Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browsers crash, can't use file checker, etc.

Started by Obi-Two Kenobi , Sep 16 2010 05:33 PM

  • This topic is locked This topic is locked

#1
Obi-Two Kenobi
Posted 16 September 2010 - 05:33 PM

Obi-Two Kenobi

    New Member

  • Member
  • Pip
  • 6 posts
Hi folks. New here, so appreciate your patience -- as well as your help! Every browser I try crashes, sometimes within moments, sometimes not for an hour. I get "send error report" notices, but when I try to send, I often get a message that the error file could not be located. And there are other things that seem to be blocking my attempts to find and fix what's wrong:
* System file checker just stalls when I try to run it.
* Downloaded MS Security Essentials as per Step 2 of your "Start here" instructions, but it crashes and restarts itself.
* Last set of Windows Updates I got wouldn't load completely, and the error report that was generated could not be sent.
* Tried a system restore to a point some weeks ago, but it didn't work and now I can't use Firefox (nor can I remove it, even though it's listed in the Add and Remove Programs list)
* A holograph of Princess Leia appeared above my machine, and she said "Help me, Geeks to Go." (OK, that didn't really happen.)

My first thought was a problem with a browser add-on, but I have removed and reinstalled Flash, Java, etc. with no improvement.

Am I right in suspecting malware? I've followed the Start Here steps (Malware Bytes found and fixed what could have been a couple of trojans, but that was about it) and am posting the logs below. These scans were done over a period of a few days -- does that interval pose a problem?

Again, thanks for your help!

(p.s. Er, judging by some of the names in the Hosts Files log, I think redirects have also been a problem. I don't remember seeing any of those sites!)



OTL logfile created on: 9/16/2010 6:40:20 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 502.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 39.31 Gb Free Space | 51.51% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 911.49 Gb Free Space | 97.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMP-1
Current User Name: rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/16 18:39:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/17 14:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft LifeCam\MSCamS32.exe


========== Modules (SafeList) ==========

MOD - [2010/09/16 18:39:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/17 14:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XTrapD12.sys -- (XTrapD12)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva132.sys -- (XDva132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/07/01 01:09:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/23 17:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/09/05 22:26:45 | 000,026,056 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/04/10 14:46:54 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/10/28 21:47:49 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/10/07 16:38:30 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 09:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/12 20:38:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/12 20:38:19 | 000,000,000 | ---D | M]

[2010/09/12 20:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Mozilla\Extensions
[2010/09/12 20:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\q2t1xh37.default\extensions
[2010/09/12 20:38:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/12 20:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2010/09/12 20:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2006/05/06 12:42:04 | 007,260,160 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\libvlc.dll
[2010/07/03 12:02:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/05/06 12:42:04 | 000,478,720 | ---- | M] (VideoLAN Team) -- C:\Program Files\Mozilla Firefox\plugins\npvlc.dll

O1 HOSTS File: ([2010/09/08 16:48:10 | 000,418,427 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14465 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {BE24A5A5-669F-4089-9E75-5AD1531B0600} - C:\WINDOWS\System32\ativvax.dll File not found
O2 - BHO: () - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - C:\Program Files\Common Files\goskdl.dll File not found
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\rob\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O15 - HKCU\..Trusted Domains: canwest.com ([webmail] https in Trusted sites)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D} - C:\Program Files\Internet Explorer\rksldk.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/10 04:03:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{770fd1b8-987c-11dd-9ae4-00138fba79c9}\Shell\Auto\command - "" = K:\Ghost.pif -- File not found
O33 - MountPoints2\{770fd1b8-987c-11dd-9ae4-00138fba79c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a18a7ab-ea4d-11db-9a60-00138fba79c9}\Shell\Auto\command - "" = L:\Ghost.pif -- File not found
O33 - MountPoints2\{9a18a7ab-ea4d-11db-9a60-00138fba79c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f406f6c4-213f-11dd-9ab3-00138fba79c9}\Shell\Auto\command - "" = K:\Ghost.pif -- File not found
O33 - MountPoints2\{f406f6c4-213f-11dd-9ab3-00138fba79c9}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/16 18:38:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\OTL.exe
[2010/09/14 18:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/13 23:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\Application Data\Malwarebytes
[2010/09/13 23:23:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/13 23:23:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/13 23:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/13 23:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/13 23:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/13 23:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/13 23:06:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\TFC.exe
[2010/09/12 23:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/09/12 20:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/12 20:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/12 20:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/09/12 20:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\.housecall6.6
[2010/09/12 20:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\Trillian
[2010/09/07 20:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\My Documents\gegl-0.0
[2010/09/07 19:33:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/09/07 19:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\Application Data\QuickScan
[2010/09/07 00:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\Local Settings\Application Data\Google
[2010/08/08 22:10:15 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/07/27 20:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\Application Data\gtk-2.0
[2010/07/27 20:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\.thumbnails
[2010/07/27 20:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\.gimp-2.6
[2010/07/27 20:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/07/27 20:43:29 | 020,039,632 | ---- | C] (The GIMP Team ) -- C:\gimp-2.6.10-i686-setup-1.exe
[2010/07/24 00:46:22 | 000,000,000 | ---D | C] -- C:\Photos-pre08
[2010/07/24 00:26:25 | 000,000,000 | ---D | C] -- C:\photos-08etc
[2010/07/18 20:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/07/05 20:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/07/05 17:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\Desktop\Articles 2010
[2010/07/04 13:06:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/07/04 12:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\Application Data\OpenOffice.org
[2010/07/04 12:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/07/04 12:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/07/04 00:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/07/03 23:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rob\My Documents\Downloads
[2010/07/03 13:32:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\rob\IECompatCache
[2010/07/03 13:31:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\rob\PrivacIE
[2010/07/03 13:28:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/03 12:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/03 11:51:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\rob\IETldCache
[2010/07/03 01:21:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/07/03 01:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/07/03 01:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/07/03 00:55:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/03 00:50:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/02 23:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/07/02 23:16:01 | 000,000,000 | ---D | C] -- C:\e03138076ac9c096a9

