WINDOWS\SYSTEM32\msjint40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 151626 C:\i386\MSJINT40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll

[1] 2007-12-10 13:41:12 60192 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 53279 C:\WINDOWS\$NtServicePackUninstall$\msjter40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 53322 C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 53279 C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:42 60192 C:\WINDOWS\ServicePackFiles\i386\msjter40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:42 60192 C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:42 60192 C:\WINDOWS\SYSTEM32\msjter40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 53322 C:\i386\MSJTER40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll

[1] 2007-12-10 13:41:12 248608 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 241693 C:\WINDOWS\$NtServicePackUninstall$\msjtes40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 241695 C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 241693 C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:42 248608 C:\WINDOWS\ServicePackFiles\i386\msjtes40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:42 248608 C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:42 248608 C:\WINDOWS\SYSTEM32\msjtes40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 241695 C:\i386\MSJTES40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll

[1] 2007-12-10 13:41:12 219936 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 213023 C:\WINDOWS\$NtServicePackUninstall$\msltus40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 213023 C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 213023 C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:44 219936 C:\WINDOWS\ServicePackFiles\i386\msltus40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:44 219936 C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:44 219936 C:\WINDOWS\SYSTEM32\msltus40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 213023 C:\i386\MSLTUS40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll

[1] 2007-12-10 13:41:12 355104 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 348189 C:\WINDOWS\$NtServicePackUninstall$\mspbde40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 348191 C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 348189 C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:45 355104 C:\WINDOWS\ServicePackFiles\i386\mspbde40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:45 355104 C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:45 355104 C:\WINDOWS\SYSTEM32\mspbde40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 348191 C:\i386\MSPBDE40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll

[1] 2007-12-10 13:41:13 432928 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 421919 C:\WINDOWS\$NtServicePackUninstall$\msrd2x40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 421919 C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 421919 C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:47 432928 C:\WINDOWS\ServicePackFiles\i386\msrd2x40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:47 432928 C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:47 432928 C:\WINDOWS\SYSTEM32\msrd2x40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 421919 C:\i386\MSRD2X40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll

[1] 2007-12-10 13:41:13 322336 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 315423 C:\WINDOWS\$NtServicePackUninstall$\msrd3x40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 315466 C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 315423 C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:49 322336 C:\WINDOWS\ServicePackFiles\i386\msrd3x40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:49 322336 C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:49 322336 C:\WINDOWS\SYSTEM32\msrd3x40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 315466 C:\i386\MSRD3X40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll

[1] 2007-12-10 13:41:13 559904 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 552989 C:\WINDOWS\$NtServicePackUninstall$\msrepl40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 552991 C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 552989 C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:52 559904 C:\WINDOWS\ServicePackFiles\i386\msrepl40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:52 559904 C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:52 559904 C:\WINDOWS\SYSTEM32\msrepl40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 552991 C:\i386\MSREPL40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll

[1] 2007-12-10 13:41:13 264992 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 258077 C:\WINDOWS\$NtServicePackUninstall$\mstext40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 253983 C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:43 258077 C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:55 264992 C:\WINDOWS\ServicePackFiles\i386\mstext40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:55 264992 C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:55 264992 C:\WINDOWS\SYSTEM32\mstext40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 253983 C:\i386\MSTEXT40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll

[1] 2007-12-10 13:41:13 838432 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 831519 C:\WINDOWS\$NtServicePackUninstall$\mswdat10.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 831562 C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 831519 C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:57 838432 C:\WINDOWS\ServicePackFiles\i386\mswdat10.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:57 838432 C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:57 838432 C:\WINDOWS\SYSTEM32\mswdat10.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 831562 C:\i386\MSWDAT10.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll

[1] 2007-12-10 13:41:14 621344 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 614429 C:\WINDOWS\$NtServicePackUninstall$\mswstr10.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 614474 C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 614429 C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:58 621344 C:\WINDOWS\ServicePackFiles\i386\mswstr10.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:58 621344 C:\WINDOWS\SYSTEM32\DLLCACHE\mswstr10.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:58 621344 C:\WINDOWS\SYSTEM32\mswstr10.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 614474 C:\i386\MSWSTR10.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll

[1] 2007-12-10 13:41:14 355104 C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 348189 C:\WINDOWS\$NtServicePackUninstall$\msxbde40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 344095 C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:44 348189 C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:58 355104 C:\WINDOWS\ServicePackFiles\i386\msxbde40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:58 355104 C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll (Microsoft Corporation)

[1] 2008-03-25 05:50:58 355104 C:\WINDOWS\SYSTEM32\msxbde40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 344095 C:\i386\MSXBDE40.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll

[1] 2004-08-04 08:56:46 30749 C:\WINDOWS\$NtServicePackUninstall$\vbajet32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 30992 C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:08 30749 C:\WINDOWS\ServicePackFiles\i386\vbajet32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:08 30749 C:\WINDOWS\SYSTEM32\vbajet32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 30992 C:\i386\VBAJET32.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll

[1] 2004-08-04 08:56:42 87552 C:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 82432 C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:53 87552 C:\WINDOWS\ServicePackFiles\i386\fldrclnr.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:53 87552 C:\WINDOWS\SYSTEM32\fldrclnr.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 82432 C:\i386\FLDRCLNR.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB839645$\shell32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB839645$\shell32.dll

[1] 2004-12-21 21:50:55 8451072 C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2005-03-01 00:06:29 8451584 C:\WINDOWS\$hf_mig$\KB893086\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2005-09-23 04:18:20 8452608 C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-03-17 05:46:31 8454656 C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-07-13 15:03:23 8457728 C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-12-19 22:50:10 8458752 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 20:04:34 8461824 C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll (Microsoft Corporation)

[1] 2007-10-26 04:34:01 8460288 C:\WINDOWS\$NtServicePackUninstall$\shell32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8336384 C:\WINDOWS\$NtUninstallKB826939$\shell32.dll (Microsoft Corporation)

[1] 2003-06-11 21:43:48 8240640 C:\WINDOWS\$NtUninstallKB833998$\shell32.dll (Microsoft Corporation)

[1] 2004-02-21 04:07:54 8348160 C:\WINDOWS\$NtUninstallKB839645$\shell32.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:45 8384000 C:\WINDOWS\$NtUninstallKB890047$\shell32.dll (Microsoft Corporation)

[1] 2004-12-21 21:49:36 8450048 C:\WINDOWS\$NtUninstallKB893086$\shell32.dll (Microsoft Corporation)

[1] 2005-03-01 00:11:18 8450048 C:\WINDOWS\$NtUninstallKB900725$\shell32.dll (Microsoft Corporation)

[1] 2005-09-23 04:05:29 8450560 C:\WINDOWS\$NtUninstallKB908531$\shell32.dll (Microsoft Corporation)

[1] 2006-03-17 05:03:54 8452096 C:\WINDOWS\$NtUninstallKB921398$\shell32.dll (Microsoft Corporation)