========== Files - Modified Within 90 Days ==========

[2010/09/16 18:39:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\OTL.exe
[2010/09/16 18:29:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-839522115-1003UA.job
[2010/09/16 17:53:38 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/16 17:35:59 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/16 17:35:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/16 17:35:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 17:35:24 | 1072,549,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 23:50:09 | 006,512,640 | ---- | M] () -- C:\Documents and Settings\rob\ntuser.dat
[2010/09/15 23:50:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\rob\ntuser.ini
[2010/09/15 19:15:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/14 18:45:25 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/13 23:23:26 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/13 23:20:27 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\NTREGOPT.lnk
[2010/09/13 23:20:27 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\ERUNT.lnk
[2010/09/13 23:06:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rob\Desktop\TFC.exe
[2010/09/12 23:41:29 | 008,054,566 | -H-- | M] () -- C:\Documents and Settings\rob\Local Settings\Application Data\IconCache.db
[2010/09/12 21:11:52 | 000,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/12 20:56:14 | 000,549,012 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/12 20:56:14 | 000,474,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/12 20:56:14 | 000,084,626 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/12 00:29:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-839522115-1003Core.job
[2010/09/11 11:49:12 | 000,000,765 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/11 11:49:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/09 20:22:31 | 000,008,890 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\mysteryspot.jpg
[2010/09/08 16:58:03 | 000,042,716 | ---- | M] () -- C:\Documents and Settings\rob\.recently-used.xbel
[2010/09/08 16:48:10 | 000,418,427 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/07 19:26:05 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\rob\Local Settings\Application Data\housecall.guid.cache
[2010/09/05 23:50:53 | 000,209,678 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\Sep52010bookmarks.html
[2010/09/05 20:46:08 | 000,027,863 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\Lard.jpg
[2010/07/27 20:45:08 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/07/27 20:43:31 | 020,039,632 | ---- | M] (The GIMP Team ) -- C:\gimp-2.6.10-i686-setup-1.exe
[2010/07/24 01:00:45 | 000,000,389 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\Shortcut to Photos-pre08.lnk
[2010/07/24 00:50:48 | 000,000,389 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\Shortcut to photos-08etc.lnk
[2010/07/23 23:59:59 | 000,000,276 | ---- | M] () -- C:\WINDOWS\System\cmicnfg.ini
[2010/07/23 23:52:06 | 000,046,784 | ---- | M] () -- C:\Documents and Settings\rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/18 20:50:08 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\rob\Desktop\EVEREST Home Edition.lnk
[2010/07/06 19:59:42 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/06 19:57:43 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/06 19:57:43 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/05 20:17:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2010/07/04 12:56:04 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/04 12:46:29 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/07/03 12:26:03 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/03 11:51:52 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/03 00:43:30 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/03 00:43:29 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2010/09/14 18:55:21 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/14 18:45:25 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/13 23:23:26 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/13 23:20:27 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\NTREGOPT.lnk
[2010/09/13 23:20:27 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\ERUNT.lnk
[2010/09/08 16:58:03 | 000,042,716 | ---- | C] () -- C:\Documents and Settings\rob\.recently-used.xbel
[2010/09/07 19:26:05 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\rob\Local Settings\Application Data\housecall.guid.cache
[2010/09/07 00:24:51 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-839522115-1003UA.job
[2010/09/07 00:24:49 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-839522115-1003Core.job
[2010/09/05 23:50:53 | 000,209,678 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\Sep52010bookmarks.html
[2010/09/05 20:46:07 | 000,027,863 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\Lard.jpg
[2010/08/04 19:48:53 | 006,512,640 | ---- | C] () -- C:\Documents and Settings\rob\ntuser.dat
[2010/07/27 20:45:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/07/24 01:00:45 | 000,000,389 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\Shortcut to Photos-pre08.lnk
[2010/07/24 00:50:48 | 000,000,389 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\Shortcut to photos-08etc.lnk
[2010/07/18 20:50:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\rob\Desktop\EVEREST Home Edition.lnk
[2010/07/05 21:01:59 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/05 21:00:57 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/05 21:00:57 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/04 12:46:29 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/07/03 00:43:29 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/07/04 18:15:39 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/07/04 18:15:39 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/07/04 18:15:39 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/06/28 13:59:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/15 20:12:28 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/02/26 00:42:58 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/28 22:53:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/09/17 02:01:23 | 000,000,079 | ---- | C] () -- C:\WINDOWS\custvoic.ini
[2007/09/12 17:13:05 | 000,000,040 | ---- | C] () -- C:\WINDOWS\rdrive.ini
[2007/08/01 02:24:39 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/20 16:24:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/07/20 16:16:45 | 000,004,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/06/30 01:08:14 | 000,000,298 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007/03/04 00:12:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/18 03:17:04 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\rob\Local Settings\Application Data\fusioncache.dat
[2006/12/02 00:30:26 | 000,003,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/07 16:38:30 | 000,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/07 16:38:30 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd1997.sys
[2006/09/15 17:45:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/10 04:21:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/10 04:12:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2006/09/10 04:12:36 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/09/10 04:12:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/09/10 04:12:33 | 000,000,153 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2006/09/10 04:11:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2006/09/10 04:11:02 | 000,003,581 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/09/10 04:11:00 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/08/04 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

========== LOP Check ==========

[2008/12/06 00:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/09/17 19:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/03 14:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/05 21:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Aim
[2006/10/28 21:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Atari
[2007/08/01 00:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Azureus
[2008/01/15 17:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Blue Box Network
[2006/12/09 12:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\foobar2000
[2010/09/12 20:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\gtk-2.0
[2008/01/03 12:02:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\rob\Application Data\ijjigame
[2006/11/17 19:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\IMVU
[2006/10/28 21:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Leadertech
[2010/07/04 12:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\OpenOffice.org
[2010/09/07 19:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\QuickScan
[2007/10/22 21:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\REAPER
[2008/01/09 23:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Sandbox
[2007/02/17 12:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\SecondLife
[2008/12/06 00:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Uniblue
[2010/09/12 20:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\uTorrent
[2007/03/16 16:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rob\Application Data\Viewpoint
[2010/09/16 17:53:38 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/10 04:03:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/04 12:56:04 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006/09/10 04:03:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/03/25 12:34:49 | 006,006,832 | ---- | M] (Mozilla) -- C:\Firefox Setup 2.0.0.3.exe
[2010/07/27 20:43:31 | 020,039,632 | ---- | M] (The GIMP Team ) -- C:\gimp-2.6.10-i686-setup-1.exe
[2010/09/16 17:35:24 | 1072,549,888 | -HS- | M] () -- C:\hiberfil.sys
[2006/09/10 04:03:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/03/04 00:20:24 | 000,002,068 | -H-- | M] () -- C:\IPH.PH
[2006/09/10 04:03:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/27 14:26:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/16 17:35:23 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2007/01/29 00:20:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/01/29 01:10:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/01/31 00:33:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/02/07 08:30:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2006/12/23 13:21:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2006/12/23 13:21:43 | 000,000,208 | -H-- | M] () -- C:\sqmdata05.sqm
[2006/12/28 17:30:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2006/12/28 19:43:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/01/06 00:18:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/01/11 08:17:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/01/11 23:09:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/01/14 21:40:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/01/15 08:42:33 | 000,000,280 | -H-- | M] () -- C:\sqmdata12.sqm
[2007/01/17 19:57:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2007/01/17 21:20:37 | 000,000,280 | -H-- | M] () -- C:\sqmdata14.sqm
[2007/01/17 21:45:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2007/01/25 03:11:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2007/01/29 00:03:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2007/01/29 00:18:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2007/01/29 00:18:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2007/01/29 00:20:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/01/29 01:10:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/01/31 00:33:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/02/07 08:30:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2006/12/23 13:21:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2006/12/23 13:21:43 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2006/12/28 17:30:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2006/12/28 19:43:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/01/06 00:18:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/01/11 08:17:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/01/11 23:09:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/01/14 21:40:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/01/15 08:42:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/01/17 19:57:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2007/01/17 21:20:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2007/01/17 21:45:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2007/01/25 03:11:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2007/01/29 00:03:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2007/01/29 00:18:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2007/01/29 00:18:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/09/09 20:45:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/09/09 20:45:34 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/09/09 20:45:34 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-15 23:15:29

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
< End of report >

OTL Extras logfile created on: 9/16/2010 6:40:20 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 502.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 39.31 Gb Free Space | 51.51% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 911.49 Gb Free Space | 97.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMP-1
Current User Name: rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\MattVideoLAN\VLC\vlc.exe --one-instance-when-started-from-file --playlist-enqueue "%1" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\MattVideoLAN\VLC\vlc.exe --one-instance-when-started-from-file --no-playlist-enqueue "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Matt\AIM\aim.exe" = C:\Matt\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Matt\Trillian\trillian.exe" = C:\Matt\Trillian\trillian.exe:*:Enabled:Trillian -- File not found
"C:\Matt\mIRC\mirc.exe" = C:\Matt\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Matt\Azureus\Azureus.exe" = C:\Matt\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Matt\games\AOE2AOK+CONQUERORS\empires2.exe" = C:\Matt\games\AOE2AOK+CONQUERORS\empires2.exe:*:Enabled:Age of Empires II -- File not found
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Matt\games\Starcraft\StarCraft.exe" = C:\Matt\games\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent -- ()
"C:\Matt\games\Warcraft III\Warcraft III.exe" = C:\Matt\games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"C:\Matt\New Folder\Edist_CD_01\openCanvas\OC11B72.EXE" = C:\Matt\New Folder\Edist_CD_01\openCanvas\OC11B72.EXE:*:Enabled:OC11B72 -- File not found
"C:\Matt\ENGLISH\Gunbound Revolution\GunBound.gme" = C:\Matt\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound -- File not found
"C:\Matt\games\LittleFighter2\LF2_v1.9c\lf2.exe" = C:\Matt\games\LittleFighter2\LF2_v1.9c\lf2.exe:*:Enabled:lf2 -- File not found
"C:\ijji\ENGLISH\u_gbound.exe" = C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader> -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- File not found
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Matt\AIM\aim.exe" = C:\Matt\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Matt\VideoLAN\VLC\vlc.exe" = C:\Matt\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{D8185007-3F98-413E-B22D-BA513517383A}" = D5100_Help
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{FD100EAE-33D2-420D-BCEB-361AC512B0BB}" = D5100
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced WMA Workshop_is1" = Advanced WMA Workshop version 2.2
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"C-Media Audio Driver" = C-Media WDM Audio Driver
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RPG Maker 2000 Project2" = RPG Maker 2000 - The Adventures of Lila & Floey
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Words That Follow" = Words That Follow