[1] 2006-07-13 14:33:27 8453632 C:\WINDOWS\$NtUninstallKB928255$\shell32.dll (Microsoft Corporation)

[1] 2006-12-19 22:52:18 8453632 C:\WINDOWS\$NtUninstallKB943460$\shell32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:05 8461312 C:\WINDOWS\$NtUninstallKB967715$\shell32.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:05 8461312 C:\WINDOWS\ServicePackFiles\i386\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 20:02:19 8461312 C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 20:02:19 8461312 C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8336384 C:\i386\SHELL32.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll

[1] 2005-01-27 18:08:42 473600 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\shlwapi.dll (Microsoft Corporation)

[1] 2005-05-02 21:57:24 473600 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\shlwapi.dll (Microsoft Corporation)

[1] 2005-03-10 08:43:23 473600 C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\shlwapi.dll (Microsoft Corporation)

[1] 2005-09-03 00:53:41 474112 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\shlwapi.dll (Microsoft Corporation)

[1] 2005-07-03 03:09:33 473600 C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\shlwapi.dll (Microsoft Corporation)

[1] 2005-09-03 00:53:41 474112 C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll (Microsoft Corporation)

[1] 2005-10-21 04:38:07 474112 C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\shlwapi.dll (Microsoft Corporation)

[1] 2006-09-23 14:12:50 474112 C:\WINDOWS\$NtServicePackUninstall$\shlwapi.dll (Microsoft Corporation)

[1] 2004-01-21 16:18:42 395264 C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:45 473600 C:\WINDOWS\$NtUninstallKB867282$\shlwapi.dll (Microsoft Corporation)

[1] 2005-03-10 09:02:34 473600 C:\WINDOWS\$NtUninstallKB883939$\shlwapi.dll (Microsoft Corporation)

[1] 2005-01-27 18:13:17 473600 C:\WINDOWS\$NtUninstallKB890923$\shlwapi.dll (Microsoft Corporation)

[1] 2005-09-03 00:52:06 473600 C:\WINDOWS\$NtUninstallKB896688$\shlwapi.dll (Microsoft Corporation)

[1] 2005-05-02 21:52:36 473600 C:\WINDOWS\$NtUninstallKB896727$\shlwapi.dll (Microsoft Corporation)

[1] 2005-07-03 03:11:29 473600 C:\WINDOWS\$NtUninstallKB900725$\shlwapi.dll (Microsoft Corporation)

[1] 2005-09-03 00:52:06 473600 C:\WINDOWS\$NtUninstallKB905915$\shlwapi.dll (Microsoft Corporation)

[1] 2005-10-21 04:39:30 473600 C:\WINDOWS\$NtUninstallKB912812$\shlwapi.dll (Microsoft Corporation)

[1] 2006-03-04 04:58:50 474112 C:\WINDOWS\$NtUninstallKB916281$\shlwapi.dll (Microsoft Corporation)

[1] 2006-05-10 06:25:22 474112 C:\WINDOWS\$NtUninstallKB918899$\shlwapi.dll (Microsoft Corporation)

[1] 2006-06-23 12:25:30 474112 C:\WINDOWS\ie7\shlwapi.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:05 474112 C:\WINDOWS\ServicePackFiles\i386\shlwapi.dll (Microsoft Corporation)

[1] 2006-09-14 09:31:29 474112 C:\WINDOWS\SoftwareDistribution\Download\7e591e82f1140356bfdc52acc5a73f91\sp2qfe\shlwapi.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:05 474112 C:\WINDOWS\SYSTEM32\shlwapi.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 401920 C:\i386\SHLWAPI.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB839645$\sxs.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB839645$\sxs.dll

[1] 2006-10-19 14:59:58 713216 C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll (Microsoft Corporation)

[1] 2006-10-19 14:56:32 713216 C:\WINDOWS\$NtServicePackUninstall$\sxs.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 674816 C:\WINDOWS\$NtUninstallKB833998$\sxs.dll (Microsoft Corporation)

[1] 2004-02-21 04:07:54 676864 C:\WINDOWS\$NtUninstallKB839645$\sxs.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:46 713216 C:\WINDOWS\$NtUninstallKB926255$\sxs.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:07 713216 C:\WINDOWS\ServicePackFiles\i386\sxs.dll (Microsoft Corporation)

[1] 2008-04-14 01:12:07 713216 C:\WINDOWS\SYSTEM32\sxs.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 674816 C:\i386\SXS.DLL (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll

[2] 2004-08-04 08:56:29 757248 C:\WINDOWS\$NtServicePackUninstall$\sprb041b.dll (Microsoft Corporation)

[2] 2004-08-04 08:56:30 732160 C:\WINDOWS\$NtServicePackUninstall$\sprb0424.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:36 2897920 C:\WINDOWS\$NtServicePackUninstall$\xpsp2res.dll (Microsoft Corporation)

[1] 2003-03-06 11:27:38 526848 C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll (Microsoft Corporation)

[1] 2004-03-10 18:59:50 593408 C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll (Microsoft Corporation)

[1] 2004-03-10 18:59:50 593408 C:\WINDOWS\$NtUninstallKB841873$\xpsp2res.dll (Microsoft Corporation)

[2] 2008-04-13 19:38:37 757248 C:\WINDOWS\ServicePackFiles\i386\sprb041b.dll (Microsoft Corporation)

[2] 2008-04-13 19:38:36 732160 C:\WINDOWS\ServicePackFiles\i386\sprb0424.dll (Microsoft Corporation)

[1] 2008-04-13 18:39:24 2897920 C:\WINDOWS\ServicePackFiles\i386\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 19:38:37 757248 C:\WINDOWS\SYSTEM32\MUI\041b\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 18:39:24 2897920 C:\WINDOWS\SYSTEM32\MUI\041e\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 19:38:36 732160 C:\WINDOWS\SYSTEM32\MUI\0424\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 18:39:24 2897920 C:\WINDOWS\SYSTEM32\xpsp2res.dll (Microsoft Corporation)

[1] 2003-03-06 11:27:38 526848 C:\i386\xpsp2res.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx

[1] 2004-08-04 06:51:02 844314 C:\WINDOWS\$NtServicePackUninstall$\msdxm.ocx ()

[1] 2002-08-29 06:00:00 842268 C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx ()

[1] 2004-08-04 06:51:02 844314 C:\WINDOWS\ServicePackFiles\i386\msdxm.ocx ()

[1] 2008-04-14 01:10:08 844314 C:\WINDOWS\SYSTEM32\msdxm.ocx ()

[1] 2002-08-29 06:00:00 842268 C:\i386\MSDXM.OCX ()

Cannot access: C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll

[1] 2002-08-29 06:00:00 1298432 C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll (Microsoft Corporation)

[1] 2004-09-22 19:46:20 20480 C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpcore.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:46 20480 C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpcore.dll (Microsoft Corporation)