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/15/2010 7:05:02 PM | Computer Name = COMP-1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 9/15/2010 7:20:23 PM | Computer Name = COMP-1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 9/15/2010 7:20:30 PM | Computer Name = COMP-1 | Source = Application Error | ID = 1004
Description = Faulting application MsMpEng.exe, version 2.1.6805.0, faulting module
mpengine.dll, version 1.1.6103.0, fault address 0x0020e4cf.

Error - 9/15/2010 7:22:09 PM | Computer Name = COMP-1 | Source = Application Error | ID = 1001
Description = Fault bucket 2030123040.

Error - 9/16/2010 5:35:48 PM | Computer Name = COMP-1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 9/16/2010 5:35:50 PM | Computer Name = COMP-1 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 2.1.6805.0, faulting module
mpengine.dll, version 1.1.6103.0, fault address 0x001b24ce.

Error - 9/16/2010 5:48:16 PM | Computer Name = COMP-1 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 2.1.6805.0, faulting module
mpengine.dll, version 1.1.6103.0, fault address 0x00029887.

Error - 9/16/2010 5:51:22 PM | Computer Name = COMP-1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x8050a005, P2 mpupdateengine, P3 am fe,
P4 2.1.1112.0, P5 mpsigstub.exe, P6 2.1.6805.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 9/16/2010 5:51:25 PM | Computer Name = COMP-1 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 9/16/2010 6:37:29 PM | Computer Name = COMP-1 | Source = Application Error | ID = 1001
Description = Fault bucket 2005217565.

[ System Events ]
Error - 9/16/2010 5:48:11 PM | Computer Name = COMP-1 | Source = Microsoft Antimalware | ID = 5008
Description = %%861 engine has been terminated due to an unexpected error. Failure
Type: %%830 Exception code: 0xc0000005 Resource: file:C:\WINDOWS\System32\drivers\redbook.sys

Error - 9/16/2010 5:48:16 PM | Computer Name = COMP-1 | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%837

Error - 9/16/2010 5:48:16 PM | Computer Name = COMP-1 | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%837

Error - 9/16/2010 5:48:17 PM | Computer Name = COMP-1 | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 9/16/2010 5:48:38 PM | Computer Name = COMP-1 | Source = Microsoft Antimalware | ID = 2004
Description = %%861 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050800c Error description: An unexpected problem occurred. Install any
available updates, and then try to start the program again. For information on installing
updates, see Help and Support. Signature version: 1.89.1733.0;1.89.1733.0 Engine
version: 1.1.6103.0

Error - 9/16/2010 5:51:20 PM | Computer Name = COMP-1 | Source = Microsoft Antimalware | ID = 2003
Description = %%861 has encountered an error trying to update the engine. New Engine
Version: 1.1.6201.0 Previous Engine Version: User: NT AUTHORITY\SYSTEM Error Code:
0x8050a005 Error description: The program can't find definition files that help
detect unwanted software. Check for updates to the definition files, and then try
again. For information on installing updates, see Help and Support.

Error - 9/16/2010 5:51:20 PM | Computer Name = COMP-1 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: 1.91.0.0 Previous Signature Version: Update Source: %%815 Update Stage:
%%854 Source Path: Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: 1.1.6201.0 Previous Engine Version: Error code: 0x8050a005 Error
description: The program can't find definition files that help detect unwanted software.
Check for updates to the definition files, and then try again. For information
on installing updates, see Help and Support.

Error - 9/16/2010 5:51:20 PM | Computer Name = COMP-1 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: 1.91.0.0 Previous Signature Version: Update Source: %%815 Update Stage:
%%854 Source Path: Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: 1.1.6201.0 Previous Engine Version: Error code: 0x8050a005 Error
description: The program can't find definition files that help detect unwanted software.
Check for updates to the definition files, and then try again. For information
on installing updates, see Help and Support.

Error - 9/16/2010 5:51:24 PM | Computer Name = COMP-1 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070643 Error description:
Fatal error during installation.

Error - 9/16/2010 5:51:36 PM | Computer Name = COMP-1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696
(Definition 1.91.0.0).


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-15 23:21:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\rob\LOCALS~1\Temp\kwtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF73F5C04]
SSDT sptd.sys ZwEnumerateKey [0xF73F5D48]
SSDT sptd.sys ZwEnumerateValueKey [0xF73F60C0]
SSDT sptd.sys ZwOpenKey [0xF73F5AE2]
SSDT sptd.sys ZwQueryKey [0xF73F618A]
SSDT sptd.sys ZwQueryValueKey [0xF73F6022]
SSDT sptd.sys ZwSetValueKey [0xF73F6212]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD1997.SYS The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[772] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[848] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1884] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F9BBF8
Device \FileSystem\Fastfat \FatCdrom 86E57EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E1193F17-A9C9-4911-8895-E404FF113E32} 86BD60E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F9C2B8
Device \Driver\dmio \Device\DmControl\DmConfig 86F9C2B8
Device \Driver\dmio \Device\DmControl\DmPnP 86F9C2B8
Device \Driver\dmio \Device\DmControl\DmInfo 86F9C2B8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F9C4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F9C4F0
Device \Driver\USBSTOR \Device\00000065 86BDF0E8
Device \FileSystem\Rdbss \Device\FsWrap 86BDC0E8
Device \Driver\USBSTOR \Device\00000066 86BDF0E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7345B40] atapi.sys[unknown section] {MOV EAX, 0x86f9b008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7406684; RET }
Device \Driver\atapi \Device\Ide\IdePort0 [F7345B40] atapi.sys[unknown section] {MOV EAX, 0x86f9b008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7406684; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F7345B40] atapi.sys[unknown section] {MOV EAX, 0x86f9b008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7406684; RET }
Device \Driver\NetBT \Device\NetBt_Wins_Export 86BD60E8
Device \Driver\NetBT \Device\NetbiosSmb 86BD60E8
Device \Driver\Disk \Device\Harddisk0\DR0 86F9BEB0
Device \Driver\Disk \Device\Harddisk1\DR2 86F9BEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B850E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1951DA6F-74A3-492A-B0A3-AEF8F9AB283F} 86BD60E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B850E8
Device \FileSystem\Npfs \Device\NamedPipe 86E560E8
Device \Driver\Ftdisk \Device\FtControl 86F9C4F0
Device \FileSystem\Msfs \Device\Mailslot 86BB40E8
Device \FileSystem\Fastfat \Fat 86E57EB0

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1751639922
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -763658380
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 255451027
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x47 0x47 0x5C 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Matt\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC2 0x54 0xF1 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4D 0xC4 0xB5 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBD 0x03 0x67 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x48 0x5A 0xB4 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xA7 0x71 0xFF 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA7 0x71 0xFF 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x47 0x47 0x5C 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EAAC7FE8-8E06-6A2D-8639-86D5D50919A3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EAAC7FE8-8E06-6A2D-8639-86D5D50919A3}@iankgbbiefhidpojoi 0x6A 0x61 0x6B 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EAAC7FE8-8E06-6A2D-8639-86D5D50919A3}@hahjippnhepoahjn 0x6A 0x61 0x61 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EAAC7FE8-8E06-6A2D-8639-86D5D50919A3}@habkopjhpeoaboma 0x61 0x61 0x00 0x7E
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EAAC7FE8-8E06-6A2D-8639-86D5D50919A3}@habkopjhggjgkhee 0x61 0x61 0x00 0x7E

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\8FTE7MYE\3[1].txt 0 bytes
File C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\8FTE7MYE\gw[1].php 0 bytes

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4611

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/13/2010 11:31:46 PM
mbam-log-2010-09-13 (23-31-46).txt

Scan type: Quick scan
Objects scanned: 130532
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--
(end)
  • 0

Advertisements

#2
emeraldnzl
Posted 17 September 2010 - 01:08 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Obi-Two Kenobi,

In answer to Princess Leia's call. :)

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
Obi-Two Kenobi
Posted 17 September 2010 - 04:32 PM

Obi-Two Kenobi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Emeraldnzl. Here's the ComboFix log as requested.