[1] 2004-08-04 08:56:46 20480 C:\WINDOWS\ServicePackFiles\i386\wmpcore.dll (Microsoft Corporation)

[1] 2004-09-22 19:46:20 20480 C:\WINDOWS\SYSTEM32\DLLCACHE\wmpcore.dll (Microsoft Corporation)

[1] 2004-09-22 19:46:20 20480 C:\WINDOWS\SYSTEM32\wmpcore.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1298432 C:\i386\WMPCORE.DLL (Microsoft Corporation)

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17B.tmp\ZAP17B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17B.tmp\ZAP17B.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP197.tmp\ZAP197.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP197.tmp\ZAP197.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP199.tmp\ZAP199.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP199.tmp\ZAP199.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP390.tmp\ZAP390.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP390.tmp\ZAP390.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP65.tmp\ZAP65.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP65.tmp\ZAP65.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Crystal\Crystal

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Crystal\Crystal

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Cannot access: C:\WINDOWS\explorer.exe

Attempting to restore permissions of : C:\WINDOWS\explorer.exe

[1] 2007-06-13 12:26:03 1033216 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe (Microsoft Corporation)

[1] 2007-06-13 11:23:07 1033216 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1004032 C:\WINDOWS\$NtUninstallKB820291$\explorer.exe (Microsoft Corporation)

[1] 2004-08-04 08:56:49 1032192 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:20 1033728 C:\WINDOWS\explorer.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:19 1033728 C:\WINDOWS\ServicePackFiles\i386\explorer.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\Java\TrustLib\TrustLib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Java\TrustLib\TrustLib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\MUI\MUI

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\MUI\MUI

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SECURITY\LOGS\LOGS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SECURITY\LOGS\LOGS

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files

Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files

Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files

Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files

Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files

Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SYSTEM32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1025\1025

Found mount point : C:\WINDOWS\SYSTEM32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1028\1028

Found mount point : C:\WINDOWS\SYSTEM32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1031\1031

Found mount point : C:\WINDOWS\SYSTEM32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1037\1037

Found mount point : C:\WINDOWS\SYSTEM32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1041\1041

Found mount point : C:\WINDOWS\SYSTEM32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1042\1042

Found mount point : C:\WINDOWS\SYSTEM32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1054\1054

Found mount point : C:\WINDOWS\SYSTEM32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\2052\2052

Found mount point : C:\WINDOWS\SYSTEM32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\3076\3076

Found mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI

Found mount point : C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\MMC\MMC

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012004090220040903\MSHist012004090220040903

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012004090220040903\MSHist012004090220040903

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Pictures\Dell Image Expert Images\Dell Image Expert Images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Pictures\Dell Image Expert Images\Dell Image Expert Images

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\SYSTEM32\Dell\SystemProfiler\SystemProfiler

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\Dell\SystemProfiler\SystemProfiler

Found mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP

Found mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN

Found mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT

Found mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp

Cannot access: C:\WINDOWS\SYSTEM32\hkcmd.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\hkcmd.exe

[1] 2003-04-07 01:07:38 114688 C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)

[1] 2003-04-07 01:07:38 114688 C:\WINDOWS\SYSTEM32\ReinstallBackups\0017\DriverFiles\hkcmd.exe (Intel Corporation)

Found mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV

Found mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE

Found mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD

Found mount point : C:\WINDOWS\SYSTEM32\WBEM\SNMP\SNMP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\WBEM\SNMP\SNMP

Found mount point : C:\WINDOWS\SYSTEM32\WINS\WINS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\WINS\WINS

Found mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM

Found mount point : C:\WINDOWS\SYSTEM32\Μicrosoft\Μicrosoft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\Μicrosoft\Μicrosoft

Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\_avast4_\_avast4_

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Finished!

#8 Essexboy

Group: GeekU Moderator
Posts: 55,545
Joined: 31-May 06

Posted 05 September 2009 - 11:33 AM

Could you re-run combofix please and post the log

#9 vee2008

Group: Member
Posts: 9
Joined: 23-January 08

Posted 05 September 2009 - 12:11 PM

Yes no problem. I re-ran it and it came up with a log this time. This is looking good I think. I will resist using the computer until I hear from you.

ComboFix 09-09-04.02 - vee 05/09/2009 18:59.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.703 [GMT 1:00]
Running from: c:\documents and settings\Administrator.D8KQGZ0J\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1351 [VPS 090904-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\desktop.ini
c:\documents and settings\vee\Application Data\inst.exe
c:\documents and settings\vee\Favorites\Games.url
c:\documents and settings\vee\My Documents\RegistryBackUp.reg
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2PLUGIN.DLL
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\004DCC81
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\Fonts\acrsec.fon
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\Installer\14cd6b.msi
c:\windows\Installer\207ebd.msi
c:\windows\Installer\37232c.msi
c:\windows\Installer\525e1e.msi
c:\windows\Installer\525e21.msi
c:\windows\Installer\a5fbccb.msi
c:\windows\Installer\a70eae.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\run.log
c:\windows\smdat32m.sys
c:\windows\system32\drivers\kbiwkmgxyajkqw.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\UACcyhlikjsme.sys
c:\windows\system32\kbiwkmlog.dat
c:\windows\system32\kbiwkmsakwanet.dll
c:\windows\system32\net.net
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\UACbgppxjwrmo.dll
c:\windows\system32\UACdytivawjel.dat
c:\windows\system32\UACempltaoroo.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmxncmkwkxj.db
c:\windows\system32\UACotlltivoyo.dll
c:\windows\system32\UACqfksiatveo.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\winttr.exe
c:\windows\system32\wpcap.dll
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_NPF
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-08-31 18:13 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-31 18:13 . 2009-08-31 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-31 18:13 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 17:29 . 2009-08-31 17:29 -------- d-----w- c:\documents and settings\Administrator.D8KQGZ0J\Local Settings\Application Data\Mozilla
2009-08-31 17:29 . 2009-08-31 17:29 -------- d-----w- c:\documents and settings\Administrator.D8KQGZ0J\Local Settings\Application Data\Adobe
2009-08-31 17:15 . 2009-08-31 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 10:55 . 2009-08-30 10:55 70144 ----a-w- c:\windows\system32\drivers\tntibchwhospypux.sys
2009-08-29 13:41 . 2009-08-30 11:10 -------- d-----w- c:\documents and settings\vee\Application Data\Any Video Converter
2009-08-29 13:41 . 2009-08-29 13:42 -------- d-----w- c:\program files\Any Video Converter
2009-08-29 11:54 . 2009-08-29 11:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-29 11:54 . 2009-08-29 13:08 -------- d-----w- c:\documents and settings\vee\Application Data\Vso
2009-08-22 16:01 . 2009-08-22 16:01 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-08-22 15:21 . 2009-08-22 15:21 -------- d-----w- c:\documents and settings\vee\Local Settings\Application Data\Windows Live Writer
2009-08-22 15:21 . 2009-08-22 15:21 -------- d-----w- c:\documents and settings\vee\Application Data\Windows Live Writer
2009-08-22 12:11 . 2009-08-22 12:11 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-08-22 12:10 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-22 12:09 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-08-14 14:57 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-09 14:09 . 2009-08-09 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-09 09:02 . 2009-08-09 09:02 -------- d-----w- C:\9893743457efbf896c