ComboFix 10-09-16.07 - rob 09/17/2010 17:10:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.590 [GMT -4:00]
Running from: c:\documents and settings\rob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-17 00:24 . 2010-09-17 00:24 -------- dc----w- c:\documents and settings\rob\Application Data\Media Player Classic
2010-09-14 22:47 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-14 22:45 . 2010-09-14 22:45 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-14 03:23 . 2010-09-14 03:23 -------- dc----w- c:\documents and settings\rob\Application Data\Malwarebytes
2010-09-14 03:23 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 03:23 . 2010-09-14 03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 03:23 . 2010-09-14 03:23 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-14 03:23 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 03:20 . 2010-09-14 03:20 -------- d-----w- c:\program files\ERUNT
2010-09-13 03:25 . 2010-09-14 01:20 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-13 00:42 . 2010-09-13 00:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-13 00:38 . 2010-09-13 00:38 -------- d-----w- c:\program files\Java
2010-09-13 00:38 . 2010-09-13 00:38 -------- d-----w- c:\program files\Common Files\Java
2010-09-13 00:36 . 2010-09-13 00:36 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-09-13 00:34 . 2010-09-13 00:34 -------- d-----w- c:\documents and settings\rob\.housecall6.6
2010-09-13 00:34 . 2010-09-13 00:34 -------- d-----w- c:\documents and settings\rob\Trillian
2010-09-07 23:33 . 2010-09-13 00:36 -------- d-----w- c:\windows\BDOSCAN8
2010-09-07 23:31 . 2010-09-07 23:31 -------- dc----w- c:\documents and settings\rob\Application Data\QuickScan
2010-09-07 04:23 . 2010-09-13 00:37 -------- d-----w- c:\documents and settings\rob\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 00:42 . 2010-07-28 00:50 -------- dc----w- c:\documents and settings\rob\Application Data\gtk-2.0
2010-09-13 00:36 . 2007-08-01 04:51 -------- d-----w- c:\documents and settings\rob\Application Data\uTorrent
2010-09-13 00:36 . 2006-11-25 04:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-13 00:36 . 2006-11-25 04:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-01 15:56 . 2010-07-04 16:47 1 -c--a-w- c:\documents and settings\rob\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-28 00:44 . 2010-07-28 00:44 -------- d-----w- c:\program files\GIMP-2.0
2010-07-28 00:43 . 2010-07-28 00:43 20039632 ----a-w- C:\gimp-2.6.10-i686-setup-1.exe
2010-07-24 03:52 . 2006-09-12 15:40 46784 ----a-w- c:\documents and settings\rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-10-07 03:11 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-03 16:03 . 2010-07-03 16:03 503808 ----a-w- c:\documents and settings\rob\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32571f4d-n\msvcp71.dll
2010-07-03 16:03 . 2010-07-03 16:03 499712 ----a-w- c:\documents and settings\rob\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32571f4d-n\jmc.dll
2010-07-03 16:03 . 2010-07-03 16:03 12800 ----a-w- c:\documents and settings\rob\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7bb3087a-n\decora-d3d.dll
2010-07-03 16:03 . 2010-07-03 16:03 61440 ----a-w- c:\documents and settings\rob\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7bb3087a-n\decora-sse.dll
2010-07-03 16:03 . 2010-07-03 16:03 348160 ----a-w- c:\documents and settings\rob\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32571f4d-n\msvcr71.dll
2010-07-03 16:02 . 2010-07-03 16:02 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2006-05-06 16:42 . 2006-09-10 10:07 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\SoftwareDistribution\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\SoftwareDistribution\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3GDR\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . 9BA27D7533D1A2EE6393118AF7169B2A . 5953024 . . [8.00.6001.23019] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\mshtml.dll
[-] 2010-05-04 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\ie8\mshtml.dll
[-] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\1b272c8a858f509af0544d58440bc6f0\SP2GDR\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\1b272c8a858f509af0544d58440bc6f0\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\sp2gdr\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\sp2qfe\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\SoftwareDistribution\Download\f079f64483de750433b596960466dd78\sp2qfe\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\SoftwareDistribution\Download\f079f64483de750433b596960466dd78\sp2gdr\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-10-27 . 7C91F9D79EC63BEA7CCC23F58F2C7182 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-09-14 . BE45460D1453B7342E01EAE79BFBC681 . 3054592 . . [6.00.2900.2995] . . c:\windows\ie7\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB918899$\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\SoftwareDistribution\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\SoftwareDistribution\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3GDR\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\system32\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll
[-] 2010-05-04 . 83306356DE710DA87ED91A6AF6233214 . 832512 . . [7.00.6000.17055] . . c:\windows\ie8\wininet.dll
[-] 2010-05-04 . 506B3DCB9C26070072E3047C6910F844 . 841216 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\1b272c8a858f509af0544d58440bc6f0\SP2GDR\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\1b272c8a858f509af0544d58440bc6f0\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\sp2gdr\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\sp2qfe\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\SoftwareDistribution\Download\f079f64483de750433b596960466dd78\sp2gdr\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\SoftwareDistribution\Download\f079f64483de750433b596960466dd78\sp2qfe\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-10-27 . 7CF0B0D5D9D47585853E2A6978441F64 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-09-14 . 621AF3F6174A3F60677F5230E28BCC07 . 658944 . . [6.00.2900.2995] . . c:\windows\ie7\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-06-23 . 2B4DB890936430C71419037039502752 . 658944 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB918899$\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^rob^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\rob\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^rob^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\rob\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 18:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 18:46 709992 ----a-w- c:\windows\vVX1000.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Matt\\VideoLAN\\VLC\\vlc.exe"=

S3 XDva132;XDva132;\??\c:\windows\system32\XDva132.sys --> c:\windows\system32\XDva132.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/7/2006 4:38 PM 643072]
.
Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\rob\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: canwest.com\webmail
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\rob\Application Data\Mozilla\Firefox\Profiles\q2t1xh37.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{BE24A5A5-669F-4089-9E75-5AD1531B0600} - c:\windows\system32\ativvax.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-Advanced WMA Workshop_is1 - c:\program files\LitexMedia\Advanced WMA Workshop\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-17 17:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1220945662-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EAAC7FE8-8E06-6A2D-8639-86D5D50919A3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iankgbbiefhidpojoi"=hex:6a,61,6b,66,6e,65,6e,69,6a,61,61,6b,69,63,69,61,6b,6f,
64,6e,00,00
"hahjippnhepoahjn"=hex:6a,61,61,69,6e,65,6e,67,6e,6f,66,69,69,68,70,69,6e,6a,
63,6e,00,00
"habkopjhpeoaboma"=hex:61,61,00,7e
"habkopjhggjgkhee"=hex:61,61,00,7e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-17 17:20:32
ComboFix-quarantined-files.txt 2010-09-17 21:20

Pre-Run: 42,343,018,496 bytes free
Post-Run: 42,365,362,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3E9ABAFF5C4B2E3A55E206B16F555B98
  • 0

#4
emeraldnzl
Posted 17 September 2010 - 05:00 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Obi-Two Kenobi,

Please tell me when you return if you have a Windows Installation disk for that machine.

judging by some of the names in the Hosts Files log


Nothing to worry about, those are put there as a security measure. If you try to access those ones you will be redirected back to your own computer... a safety thing to prevent infection.

Now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XTrapD12.sys -- (XTrapD12)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva132.sys -- (XDva132)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {BE24A5A5-669F-4089-9E75-5AD1531B0600} - C:\WINDOWS\System32\ativvax.dll File not found
O2 - BHO: () - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - C:\Program Files\Common Files\goskdl.dll File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\rob\Start Menu\Programs\IMVU\Run IMVU.lnk () [COLOR=orange][B]<------- optional but removal recommendd[/B][/COLOR]
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D} - C:\Program Files\Internet Explorer\rksldk.dll File not found
O33 - MountPoints2\{770fd1b8-987c-11dd-9ae4-00138fba79c9}\Shell\Auto\command - "" = K:\Ghost.pif -- File not found
O33 - MountPoints2\{770fd1b8-987c-11dd-9ae4-00138fba79c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a18a7ab-ea4d-11db-9a60-00138fba79c9}\Shell\Auto\command - "" = L:\Ghost.pif -- File not found
O33 - MountPoints2\{9a18a7ab-ea4d-11db-9a60-00138fba79c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f406f6c4-213f-11dd-9ab3-00138fba79c9}\Shell\Auto\command - "" = K:\Ghost.pif -- File not found
O33 - MountPoints2\{f406f6c4-213f-11dd-9ab3-00138fba79c9}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Commands
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0

#5
Obi-Two Kenobi
Posted 17 September 2010 - 09:07 PM

Obi-Two Kenobi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Emeraldnzl.

I'm afraid I do NOT have a Windows installation disk.

I ran OTL as directed; log is below. Thanks for info re Hosts Files!


All processes killed
========== OTL ==========
Service XTrapD12 stopped successfully!
Service XTrapD12 deleted successfully!
File C:\WINDOWS\System32\XTrapD12.sys not found.
Service XDva132 stopped successfully!
Service XDva132 deleted successfully!
File C:\WINDOWS\System32\XDva132.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE24A5A5-669F-4089-9E75-5AD1531B0600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE24A5A5-669F-4089-9E75-5AD1531B0600}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1626E66-C26B-C628-E1DF-CDACCFA26EE1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1626E66-C26B-C628-E1DF-CDACCFA26EE1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
C:\Documents and Settings\rob\Start Menu\Programs\IMVU\Run IMVU.lnk moved successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {41564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
C:\WINDOWS\Downloaded Program Files\oscan8.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{770fd1b8-987c-11dd-9ae4-00138fba79c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{770fd1b8-987c-11dd-9ae4-00138fba79c9}\ not found.
File K:\Ghost.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{770fd1b8-987c-11dd-9ae4-00138fba79c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{770fd1b8-987c-11dd-9ae4-00138fba79c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a18a7ab-ea4d-11db-9a60-00138fba79c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a18a7ab-ea4d-11db-9a60-00138fba79c9}\ not found.
File L:\Ghost.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a18a7ab-ea4d-11db-9a60-00138fba79c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a18a7ab-ea4d-11db-9a60-00138fba79c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f406f6c4-213f-11dd-9ab3-00138fba79c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f406f6c4-213f-11dd-9ab3-00138fba79c9}\ not found.
File K:\Ghost.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f406f6c4-213f-11dd-9ab3-00138fba79c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f406f6c4-213f-11dd-9ab3-00138fba79c9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: My Documents

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: rob
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 14999780 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 856 bytes

User: temps

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: My Documents

User: NetworkService

User: rob
->Flash cache emptied: 0 bytes

User: temps

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09172010_224931

Files\Folders moved on Reboot...
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\YOJ2UEVL\mail[1].htm moved successfully.
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\YOJ2UEVL\mail[3].htm moved successfully.
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\YOJ2UEVL\profile[1].htm moved successfully.
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\XZV4GI2G\286589-browsers-crash-cant-use-file-checker-etc[1].htm moved successfully.
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\U4OJI5RV\mail[1].htm moved successfully.
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\U4OJI5RV\redirectiframe[1].html moved successfully.
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\DHQKXW3Y\11[1].htm moved successfully.
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\DHQKXW3Y\like[1].htm moved successfully.
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\DHQKXW3Y\profile[1].htm moved successfully.
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\Content.IE5\DHQKXW3Y\xd_proxy[1].htm moved successfully.
C:\Documents and Settings\rob\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#6
emeraldnzl
Posted 17 September 2010 - 09:22 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Obi-Two Kenobi,

I'm afraid I do NOT have a Windows installation disk.


I only asked in case we needed it. Looked like there might be some corrupt files there. Might be OK though.