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 18:03 . 2009-01-25 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-08-30 13:32 . 2005-05-08 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-30 13:31 . 2005-05-08 08:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-30 12:11 . 2006-12-26 23:16 -------- d-----w- c:\documents and settings\vee\Application Data\LimeWire
2009-08-29 13:08 . 2007-05-28 18:40 -------- d-----w- c:\program files\vso
2009-08-29 13:08 . 2009-08-29 11:54 47360 ----a-w- c:\documents and settings\vee\Application Data\pcouffin.sys
2009-08-22 12:11 . 2009-04-20 11:01 -------- d-----w- c:\program files\Microsoft
2009-08-22 12:10 . 2007-06-11 08:03 -------- d-----w- c:\program files\Windows Live
2009-08-22 12:09 . 2008-09-11 13:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-08-17 16:10 . 2007-03-04 15:57 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2007-03-04 15:57 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2007-03-04 15:57 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-06 16:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-06 16:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2007-03-04 15:57 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-03-04 15:57 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2007-03-04 15:57 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-03-04 15:57 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-09 17:16 . 2008-10-24 08:11 -------- d-----w- c:\program files\MediaCoder Mobile Phone Edition
2009-08-09 14:09 . 2004-05-15 22:54 85968 ----a-w- c:\documents and settings\vee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 14:09 . 2007-05-28 15:45 -------- d-----w- c:\program files\TVUPlayer
2009-08-05 09:01 . 2002-12-12 00:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 12:05 . 2008-08-08 15:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 18:14 . 2005-12-11 16:52 -------- d-----w- c:\program files\DivX
2009-07-25 18:13 . 2009-07-12 13:11 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-17 19:01 . 2002-08-29 05:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 11:13 . 2009-07-17 11:13 -------- d-----w- c:\documents and settings\vee\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-07-17 11:13 . 2009-07-17 11:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-13 22:43 . 2004-05-07 19:53 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 20:24 . 2008-06-19 18:45 -------- d-----w- c:\documents and settings\vee\Application Data\Nokia
2009-07-10 18:30 . 2008-06-19 18:41 -------- d-----w- c:\program files\DIFX
2009-07-10 18:30 . 2009-07-10 18:30 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-10 18:29 . 2009-07-10 18:29 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-10 18:29 . 2006-07-29 22:52 -------- d-----w- c:\program files\Nokia
2009-07-10 18:29 . 2009-07-10 18:29 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-10 18:26 . 2008-07-27 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-10 18:26 . 2004-01-15 23:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 15:06 . 2004-09-04 13:20 -------- d-----w- c:\program files\Google
2009-07-10 14:53 . 2006-12-03 23:57 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-10 11:15 . 2009-07-10 11:15 306544 ----a-w- c:\windows\WLXPGSS.SCR
2009-06-29 16:12 . 2004-02-06 17:05 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 05:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-08-29 05:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-08-29 05:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-08-29 05:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-08-29 05:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-08-29 05:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-08-29 05:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-08-29 05:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-08-29 05:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 05:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-08-29 05:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-08-29 05:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2002-08-29 05:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2003-10-21 17:06 132096 ----a-w- c:\windows\system32\wkssvc.dll
2007-01-25 02:52 . 2007-01-25 02:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2004-01-15 23:34 . 2004-01-15 23:34 32 --sha-w- c:\windows\{82E8A4E4-716D-4A22-9D71-928EFFCE0242}.dat
2004-01-15 23:34 . 2004-01-15 23:34 32 --sha-w- c:\windows\SYSTEM32\{D4588521-6DE3-47B7-BED3-3EE52D9A5104}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"net"="c:\windows\system32\net.net" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\vee\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2006-12-16 908280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-09 11:45 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.lnk
backup=c:\windows\pss\PGPtray.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clywm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\JBuilder35\\jdk1.2.2\\bin\\javaw.exe"=
"c:\\Program Files\\CSLU\\Tcl80\\bin\\wish80.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\vee\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [23/04/2009 16:15 64160]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [06/04/2008 17:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [06/04/2008 17:48 20560]
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [22/08/2009 13:10 54752]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\SYSTEM32\DRIVERS\PGPsdk.sys [16/07/2005 19:32 26624]
R2 PGPsdkServ;PGPsdkService;c:\windows\SYSTEM32\PGPsdkServ.exe [16/07/2005 19:32 77824]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 11:38 92008]
S2 afmfsb;afmfsb;c:\windows\system32\drivers\fxgryin.sys --> c:\windows\system32\drivers\fxgryin.sys [?]
S2 gupdate1c9c24f660e4b2c;Google Update Service (gupdate1c9c24f660e4b2c);c:\program files\Google\Update\GoogleUpdate.exe [21/04/2009 08:04 133104]
S2 OMSCAN;OMSCAN;\SysE --> \SysE [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 953168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:15]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 07:04]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 07:04]

2004-01-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://kl.bar.need2f...earch.html?p=KL
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\vee\Application Data\Mozilla\Firefox\Profiles\epthmqfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\vee\Application Data\Mozilla\Firefox\Profiles\epthmqfy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\vee\Application Data\Mozilla\Firefox\Profiles\epthmqfy.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 19:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(1568)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-05 19:06
ComboFix-quarantined-files.txt 2009-09-05 18:06

Pre-Run: 25,981,362,176 bytes free
Post-Run: 25,966,219,264 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

321 --- E O F --- 2009-08-29 11:48

#10 Essexboy

Group: GeekU Moderator
Posts: 55,545
Joined: 31-May 06

Posted 05 September 2009 - 12:18 PM

A few more to kill - how is your computer running now ?

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\drivers\tntibchwhospypux.sys
c:\windows\system32\drivers\fxgryin.sys 

Driver::
afmfsb

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new OTListit log.

#11 vee2008

Group: Member
Posts: 9
Joined: 23-January 08

Posted 05 September 2009 - 01:07 PM

Thanks for your help. Here they are:

ComboFix 09-09-04.02 - vee 05/09/2009 19:36.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.663 [GMT 1:00]
Running from: c:\documents and settings\vee\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\vee\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090904-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}

FILE ::
"c:\windows\system32\drivers\fxgryin.sys"
"c:\windows\system32\drivers\tntibchwhospypux.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\tntibchwhospypux.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFMFSB
-------\Service_afmfsb

((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-08-31 18:13 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-31 18:13 . 2009-08-31 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-31 18:13 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 17:29 . 2009-08-31 17:29 -------- d-----w- c:\documents and settings\Administrator.D8KQGZ0J\Local Settings\Application Data\Mozilla
2009-08-31 17:29 . 2009-08-31 17:29 -------- d-----w- c:\documents and settings\Administrator.D8KQGZ0J\Local Settings\Application Data\Adobe
2009-08-31 17:15 . 2009-08-31 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-29 13:41 . 2009-08-30 11:10 -------- d-----w- c:\documents and settings\vee\Application Data\Any Video Converter
2009-08-29 13:41 . 2009-08-29 13:42 -------- d-----w- c:\program files\Any Video Converter
2009-08-29 11:54 . 2009-08-29 11:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-29 11:54 . 2009-08-29 13:08 -------- d-----w- c:\documents and settings\vee\Application Data\Vso
2009-08-22 16:01 . 2009-08-22 16:01 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-08-22 15:21 . 2009-08-22 15:21 -------- d-----w- c:\documents and settings\vee\Local Settings\Application Data\Windows Live Writer
2009-08-22 15:21 . 2009-08-22 15:21 -------- d-----w- c:\documents and settings\vee\Application Data\Windows Live Writer
2009-08-22 12:11 . 2009-08-22 12:11 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-08-22 12:10 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-22 12:09 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-08-14 14:57 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-09 14:09 . 2009-08-09 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-09 09:02 . 2009-08-09 09:02 -------- d-----w- C:\9893743457efbf896c

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 18:39 . 2009-01-25 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-08-30 13:32 . 2005-05-08 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-30 13:31 . 2005-05-08 08:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-30 12:11 . 2006-12-26 23:16 -------- d-----w- c:\documents and settings\vee\Application Data\LimeWire
2009-08-29 13:08 . 2007-05-28 18:40 -------- d-----w- c:\program files\vso
2009-08-29 13:08 . 2009-08-29 11:54 47360 ----a-w- c:\documents and settings\vee\Application Data\pcouffin.sys
2009-08-22 12:11 . 2009-04-20 11:01 -------- d-----w- c:\program files\Microsoft
2009-08-22 12:10 . 2007-06-11 08:03 -------- d-----w- c:\program files\Windows Live
2009-08-22 12:09 . 2008-09-11 13:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-08-17 16:10 . 2007-03-04 15:57 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2007-03-04 15:57 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2007-03-04 15:57 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-06 16:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-06 16:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2007-03-04 15:57 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-03-04 15:57 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2007-03-04 15:57 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-03-04 15:57 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-09 17:16 . 2008-10-24 08:11 -------- d-----w- c:\program files\MediaCoder Mobile Phone Edition
2009-08-09 14:09 . 2004-05-15 22:54 85968 ----a-w- c:\documents and settings\vee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 14:09 . 2007-05-28 15:45 -------- d-----w- c:\program files\TVUPlayer
2009-08-05 09:01 . 2002-12-12 00:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 12:05 . 2008-08-08 15:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 18:14 . 2005-12-11 16:52 -------- d-----w- c:\program files\DivX
2009-07-25 18:13 . 2009-07-12 13:11 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-17 19:01 . 2002-08-29 05:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 11:13 . 2009-07-17 11:13 -------- d-----w- c:\documents and settings\vee\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-07-17 11:13 . 2009-07-17 11:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-13 22:43 . 2004-05-07 19:53 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 20:24 . 2008-06-19 18:45 -------- d-----w- c:\documents and settings\vee\Application Data\Nokia
2009-07-10 18:30 . 2008-06-19 18:41 -------- d-----w- c:\program files\DIFX
2009-07-10 18:30 . 2009-07-10 18:30 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-10 18:29 . 2009-07-10 18:29 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-10 18:29 . 2006-07-29 22:52 -------- d-----w- c:\program files\Nokia
2009-07-10 18:29 . 2009-07-10 18:29 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-10 18:26 . 2008-07-27 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-10 18:26 . 2004-01-15 23:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 15:06 . 2004-09-04 13:20 -------- d-----w- c:\program files\Google
2009-07-10 14:53 . 2006-12-03 23:57 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-10 11:15 . 2009-07-10 11:15 306544 ----a-w- c:\windows\WLXPGSS.SCR
2009-06-29 16:12 . 2004-02-06 17:05 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 05:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-08-29 05:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-08-29 05:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-08-29 05:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-08-29 05:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-08-29 05:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-08-29 05:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-08-29 05:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-08-29 05:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 05:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-08-29 05:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-08-29 05:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2002-08-29 05:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2003-10-21 17:06 132096 ----a-w- c:\windows\system32\wkssvc.dll
2007-01-25 02:52 . 2007-01-25 02:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2004-01-15 23:34 . 2004-01-15 23:34 32 --sha-w- c:\windows\{82E8A4E4-716D-4A22-9D71-928EFFCE0242}.dat
2004-01-15 23:34 . 2004-01-15 23:34 32 --sha-w- c:\windows\SYSTEM32\{D4588521-6DE3-47B7-BED3-3EE52D9A5104}.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-09-05_16.47.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-05 18:41 . 2009-09-05 18:41 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
+ 2009-09-05 18:46 . 2009-09-05 18:46 16384 c:\windows\Temp\Perflib_Perfdata_268.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"net"="c:\windows\system32\net.net" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\vee\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2006-12-16 908280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-09 11:45 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.lnk
backup=c:\windows\pss\PGPtray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\JBuilder35\\jdk1.2.2\\bin\\javaw.exe"=
"c:\\Program Files\\CSLU\\Tcl80\\bin\\wish80.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\vee\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [23/04/2009 16:15 64160]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [06/04/2008 17:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [06/04/2008 17:48 20560]
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [22/08/2009 13:10 54752]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\SYSTEM32\DRIVERS\PGPsdk.sys [16/07/2005 19:32 26624]
R2 PGPsdkServ;PGPsdkService;c:\windows\SYSTEM32\PGPsdkServ.exe [16/07/2005 19:32 77824]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 11:38 92008]
S2 gupdate1c9c24f660e4b2c;Google Update Service (gupdate1c9c24f660e4b2c);c:\program files\Google\Update\GoogleUpdate.exe [21/04/2009 08:04 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 953168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:15]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 07:04]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 07:04]

2004-01-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://kl.bar.need2f...earch.html?p=KL
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\vee\Application Data\Mozilla\Firefox\Profiles\epthmqfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\vee\Application Data\Mozilla\Firefox\Profiles\epthmqfy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\vee\Application Data\Mozilla\Firefox\Profiles\epthmqfy.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 19:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3868)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\NMSAccessU.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Outlook Express\msimn.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-09-05 19:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 18:53
ComboFix2.txt 2009-09-05 18:06

Pre-Run: 25,986,023,424 bytes free
Post-Run: 25,948,151,808 bytes free

289 --- E O F --- 2009-08-29 11:48

OTL logfile created on: 05/09/2009 20:01:02 - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\vee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 61.67% Memory free
1.48 Gb Paging File | 1.09 Gb Available in Paging File | 73.32% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 24.19 Gb Free Space | 32.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D8KQGZ0J
Current User Name: vee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/02/27 18:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/08/17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2003/08/06 02:04:00 | 00,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2007/01/25 03:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe
PRC - [2007/10/12 09:33:16 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtcmd.exe
PRC - [2003/10/30 09:06:02 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2002/11/26 16:05:04 | 00,077,824 | ---- | M] (PGP Corporation) -- C:\WINDOWS\System32\PGPsdkServ.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007/10/12 09:33:38 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/08/02 14:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
PRC - [2009/04/08 11:38:14 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/04/14 01:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/08/22 16:19:50 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/05 16:52:30 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vee\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/01/09 12:45:23 | 00,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2009/04/21 08:04:18 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c24f660e4b2c [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/02/27 18:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
SRV - [2009/04/23 16:15:01 | 00,953,168 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/01/25 03:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2003/10/30 09:06:02 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002/11/26 16:05:04 | 00,077,824 | ---- | M] (PGP Corporation) -- C:\WINDOWS\System32\PGPsdkServ.exe -- (PGPsdkServ [Auto | Running])
SRV - File not found -- -- (rpcapd [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2007/10/12 09:33:38 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk [Auto | Running])
SRV - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2007/08/02 14:42:16 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2007/08/02 14:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk [Auto | Running])
SRV - [2009/04/08 11:38:14 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/08/17 17:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2003/12/08 13:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003/12/08 13:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [1999/09/10 13:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2009/08/17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/08/17 17:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/08/17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/08/17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/08/17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2008/02/27 13:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2003/07/31 04:21:00 | 00,084,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2003/06/20 03:56:00 | 00,040,448 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2004/10/14 16:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2009/08/05 22:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/04 06:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 06:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 06:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 06:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 06:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 06:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 06:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 06:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 06:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 06:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2003/04/15 11:39:46 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2009/04/23 16:15:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/04/13 19:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2003/10/30 09:06:00 | 01,330,172 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2001/09/18 12:00:00 | 00,167,816 | ---- | M] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\omcamvid.sys -- (OVT511Plus [On_Demand | Running])
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2009/08/29 12:54:40 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2002/11/26 16:05:26 | 00,026,624 | ---- | M] (PGP Corporation) -- C:\WINDOWS\System32\Drivers\PGPsdk.sys -- (PGPsdkDriver [Auto | Running])
DRV - [2006/11/04 06:02:04 | 00,022,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/21 03:05:38 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/04/03 14:57:42 | 00,083,336 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s116bus.sys -- (s116bus [On_Demand | Stopped])
DRV - [2007/04/03 14:57:48 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s116mdfl.sys -- (s116mdfl [On_Demand | Stopped])
DRV - [2007/04/03 14:57:48 | 00,108,680 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s116mdm.sys -- (s116mdm [On_Demand | Stopped])
DRV - [2007/04/03 14:57:50 | 00,100,488 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s116mgmt.sys -- (s116mgmt [On_Demand | Stopped])
DRV - [2007/04/03 14:57:52 | 00,023,176 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s116nd5.sys -- (s116nd5 [On_Demand | Stopped])
DRV - [2007/04/03 14:57:52 | 00,098,696 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s116obex.sys -- (s116obex [On_Demand | Stopped])
DRV - [2007/04/03 14:57:54 | 00,099,080 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s116unic.sys -- (s116unic [On_Demand | Stopped])
DRV - [2006/04/28 16:24:42 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped])
DRV - [2006/04/28 16:25:40 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped])
DRV - [2006/04/28 16:25:44 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped])
DRV - [2006/04/28 16:26:46 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped])
DRV - [2006/04/28 16:24:06 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped])
DRV - [2006/04/28 16:27:48 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped])
DRV - [2006/04/28 16:24:00 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/07/25 10:04:08 | 00,048,640 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2004/07/21 15:59:18 | 00,229,888 | ---- | M] (SiS Corporation) -- C:\WINDOWS\System32\DRIVERS\sis162u.sys -- (SIS162u [On_Demand | Stopped])
DRV - [2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/05/06 10:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2003/07/14 12:28:40 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2003/07/14 12:28:22 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2003/08/06 02:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2003/08/06 02:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2003/08/06 02:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2003/08/06 02:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2003/08/06 02:04:00 | 00,083,284 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2003/08/06 02:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2003/08/06 02:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2003/08/06 02:04:00 | 00,098,068 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2003/08/06 02:04:00 | 00,100,373 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2003/04/15 11:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 11:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell...gen/default.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell...gen/default.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\S-1-5-21-4060245369-2451119251-3729179418-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\S-1-5-21-4060245369-2451119251-3729179418-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.8
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/10 19:29:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/22 22:25:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/31 18:29:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/22 16:20:07 | 00,000,000 | ---D | M]

[2009/04/15 12:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vee\Application Data\mozilla\Extensions
[2008/08/28 23:59:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vee\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/15 12:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vee\Application Data\mozilla\Extensions\home2@tomtom.com
[2009/09/05 19:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vee\Application Data\mozilla\Firefox\Profiles\epthmqfy.default\extensions
[2009/08/23 14:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vee\Application Data\mozilla\Firefox\Profiles\epthmqfy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/05 15:53:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vee\Application Data\mozilla\Firefox\Profiles\epthmqfy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/15 15:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vee\Application Data\mozilla\Firefox\Profiles\epthmqfy.default\extensions\firefox@tvunetworks.com
[2009/07/05 14:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vee\Application Data\mozilla\Firefox\Profiles\epthmqfy.default\extensions\turntoolviewer@turntool.com
[2009/05/15 23:34:51 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\vee\Application Data\Mozilla\FireFox\Profiles\epthmqfy.default\searchplugins\ask.uk.xml
[2008/10/24 00:22:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/22 16:20:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/22 16:19:47 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/22 16:19:47 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/02/27 18:57:38 | 00,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 23:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/22 16:19:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/22 10:23:06 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/04/28 09:52:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/04/28 09:52:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/04/28 09:52:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/09/22 10:23:48 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/09/22 10:22:46 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/01/18 13:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2007/05/16 08:22:00 | 00,151,300 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/22 16:20:02 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/22 16:20:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/22 16:20:02 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/22 16:20:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/22 16:20:02 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/22 16:20:02 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/05/05 02:55:47 | 00,000,897 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\livecom.png
[2007/05/05 02:55:47 | 00,001,015 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\livecom.src
[2009/08/22 16:20:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/22 16:20:02 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TalkTalk] C:\Program Files\TalkTalk\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\vee\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Documents and Settings\vee\Start Menu\Programs\Startup\MSN Messenger 7.0.lnk = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - Startup: C:\Documents and Settings\vee\Start Menu\Programs\Startup\Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\vee\Start Menu\Programs\Startup\Windows Explorer.lnk = C:\WINDOWS\explorer.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-4060245369-2451119251-3729179418-1006\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/09/05 20:00:26 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/05 19:34:38 | 03,195,526 | R--- | C] () -- C:\Documents and Settings\vee\Desktop\Combo-Fix.exe
[2009/09/05 18:58:27 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/09/05 18:58:24 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/09/05 18:58:19 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/05 17:57:37 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vee\Desktop\OTL.exe
[2009/09/05 17:32:17 | 13,411,81952 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/05 17:26:47 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/05 17:26:47 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/05 17:26:47 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/05 17:26:47 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/05 17:26:47 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/05 17:26:47 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/05 17:26:47 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/05 17:26:47 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/05 17:26:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/05 17:24:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/05 16:28:03 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/05 12:38:24 | 00,514,048 | ---- | C] () -- C:\Documents and Settings\vee\Desktop\OTS2.exe
[2009/09/05 11:40:39 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\vee\Desktop\explorer.exe
[2009/09/05 11:40:39 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\vee\Desktop\Win32kDiag.exe
[2009/09/05 11:40:38 | 00,514,048 | ---- | C] () -- C:\Documents and Settings\vee\Desktop\OTS.exe
[2009/09/05 11:40:38 | 00,354,396 | ---- | C] () -- C:\Documents and Settings\vee\Desktop\SysProt.zip
[2009/08/31 19:13:46 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/31 19:13:43 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/31 19:13:41 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/31 19:13:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/31 19:05:14 | 00,141,312 | ---- | C] () -- C:\Documents and Settings\vee\My Documents\Backup_Start_Programs.doc
[2009/08/31 18:31:32 | 01,485,038 | ---- | C] () -- C:\Documents and Settings\vee\My Documents\ADSLvsISDN.zip
[2009/08/31 18:15:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/30 12:33:28 | 00,000,945 | ---- | C] () -- C:\Documents and Settings\vee\Desktop\Spybot - Search & Destroy.lnk
[2009/08/30 12:33:19 | 00,000,885 | ---- | C] () -- C:\Documents and Settings\vee\Desktop\Ad-Aware.lnk
[2009/08/29 22:30:55 | 00,256,000 | ---- | C] () -- C:\Documents and Settings\vee\My Documents\zzzParis.doc
[2009/08/29 21:56:39 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\vee\My Documents\zzzcalender.doc
[2009/08/29 20:31:58 | 00,001,384 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2009/08/29 18:11:58 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\vee\My Documents\HowToPlayFilmOnDVDPlayer.doc
[2009/08/29 14:42:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vee\My Documents\Any Video Converter
[2009/08/29 14:41:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vee\Application Data\Any Video Converter
[2009/08/29 14:41:47 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter
[2009/08/29 12:59:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vee\My Documents\ConvertXtoDVD
[2009/08/29 12:58:15 | 00,001,044 | ---- | C] () -- C:\Documents and Settings\vee\Application Data\vso_ts_preview.xml
[2009/08/29 12:54:40 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/08/29 12:54:40 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\vee\Application Data\pcouffin.sys
[2009/08/29 12:54:40 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\vee\Application Data\pcouffin.cat
[2009/08/29 12:54:40 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\vee\Application Data\pcouffin.inf
[2009/08/29 12:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vee\My Documents\PcSetup
[2009/08/29 12:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vee\Application Data\Vso
[2009/08/23 19:24:53 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\vee\My Documents\Manu Chao.xls
[2009/08/23 19:24:01 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\vee\My Documents\Manu Chao1.doc
[2009/08/23 19:22:31 | 00,070,656 | ---- | C] () -- C:\Documents and Settings\vee\My Documents\Manu Chao.doc
[2009/08/22 17:25:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vee\My Documents\Downloads
[2009/08/22 17:01:45 | 00,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2009/08/22 16:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vee\My Documents\My Weblog Posts
[2009/08/22 16:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vee\Local Settings\Application Data\Windows Live Writer
[2009/08/22 16:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vee\Application Data\Windows Live Writer
[2009/08/22 15:58:57 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\vee\My Documents\My Stationery
[2009/08/22 13:11:09 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/08/22 13:10:25 | 00,054,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2009/08/22 13:09:22 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/08/22 13:09:00 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/08/16 18:36:18 | 00,364,266 | ---- | C] () -- C:\Documents and Settings\vee\My Documents\cc_20090816_1836.reg
[2009/08/14 15:57:41 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/14 15:57:34 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/14 15:57:07 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/09 15:09:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2009/08/09 10:02:09 | 00,000,000 | ---D | C] -- C:\9893743457efbf896c
[2009/05/30 11:38:10 | 00,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2008/09/25 19:46:44 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/01/03 19:05:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/06/18 00:42:16 | 00,000,052 | ---- | C] () -- C:\WINDOWS\Relax.ini
[2007/05/28 19:40:25 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/05/28 19:40:22 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/05/19 14:19:53 | 01,339,474 | ---- | C] () -- C:\WINDOWS\Uninstallvusb.dll
[2006/04/26 10:06:29 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/26 10:06:29 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/03/18 19:20:05 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006/01/29 12:20:03 | 00,000,097 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2006/01/29 12:01:51 | 00,000,072 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/12/17 15:32:39 | 00,000,093 | ---- | C] () -- C:\WINDOWS\T175.INI
[2005/12/17 15:32:27 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2005/07/16 19:32:52 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\PGPtclP11.dll
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/05/06 12:14:51 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/04/08 15:52:55 | 00,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2005/04/02 10:35:20 | 00,000,019 | ---- | C] () -- C:\WINDOWS\System32\mstrsht115.dll
[2005/04/01 16:16:00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/02/25 16:41:07 | 00,000,174 | ---- | C] () -- C:\WINDOWS\s207.ini
[2005/02/24 12:37:16 | 00,000,043 | ---- | C] () -- C:\WINDOWS\T305.ini
[2005/02/22 10:11:29 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/12/16 21:18:20 | 00,000,245 | ---- | C] () -- C:\WINDOWS\jxvwv_rn.ini
[2004/11/15 17:11:22 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/09/28 06:38:30 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\wmatimer.dll
[2004/09/17 17:15:01 | 00,001,531 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/12 16:48:05 | 00,000,082 | ---- | C] () -- C:\WINDOWS\savers.ini
[2004/08/11 18:17:07 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/07/16 15:57:02 | 00,000,034 | ---- | C] () -- C:\WINDOWS\rose.ini
[2004/04/24 12:47:10 | 00,000,045 | ---- | C] () -- C:\WINDOWS\Twacker.ini
[2004/04/24 12:47:09 | 00,000,045 | ---- | C] () -- C:\WINDOWS\lifeview.ini
[2004/03/28 14:43:14 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2004/02/08 02:19:07 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/02/07 16:39:46 | 00,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/02/01 22:16:22 | 00,000,028 | ---- | C] () -- C:\WINDOWS\FCSPRA.INI
[2004/02/01 22:15:08 | 00,002,528 | ---- | C] () -- C:\WINDOWS\Fcic.ini
[2004/02/01 18:10:19 | 00,000,572 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/01 14:46:52 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.vee.ini
[2004/01/16 00:37:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/16 00:31:29 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/16 00:28:27 | 00,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/16 00:12:54 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/16 00:12:40 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/15 23:55:18 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 23:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 18:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2002/09/03 09:59:58 | 00,001,089 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 09:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/03/21 14:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/09/18 12:00:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\bmpproc.dll
[2000/09/21 14:00:00 | 00,028,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvcamd.SYS
[1999/03/23 14:46:24 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/04/01 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/04/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/01/12 07:15:18 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\dtctrace.dll
[1996/11/13 03:25:44 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/05 19:44:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/05 19:42:08 | 00,001,487 | ---- | M] () -- C:\Documents and Settings\vee\Start Menu\Programs\Startup\Windows Explorer.lnk
[2009/09/05 19:41:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/09/05 19:41:44 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/05 19:41:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/05 19:41:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/05 19:41:35 | 13,411,81952 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/05 19:34:09 | 03,195,526 | R--- | M] () -- C:\Documents and Settings\vee\Desktop\Combo-Fix.exe
[2009/09/05 18:58:27 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/09/05 18:04:00 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/05 17:34:28 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/09/05 16:52:30 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vee\Desktop\OTL.exe
[2009/09/05 12:49:26 | 00,001,089 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/05 10:42:06 | 00,354,396 | ---- | M] () -- C:\Documents and Settings\vee\Desktop\SysProt.zip
[2009/09/05 10:41:00 | 00,514,048 | ---- | M] () -- C:\Documents and Settings\vee\Desktop\OTS2.exe
[2009/09/05 10:41:00 | 00,514,048 | ---- | M] () -- C:\Documents and Settings\vee\Desktop\OTS.exe
[2009/09/05 10:39:02 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\vee\Desktop\Win32kDiag.exe
[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/31 19:13:46 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/31 19:05:14 | 00,141,312 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\Backup_Start_Programs.doc
[2009/08/31 18:31:36 | 01,485,038 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\ADSLvsISDN.zip
[2009/08/30 13:40:44 | 00,616,888 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/30 13:40:44 | 00,510,240 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/08/30 13:40:44 | 00,097,910 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/08/30 13:40:00 | 00,256,000 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\zzzParis.doc
[2009/08/30 13:06:50 | 00,104,960 | ---- | M] () -- C:\Documents and Settings\vee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 12:33:28 | 00,000,945 | ---- | M] () -- C:\Documents and Settings\vee\Desktop\Spybot - Search & Destroy.lnk
[2009/08/30 12:33:19 | 00,000,885 | ---- | M] () -- C:\Documents and Settings\vee\Desktop\Ad-Aware.lnk
[2009/08/30 11:27:32 | 00,000,035 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\WUPDATE.INI
[2009/08/29 21:56:40 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\zzzcalender.doc
[2009/08/29 20:31:58 | 00,001,384 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2009/08/29 18:11:58 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\HowToPlayFilmOnDVDPlayer.doc
[2009/08/29 14:08:42 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\vee\Application Data\pcouffin.sys
[2009/08/29 14:08:42 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\vee\Application Data\pcouffin.cat
[2009/08/29 14:08:42 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\vee\Application Data\pcouffin.inf
[2009/08/29 14:08:39 | 00,001,044 | ---- | M] () -- C:\Documents and Settings\vee\Application Data\vso_ts_preview.xml
[2009/08/29 12:54:40 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/08/23 23:34:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/23 19:24:53 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\Manu Chao.xls
[2009/08/23 19:24:02 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\Manu Chao1.doc
[2009/08/23 19:22:32 | 00,070,656 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\Manu Chao.doc
[2009/08/22 21:50:54 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/21 18:51:49 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\CV.doc
[2009/08/17 17:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 17:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 17:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 17:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 17:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr
[2009/08/16 18:36:42 | 00,364,266 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\cc_20090816_1836.reg
[2009/08/16 15:19:50 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\vee\My Documents\CarInsurance.xls
[2009/08/09 15:09:21 | 00,085,968 | ---- | M] () -- C:\Documents and Settings\vee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/09 14:59:19 | 00,304,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files - Unicode (All) ==========
[2006/04/25 14:41:23 | 00,000,000 | ---D | C](C:\Documents and Settings\vee\Application Data\?icrosoft.NET) -- C:\Documents and Settings\vee\Application Data\Мicrosoft.NET
[2006/05/29 23:58:04 | 00,000,000 | ---D | M](C:\Documents and Settings\vee\Application Data\?icrosoft.NET) -- C:\Documents and Settings\vee\Application Data\Мicrosoft.NET
< End of report >

#12 Essexboy

Group: GeekU Moderator
Posts: 55,545
Joined: 31-May 06

Posted 05 September 2009 - 01:18 PM

Last couple to kill, a sweep for orphans and then I may let you go

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net File not found

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#13 vee2008

Group: Member
Posts: 9
Joined: 23-January 08

Posted 05 September 2009 - 02:47 PM

Thanks for your help and I hope it is warmer down there than in Manchester. By the way, what do you think of Spybot and Lavasoft? These are the usual products I run if I get any virus / worms etc

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\net deleted successfully.
========== COMMANDS ==========
C:\Documents and Settings\vee\Application Data\Мicrosoft.NET\Мicrosoft.NET moved successfully.
C:\Documents and Settings\vee\Application Data\Мicrosoft.NET moved successfully.

[EMPTYTEMP]

User: Administrator

User: Administrator.D8KQGZ0J
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 3241543 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: vee
->Temp folder emptied: 1005220 bytes
->Temporary Internet Files folder emptied: 111893 bytes
->Java cache emptied: 24733 bytes
->FireFox cache emptied: 44036699 bytes
->Apple Safari cache emptied: 8248321 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4179456 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 185858 bytes

Total Files Cleaned = 58.42 mb

OTL by OldTimer - Version 3.0.10.7 log created on 09052009_211517

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_5a8.dat moved successfully.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.40
Database version: 2746
Windows 5.1.2600 Service Pack 3

05/09/2009 21:39:23
mbam-log-2009-09-05 (21-39-23).txt

Scan type: Quick Scan
Objects scanned: 106901
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\vee\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#14 Essexboy

Group: GeekU Moderator
Posts: 55,545
Joined: 31-May 06

Posted 05 September 2009 - 04:09 PM

OK if you are no longer experiencing problems I will let you go

Re Lavasoft and spybot, they are no longer able to combat the new infections, you are better off with MBAM and SAS

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

SPRING CLEAN

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

SpywareBlaster to help prevent spyware from installing in the first place.
SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

#15 Essexboy

Group: GeekU Moderator
Posts: 55,545
Joined: 31-May 06

Posted 06 September 2009 - 04:23 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Cant run Malwarebytes' Anti-Malware in Safe Mode [Solved] - Geeks to Go Forums