Now

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is performing now
  • 0

#7
Obi-Two Kenobi
Posted 18 September 2010 - 10:48 AM

Obi-Two Kenobi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi, Emeraldnzl. The Malwarebytes scan came up clean. Scan report is below. I've tried to do the Kaspersky online scan, but according to the website, it is unavailable. A "new and improved version" is promised for some future date. Is there another online scanner you would recommend?

In the meantime, I did a quick scan with Microsoft Essentials and it also came up clean.

In response to your final question, I can report that my computer seems much more stable. I've been able to reinstall Firefox, for example, and it is running largely without problems. In fact, the only crashes of late, in both Firefox and IE, have come when I've clicked on the link you provided to the Kaspersky scan!

I do note that I am still unable to do a disk scan through the sfc /scannow command. I wonder, however, if this could be related to the corrupt files, rather than any remaining virus. Your thoughts and recommendations are appreciated.





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4643

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/17/2010 11:38:59 PM
mbam-log-2010-09-17 (23-38-59).txt

Scan type: Quick scan
Objects scanned: 132171
Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
emeraldnzl
Posted 18 September 2010 - 03:41 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I do note that I am still unable to do a disk scan through the sfc /scannow command. I wonder, however, if this could be related to the corrupt files,


I don't know the answer to that but you do have multiple system files that failed Sigcheck. You would be unlikely to be able to use the sfc /scannow command successfully in your case without a Windows Installation Disk to replace the files. Combofix is not seeing good replacement files on your machine. I believe there can be quite legitimate reasons why on some computers files don't pass sigcheck.

You could try chkdsk to see if that makes a difference. Doesn't replace system files but it can fix corrupt data which may be a reason you can't run that command.

Go to Windows XP chkdsk for some helpful instructions.

After that

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
Finally

Here is an alternative on line scanner to use:

Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Click Start and if your security program asks you if you want to allow the program, click yes.
  • If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
  • Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
  • Copy and paste that log as a reply to this topic
When you return please post
  • MGADiagnostic check log
  • ESET scan results

  • 0

#9
Obi-Two Kenobi
Posted 19 September 2010 - 10:11 AM

Obi-Two Kenobi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,Emeraldnzl. My apologies for the delay. MGAdiag and ESET reports below. I also ran chkdsk, but wasn't in front of my machine when it finished, so I'm not sure if it was able to fix any corrupt data.


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-JKFG2-WPTR6-7VVRB
Windows Product Key Hash: SHNhHahKTvFeewo+3qcjDQLv/yw=
Windows Product ID: 76487-OEM-2214023-19940
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {43D03061-544A-4E77-9666-C303361C0A6E}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.5512], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\licdll.dll[5.1.2600.5512], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.5755], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\kernel32.dll[5.1.2600.5781], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\crypt32.dll[5.131.2600.5512], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\advapi32.dll[5.1.2600.5755], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\setupapi.dll[5.1.2600.5512], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.5512], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{43D03061-544A-4E77-9666-C303361C0A6E}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7VVRB</PKey><PID>76487-OEM-2214023-19940</PID><PIDType>3</PIDType><SID>S-1-5-21-823518204-1220945662-839522115</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P2.50</Version><SMBIOSVersion major="2" minor="4"/><Date>20060712000000.000000+000</Date></BIOS><HWID>6696395F0184606C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 13743:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7733028ffe6e7d4ab259906a83110901
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-19 05:29:20
# local_time=2010-09-19 01:29:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 55585398 55585398 0 0
# compatibility_mode=1024 16777215 100 0 68585811 68585811 0 0
# compatibility_mode=5891 16776869 100 100 0 14378317 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=91838
# found=0
# cleaned=0
# scan_time=7222
  • 0

#10
emeraldnzl
Posted 19 September 2010 - 02:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Obi-Two Kenobi,

There are elements in the diagnostic test that suggest that there is a mismatch with genuine microsoft files. You will need to take that up with Microsoft.

Now

Your machine looks clean of malware to me.

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
  • Download from here Java Runtime Environment (JDK) Update
  • Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

    Reboot your computer.
    You also need to uininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.
-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • It is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > Automatic Updates
    * Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
    * Click Apply then OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!
  • 0

#11
Obi-Two Kenobi
Posted 19 September 2010 - 07:11 PM

Obi-Two Kenobi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Have done the ComboFix and OTL steps, Emeraldnzl, and will follow your other suggestions re updating Java, clearing the Temp folders, keeping my browser secure, etc. Startuplite sounds very useful -- I'll install it.

And yes, my computer is far more stable, and as you point out, any remaining issues would seem to be with the original operating system, so I will see what Microsoft will do for me on those

Thank you for your time and expertise in getting this machine running again, Emeraldnzl, and thanks to Geeks To Go for providing this service. I very much appreciate all of your efforts. Now, if you know anything about holograph generators, I believe Princess Leia is trying to get in touch!

Cheers.
  • 0

#12
emeraldnzl
Posted 19 September 2010 - 07:17 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Now, if you know anything about holograph generators, I believe Princess Leia is trying to get in touch!


Wish her well from me. ;)

Thank you for your time and expertise in getting this machine running again


Your welcome :D
  • 0

#13
emeraldnzl
Posted 19 September 2010 - 07:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP