Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot find 'http://(Chinese characters)


  • This topic is locked This topic is locked

#1
bhzendner

bhzendner

    Member

  • Member
  • PipPipPip
  • 226 posts
Malwarebytes removed the primary infection and it now scans clean, but I cannot do windows updates and the IE browser keeps getting these messages?
Pleae Help.

OTL logfile created on: 5/4/2011 8:04:31 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Erle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 349.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 374.69 Gb Free Space | 80.45% Space Free | Partition Type: NTFS

Computer Name: PLANTXP | User Name: Erle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 20:03:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erle\Desktop\OTL.exe
PRC - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/02/16 15:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2011/02/10 07:00:24 | 000,116,752 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/02/10 06:57:40 | 001,035,512 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/09 10:52:36 | 000,238,976 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImNotfy.exe
PRC - [2008/07/09 10:52:36 | 000,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/01/09 11:43:52 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2002/10/15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
PRC - [2002/07/23 11:02:28 | 000,233,472 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView5\NkvMon.exe
PRC - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 11:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2002/01/01 03:01:40 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2001/10/11 17:35:02 | 000,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 20:03:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erle\Desktop\OTL.exe
MOD - [2011/03/01 12:12:04 | 000,202,112 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIhook.000.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/06/03 10:47:06 | 000,138,216 | ---- | M] (Babylon Ltd.) -- C:\Program Files\IncrediMail\bin\B4ImApp.dll
MOD - [2008/04/13 17:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 17:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/13 17:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 17:12:06 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmpapi.dll
MOD - [2008/04/13 17:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2008/04/13 17:12:03 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rassapi.dll
MOD - [2008/04/13 17:11:57 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll
MOD - [2008/04/13 17:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 17:11:55 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetmib1.dll
MOD - [2008/04/13 17:11:48 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll
MOD - [2008/04/13 17:11:48 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll
MOD - [2001/10/08 10:17:36 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/02/16 15:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/03/01 12:12:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/05/15 14:57:22 | 000,037,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2002/01/01 03:02:03 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2002/01/01 03:02:03 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2002/01/01 03:02:03 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2002/01/01 03:02:03 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/05/03 11:24:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/05/03 14:44:00 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://www.realquest...r/mapviewer.cab (First American Res MapActiveX Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Erle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/09 11:43:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a6fe9726-39ac-11dd-ac37-00502c06ebcf}\Shell\AutoRun\command - "" = F:\bootcd\wintools\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 20:03:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erle\Desktop\OTL.exe
[2011/05/03 16:16:36 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/05/03 16:16:35 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/05/03 16:16:35 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/05/03 16:16:22 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/05/03 16:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/05/03 16:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\My Documents\Downloads
[2011/05/03 16:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Start Menu\Programs\Google Chrome
[2011/05/03 16:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Local Settings\Application Data\Deployment
[2011/05/03 15:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/03 15:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/03 15:54:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/03 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/03 14:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Trend Micro
[2011/05/03 14:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Application Data\Trend Micro
[2011/05/03 14:44:00 | 000,000,000 | ---D | C] -- C:\temp
[2011/05/03 11:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2011/05/03 11:55:09 | 003,161,648 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Erle\My Documents\dfsetup204.exe
[2011/05/03 11:55:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Erle\Recent
[2011/05/03 11:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/05/03 11:37:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Erle\IECompatCache
[2011/05/03 11:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Start Menu\Programs\Trend Micro Titanium Maximum Security
[2011/05/03 11:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Trend Micro
[2011/05/03 11:25:40 | 000,092,112 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2011/05/03 11:25:34 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/03 11:25:34 | 000,080,464 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2011/05/03 11:25:34 | 000,064,080 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2011/05/03 11:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Trend Micro
[2011/05/03 11:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2011/05/03 11:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/01 23:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/05/01 20:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/01 20:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/01 18:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/01 18:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/01 17:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/05/01 17:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/05/01 12:48:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/30 18:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/30 18:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/23 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2 C:\Documents and Settings\Erle\My Documents\*.tmp files -> C:\Documents and Settings\Erle\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/04 20:18:29 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A75A925-3F77-467D-A403-E7CB429A10A2}.job
[2011/05/04 20:12:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003UA.job
[2011/05/04 20:03:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erle\Desktop\OTL.exe
[2011/05/04 16:12:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003Core.job
[2011/05/04 11:45:50 | 000,000,070 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2011/05/04 07:07:02 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 07:06:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 06:57:57 | 000,453,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/04 06:57:57 | 000,075,348 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/03 16:59:27 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/03 16:36:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/03 16:16:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/05/03 16:09:31 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Erle\Desktop\Google Chrome.lnk
[2011/05/03 16:09:31 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/03 15:54:54 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/03 15:54:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/03 11:56:15 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/05/03 11:55:09 | 003,161,648 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Erle\My Documents\dfsetup204.exe
[2011/05/03 11:53:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/03 11:43:17 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/03 11:27:39 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\Erle\Desktop\Trend Micro Titanium Maximum Security.lnk
[2011/04/29 21:54:13 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Erle\Desktop\Microsoft Word.lnk
[2011/04/29 14:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/23 22:03:55 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/23 22:03:55 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/23 22:03:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/04/23 10:53:04 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/15 07:38:27 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\Documents and Settings\Erle\My Documents\*.tmp files -> C:\Documents and Settings\Erle\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 16:15:59 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/05/03 16:09:31 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Erle\Desktop\Google Chrome.lnk
[2011/05/03 16:09:31 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/03 16:07:44 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003UA.job
[2011/05/03 16:07:43 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003Core.job
[2011/05/03 15:54:54 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/03 15:54:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/03 11:56:15 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/05/03 11:53:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/03 11:41:23 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/03 11:41:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/03 11:27:25 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\Erle\Desktop\Trend Micro Titanium Maximum Security.lnk
[2011/05/03 11:13:11 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A75A925-3F77-467D-A403-E7CB429A10A2}.job
[2011/05/02 19:02:45 | 000,011,186 | -HS- | C] () -- C:\Documents and Settings\Erle\Local Settings\Application Data\0o7l0g3c1o417th51a72l7ia164x0qlgr83h0
[2011/05/02 19:02:45 | 000,011,186 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0o7l0g3c1o417th51a72l7ia164x0qlgr83h0
[2011/04/30 21:31:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/23 22:03:55 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/23 22:03:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/23 22:03:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/02/23 08:27:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/12 23:51:58 | 000,087,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/26 22:22:52 | 000,026,876 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/03 19:59:12 | 000,000,268 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2009/02/25 23:11:52 | 000,046,456 | R--- | C] () -- C:\WINDOWS\System32\exitwx.exe
[2008/10/11 13:46:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/19 11:48:25 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2006/12/15 20:35:52 | 000,001,270 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/05/03 14:30:52 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2006/03/16 19:08:16 | 000,001,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/10 20:58:03 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/01/10 20:56:29 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Erle\Local Settings\Application Data\fusioncache.dat
[2006/01/10 20:56:14 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2006/01/10 20:56:14 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2006/01/10 20:56:14 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2006/01/10 20:56:14 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2006/01/10 20:55:09 | 000,001,056 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2005/12/15 10:31:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ONLINE.INI
[2005/11/23 19:18:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL
[2005/11/15 10:59:55 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/10/07 12:26:15 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Erle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/26 17:25:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/06/19 20:26:12 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\vskt7.ini
[2004/12/15 20:14:15 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/12/15 20:14:15 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/12/15 20:14:14 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/12/15 20:14:14 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/12/15 20:14:14 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/11/28 14:09:46 | 000,000,219 | ---- | C] () -- C:\WINDOWS\satmat.ini
[2004/10/23 10:22:43 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/10/20 17:47:30 | 000,000,045 | ---- | C] () -- C:\WINDOWS\AFIMJMG.ini
[2004/10/02 13:19:40 | 000,001,200 | ---- | C] () -- C:\WINDOWS\BRCONDO2.INI
[2004/09/22 11:48:48 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/09/22 11:46:54 | 000,000,349 | ---- | C] () -- C:\WINDOWS\WinSkt.INI
[2004/09/14 17:18:05 | 000,001,339 | ---- | C] () -- C:\WINDOWS\BRURAR2.INI
[2004/09/13 20:20:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/09/11 19:30:13 | 000,000,908 | ---- | C] () -- C:\WINDOWS\BRSMIN2.INI
[2004/09/10 14:34:21 | 000,000,558 | ---- | C] () -- C:\WINDOWS\CFORMDB.INI
[2004/09/09 21:47:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/09/09 21:14:21 | 000,000,663 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/09/09 21:13:43 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2004/09/09 20:24:08 | 000,000,302 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/09/09 20:22:36 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WIN2SEC.INI
[2004/09/09 19:46:53 | 000,000,418 | ---- | C] () -- C:\WINDOWS\SKETCHER.INI
[2004/09/09 19:43:23 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\vskt2.ini
[2004/09/09 19:14:06 | 000,000,165 | ---- | C] () -- C:\WINDOWS\ORDERMGR.INI
[2004/09/09 19:11:40 | 000,000,615 | ---- | C] () -- C:\WINDOWS\Compeval.ini
[2004/09/09 19:11:40 | 000,000,237 | ---- | C] () -- C:\WINDOWS\Foto.ini
[2004/09/09 18:57:28 | 000,000,115 | ---- | C] () -- C:\WINDOWS\CFORMS.INI
[2004/09/09 18:57:24 | 000,074,400 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip.dll
[2004/09/09 18:45:22 | 000,000,479 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/09 18:45:22 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/09/09 18:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2004/09/09 13:01:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/09/09 12:57:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/09 12:32:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2004/09/09 11:46:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/09 11:40:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/09 04:13:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/09 04:11:08 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/07/22 17:28:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/06/15 03:00:00 | 000,077,321 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2003/03/31 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 05:00:00 | 000,453,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 05:00:00 | 000,075,348 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/30 09:21:29 | 000,000,544 | ---- | C] () -- C:\WINDOWS\System32\WinSkt7.INI
[2002/11/19 15:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 15:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2002/05/15 14:57:22 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/22 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/04/01 01:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/04/01 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/04/01 01:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/04/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/02/23 09:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2005/11/23 19:18:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/02/23 09:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/07/10 17:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/07/10 17:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/05/03 19:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/07/10 00:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/26 16:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/04 07:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\Easy Thumbnails
[2010/08/24 10:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\EurekaLog
[2004/09/09 21:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\InterTrust
[2007/06/12 09:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\JAM Software
[2007/07/29 13:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\MyPublisher
[2004/09/09 21:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\Nikon
[2006/12/15 21:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\Snapfish
[2011/05/04 20:18:29 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4A75A925-3F77-467D-A403-E7CB429A10A2}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi bhzendner,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Next

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
Thank you.
RogueKiller V5.1.1 [05/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Erle [Admin rights]
Mode: Scan -- Date : 05/11/2011 08:25:23

Bad processes: 0

Registry Entries: 0

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt



aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-11 08:26:26
-----------------------------
08:26:26.477 OS Version: Windows 5.1.2600 Service Pack 3
08:26:26.477 Number of processors: 1 586 0x602
08:26:26.477 ComputerName: PLANTXP UserName: Erle
08:26:27.758 Initialize success
08:26:35.727 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:26:35.727 Disk 0 Vendor: MAXTOR_STM3500630A 3.AAE Size: 476940MB BusType: 3
08:26:35.727 Device \Driver\atapi -> DriverStartIo 86f1d33b
08:26:37.727 Disk 0 MBR read successfully
08:26:37.727 Disk 0 MBR scan
08:26:37.727 Disk 0 [email protected] code has been found
08:26:37.727 Disk 0 Windows XP default MBR code found via API
08:26:37.727 Disk 0 MBR hidden
08:26:37.727 Disk 0 MBR [TDL4] **ROOTKIT**
08:26:37.727 Disk 0 trace - called modules:
08:26:37.742 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86f1d4f0]<<
08:26:37.742 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f84ab8]
08:26:37.742 3 CLASSPNP.SYS[f75effd7] -> nt!IofCallDriver -> \Device\00000059[0x86f68f18]
08:26:37.742 5 ACPI.sys[f7566620] -> nt!IofCallDriver -> [0x86f87940]
08:26:37.742 \Driver\atapi[0x86fd24c8] -> IRP_MJ_CREATE -> 0x86f1d4f0
08:26:37.742 Scan finished successfully
08:27:14.180 Disk 0 MBR has been saved successfully to "F:\G2G\MBR.dat"
08:27:14.227 The log file has been saved successfully to "F:\G2G\aswMBR.txt"
  • 0

#4
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Step One

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix for TDL4

Posted Image

Save the log as before and post in your next reply

Step Two

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Step Three

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
At the end of step one the computer froze.
I rebooted and ran step one again.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-11 09:55:31
-----------------------------
09:55:31.687 OS Version: Windows 5.1.2600 Service Pack 3
09:55:31.687 Number of processors: 1 586 0x602
09:55:31.687 ComputerName: PLANTXP UserName: Erle
09:55:33.375 Initialize success
09:55:35.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:55:35.656 Disk 0 Vendor: MAXTOR_STM3500630A 3.AAE Size: 476940MB BusType: 3
09:55:37.671 Disk 0 MBR read successfully
09:55:37.671 Disk 0 MBR scan
09:55:37.671 Disk 0 Windows XP default MBR code
09:55:39.671 Disk 0 scanning sectors +976768065
09:55:39.687 Disk 0 scanning C:\WINDOWS\system32\drivers
09:55:45.906 Service scanning
09:55:47.046 Disk 0 trace - called modules:
09:55:47.046 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
09:55:47.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f6eab8]
09:55:47.046 3 CLASSPNP.SYS[f75effd7] -> nt!IofCallDriver -> \Device\0000005b[0x86f85f18]
09:55:47.046 5 ACPI.sys[f7566620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fd4d98]
09:55:47.046 Scan finished successfully
09:56:09.953 Disk 0 MBR has been saved successfully to "F:\G2G\MBR.dat"
09:56:09.953 The log file has been saved successfully to "F:\G2G\aswMBR2.txt"


2011/05/11 09:57:16.0968 3528 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/11 09:57:17.0781 3528 ================================================================================
2011/05/11 09:57:17.0781 3528 SystemInfo:
2011/05/11 09:57:17.0781 3528
2011/05/11 09:57:17.0781 3528 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/11 09:57:17.0781 3528 Product type: Workstation
2011/05/11 09:57:17.0781 3528 ComputerName: PLANTXP
2011/05/11 09:57:17.0781 3528 UserName: Erle
2011/05/11 09:57:17.0781 3528 Windows directory: C:\WINDOWS
2011/05/11 09:57:17.0781 3528 System windows directory: C:\WINDOWS
2011/05/11 09:57:17.0781 3528 Processor architecture: Intel x86
2011/05/11 09:57:17.0781 3528 Number of processors: 1
2011/05/11 09:57:17.0781 3528 Page size: 0x1000
2011/05/11 09:57:17.0781 3528 Boot type: Normal boot
2011/05/11 09:57:17.0781 3528 ================================================================================
2011/05/11 09:57:18.0375 3528 Initialize success
2011/05/11 09:57:26.0171 1180 ================================================================================
2011/05/11 09:57:26.0171 1180 Scan started
2011/05/11 09:57:26.0171 1180 Mode: Manual;
2011/05/11 09:57:26.0171 1180 ================================================================================
2011/05/11 09:57:26.0671 1180 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/11 09:57:26.0796 1180 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/11 09:57:26.0968 1180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/11 09:57:27.0062 1180 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/11 09:57:27.0171 1180 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/05/11 09:57:27.0609 1180 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/05/11 09:57:28.0187 1180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/11 09:57:28.0281 1180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/11 09:57:28.0468 1180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/11 09:57:28.0593 1180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/11 09:57:28.0687 1180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/11 09:57:28.0875 1180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/11 09:57:29.0093 1180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/11 09:57:29.0203 1180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/11 09:57:29.0281 1180 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/11 09:57:29.0625 1180 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
2011/05/11 09:57:30.0109 1180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/11 09:57:30.0234 1180 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/11 09:57:30.0359 1180 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/11 09:57:30.0453 1180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/11 09:57:30.0609 1180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/11 09:57:30.0843 1180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/11 09:57:31.0015 1180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/11 09:57:31.0125 1180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/11 09:57:31.0218 1180 FET5X86V (e7072827d0b5f9bd99d6961571a38973) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/05/11 09:57:31.0296 1180 FETND5BV (e7072827d0b5f9bd99d6961571a38973) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/05/11 09:57:31.0390 1180 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/05/11 09:57:31.0500 1180 FETNDISB (b0f11e97b051e7dcca40b0453f985636) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/05/11 09:57:31.0625 1180 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/11 09:57:31.0890 1180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/11 09:57:32.0031 1180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/11 09:57:32.0125 1180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/11 09:57:32.0203 1180 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/11 09:57:32.0343 1180 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/05/11 09:57:32.0437 1180 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/11 09:57:32.0531 1180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/11 09:57:32.0718 1180 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/11 09:57:32.0921 1180 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/11 09:57:33.0265 1180 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/11 09:57:33.0375 1180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/11 09:57:33.0671 1180 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/11 09:57:33.0765 1180 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/11 09:57:33.0875 1180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/11 09:57:33.0968 1180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/11 09:57:34.0078 1180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/11 09:57:34.0187 1180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/11 09:57:34.0328 1180 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/11 09:57:34.0453 1180 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/11 09:57:34.0531 1180 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/11 09:57:34.0640 1180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/11 09:57:34.0765 1180 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/11 09:57:35.0046 1180 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/05/11 09:57:35.0203 1180 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/05/11 09:57:35.0359 1180 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/05/11 09:57:35.0453 1180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/11 09:57:35.0531 1180 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/11 09:57:35.0593 1180 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/11 09:57:35.0687 1180 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/11 09:57:35.0765 1180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/11 09:57:35.0843 1180 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/05/11 09:57:36.0031 1180 MpKsl27c8d4f4 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D75114E-07F1-4072-AEB0-A280AAA04289}\MpKsl27c8d4f4.sys
2011/05/11 09:57:36.0109 1180 MpKsl5fc86b2b (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D75114E-07F1-4072-AEB0-A280AAA04289}\MpKsl5fc86b2b.sys
2011/05/11 09:57:36.0203 1180 MpKslcd3fc621 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D75114E-07F1-4072-AEB0-A280AAA04289}\MpKslcd3fc621.sys
2011/05/11 09:57:36.0468 1180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/11 09:57:36.0578 1180 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/11 09:57:36.0703 1180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/11 09:57:36.0812 1180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/11 09:57:36.0937 1180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/11 09:57:37.0218 1180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/11 09:57:37.0312 1180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/11 09:57:37.0421 1180 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/11 09:57:37.0562 1180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/11 09:57:37.0671 1180 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/11 09:57:37.0765 1180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/11 09:57:37.0843 1180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/11 09:57:37.0937 1180 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/11 09:57:38.0156 1180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/11 09:57:38.0265 1180 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/11 09:57:38.0500 1180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/11 09:57:38.0640 1180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/11 09:57:38.0765 1180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/11 09:57:39.0140 1180 nv (5e640f37801f2d4152d11595218915cd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/11 09:57:39.0515 1180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/11 09:57:39.0593 1180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/11 09:57:39.0734 1180 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/11 09:57:39.0828 1180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/11 09:57:39.0937 1180 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/11 09:57:40.0046 1180 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/11 09:57:40.0312 1180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/11 09:57:40.0984 1180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/11 09:57:41.0062 1180 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/11 09:57:41.0125 1180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/11 09:57:41.0234 1180 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/11 09:57:41.0718 1180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/11 09:57:41.0859 1180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/11 09:57:41.0968 1180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/11 09:57:42.0062 1180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/11 09:57:42.0187 1180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/11 09:57:42.0281 1180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/11 09:57:42.0437 1180 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/11 09:57:42.0531 1180 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/11 09:57:42.0640 1180 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/11 09:57:42.0875 1180 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/11 09:57:43.0015 1180 SbcpHid (54bc894d4af6468f0c54f867f816a2e8) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/05/11 09:57:43.0125 1180 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/11 09:57:43.0281 1180 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/11 09:57:43.0390 1180 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/11 09:57:43.0562 1180 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/11 09:57:43.0890 1180 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/11 09:57:43.0968 1180 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/11 09:57:44.0093 1180 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/11 09:57:44.0250 1180 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/11 09:57:44.0343 1180 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/11 09:57:44.0781 1180 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/11 09:57:44.0921 1180 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/11 09:57:45.0015 1180 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/11 09:57:45.0093 1180 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/11 09:57:45.0171 1180 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/11 09:57:45.0484 1180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/11 09:57:45.0687 1180 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/11 09:57:45.0843 1180 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/11 09:57:45.0937 1180 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/11 09:57:46.0015 1180 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/11 09:57:46.0171 1180 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/11 09:57:46.0265 1180 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/11 09:57:46.0359 1180 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/11 09:57:46.0453 1180 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/11 09:57:46.0562 1180 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/11 09:57:46.0671 1180 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/11 09:57:46.0781 1180 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/11 09:57:46.0906 1180 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/11 09:57:47.0093 1180 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/11 09:57:47.0281 1180 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/11 09:57:47.0609 1180 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/11 09:57:47.0703 1180 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/11 09:57:48.0031 1180 ================================================================================
2011/05/11 09:57:48.0031 1180 Scan finished
2011/05/11 09:57:48.0031 1180 ================================================================================

ComboFix 11-05-10.02 - Erle 05/11/2011 10:09:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.600 [GMT -7:00]
Running from: c:\documents and settings\Erle\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Erle\Application Data\EurekaLog
c:\documents and settings\Erle\Application Data\EurekaLog\EurekaLog.ini
c:\documents and settings\Erle\g2mdlhlpx.exe
c:\documents and settings\Erle\My Documents\DPE.DUS
c:\documents and settings\Erle\WINDOWS
c:\program files\Common Files\System\Uninstall
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 16:50 . 2011-05-11 16:50 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D75114E-07F1-4072-AEB0-A280AAA04289}\MpKsl27c8d4f4.sys
2011-05-11 16:42 . 2011-05-11 16:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D75114E-07F1-4072-AEB0-A280AAA04289}\MpKsl5fc86b2b.sys
2011-05-11 13:37 . 2011-05-11 13:37 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D75114E-07F1-4072-AEB0-A280AAA04289}\MpKslcd3fc621.sys
2011-05-10 16:29 . 2011-05-10 16:29 -------- d-----w- c:\documents and settings\Erle\Application Data\ElevatedDiagnostics
2011-05-10 16:16 . 2011-04-18 16:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D75114E-07F1-4072-AEB0-A280AAA04289}\mpengine.dll
2011-05-10 16:16 . 2011-02-03 01:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 16:10 . 2011-05-10 16:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-10 15:39 . 2011-05-10 15:39 -------- d-----w- c:\program files\Magical Jelly Bean
2011-05-10 04:52 . 2011-05-10 04:52 -------- d--h--w- c:\windows\msdownld.tmp
2011-05-10 04:47 . 2011-05-10 04:52 -------- dc-h--w- c:\windows\ie8
2011-05-10 04:23 . 2011-03-01 19:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-05-10 03:51 . 2011-05-10 03:51 -------- d-----w- c:\documents and settings\Erle\Local Settings\Application Data\Mozilla
2011-05-10 03:47 . 2011-05-10 03:47 -------- d-----w- c:\documents and settings\Erle\Local Settings\Application Data\LogMeIn
2011-05-10 03:47 . 2011-03-01 19:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-05-10 03:47 . 2010-09-17 22:40 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-05-10 03:47 . 2010-09-17 22:39 25248 ----a-w- c:\windows\system32\LMImirr.dll
2011-05-10 03:47 . 2010-09-17 22:39 11552 ----a-w- c:\windows\system32\LMImirr2.dll
2011-05-10 03:47 . 2010-09-17 22:39 10144 ----a-w- c:\windows\system32\drivers\LMImirr.sys
2011-05-05 03:34 . 2011-05-05 03:34 -------- d-----w- c:\documents and settings\Erle\Application Data\SUPERAntiSpyware.com
2011-05-04 03:03 . 2011-05-05 22:04 -------- d-----w- c:\documents and settings\LogMeInRemoteUser.PLANTXP
2011-05-03 23:15 . 2011-05-10 03:47 -------- d-----w- c:\program files\LogMeIn
2011-05-03 23:06 . 2011-05-10 03:43 -------- d-----w- c:\documents and settings\Erle\Local Settings\Application Data\Deployment
2011-05-03 22:54 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-03 22:54 . 2011-05-03 22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-03 22:54 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 21:44 . 2011-05-03 21:44 -------- d-----w- c:\documents and settings\Erle\Application Data\Trend Micro
2011-05-03 21:44 . 2011-05-03 21:44 -------- d-----w- C:\temp
2011-05-03 18:37 . 2011-05-03 18:37 -------- d-sh--w- c:\documents and settings\Erle\IECompatCache
2011-05-03 18:26 . 2011-05-03 18:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trend Micro
2011-05-03 18:24 . 2011-05-03 18:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Trend Micro
2011-05-03 18:20 . 2011-05-10 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2011-05-02 03:07 . 2011-05-02 03:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-02 00:17 . 2011-05-02 00:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-04-24 05:13 . 2008-10-02 17:07 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-04-24 05:03 . 2011-04-24 05:03 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-24 05:03 . 2011-04-24 05:03 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-24 05:03 . 2011-04-24 05:04 -------- d-----w- c:\program files\NVIDIA Corporation
2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-09-09 20:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:21 . 2004-09-09 20:01 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-01 19:12 . 2008-12-02 15:18 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-02-23 15:27 . 2011-02-23 15:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 15:27 . 2011-02-23 15:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 15:27 . 2011-02-23 15:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 15:27 . 2011-02-23 15:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 15:27 . 2011-02-23 15:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 15:27 . 2011-02-23 15:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 15:27 . 2011-02-23 15:27 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 15:27 . 2011-02-23 15:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 15:27 . 2004-07-15 18:42 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-23 15:27 . 2004-07-15 18:42 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 15:27 . 2004-07-15 18:42 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-17 13:18 . 2004-09-09 20:01 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-09-09 20:01 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 18:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-09-09 20:01 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-04 07:56 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-04-14 16:26 . 2011-05-10 03:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-09 243072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-16 1818624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-01-09 180269]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-9-9 82026]
NkvMon.exe.lnk - c:\program files\Nikon\NkView5\NkvMon.exe [2004-9-9 233472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-03-01 19:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 MpKsl27c8d4f4;MpKsl27c8d4f4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D75114E-07F1-4072-AEB0-A280AAA04289}\MpKsl27c8d4f4.sys [5/11/2011 9:50 AM 28752]
R1 MpKsl5fc86b2b;MpKsl5fc86b2b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D75114E-07F1-4072-AEB0-A280AAA04289}\MpKsl5fc86b2b.sys [5/11/2011 9:42 AM 28752]
R1 MpKslcd3fc621;MpKslcd3fc621;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D75114E-07F1-4072-AEB0-A280AAA04289}\MpKslcd3fc621.sys [5/11/2011 6:37 AM 28752]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 12:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 12856]
S3 FUTUREX;FUTUREX;\??\c:\program files\AIDA32 - Enterprise System Information\aida32.sys --> c:\program files\AIDA32 - Enterprise System Information\aida32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KLMD25
*NewlyCreated* - MPKSL27C8D4F4
*Deregistered* - aswMBR
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003Core.job
- c:\documents and settings\Erle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-03 23:07]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003UA.job
- c:\documents and settings\Erle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-03 23:07]
.
2011-05-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
2011-05-11 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
2011-05-11 c:\windows\Tasks\User_Feed_Synchronization-{4A75A925-3F77-467D-A403-E7CB429A10A2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Trusted Zone: microsoft.com\windowsupdate
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://www.realquest.com/mapviewer/mapviewer.cab
FF - ProfilePath - c:\documents and settings\Erle\Application Data\Mozilla\Firefox\Profiles\gouu8tol.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 10:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-05-11 10:19:25
ComboFix-quarantined-files.txt 2011-05-11 17:19
.
Pre-Run: 401,206,849,536 bytes free
Post-Run: 401,292,587,008 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 49BF89648E37CD97281D044FCD58717E
  • 0

#6
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Fcopy::
c:\windows\ServicePackFiles\i386\explorer.exe|c:\windows\explorer.exe

File::

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#7
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
Ok eset is still running but so far...

ComboFix 11-05-11.01 - Erle 05/11/2011 17:02:52.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.597 [GMT -7:00]
Running from: c:\documents and settings\Erle\Desktop\ComboFix.exe
Command switches used :: f:\g2g\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))
.
.
2011-05-11 19:48 . 2011-05-11 19:48 -------- d-----w- c:\program files\Microsoft.NET
2011-05-11 19:44 . 2011-04-18 16:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-11 19:43 . 2011-04-18 16:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ACBDE6D-68D3-4C49-969C-B10A78BA52BA}\mpengine.dll
2011-05-11 18:15 . 2011-05-11 18:15 -------- d-----w- c:\windows\system32\winrm
2011-05-11 18:15 . 2011-05-11 18:15 -------- d-----w- c:\windows\system32\GroupPolicy
2011-05-11 18:15 . 2011-05-11 18:15 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-05-11 18:14 . 2005-02-18 23:40 45056 ------w- c:\windows\system32\KmRemove.exe
2011-05-11 18:14 . 2011-05-11 18:14 -------- d-----w- c:\program files\HP Wireless Keyboard
2011-05-10 16:29 . 2011-05-10 16:29 -------- d-----w- c:\documents and settings\Erle\Application Data\ElevatedDiagnostics
2011-05-10 16:16 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 16:10 . 2011-05-10 16:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-10 15:39 . 2011-05-10 15:39 -------- d-----w- c:\program files\Magical Jelly Bean
2011-05-10 04:52 . 2011-05-10 04:52 -------- d--h--w- c:\windows\msdownld.tmp
2011-05-10 04:47 . 2011-05-10 04:52 -------- dc-h--w- c:\windows\ie8
2011-05-10 04:23 . 2011-03-01 19:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-05-10 03:51 . 2011-05-10 03:51 -------- d-----w- c:\documents and settings\Erle\Local Settings\Application Data\Mozilla
2011-05-10 03:47 . 2011-05-10 03:47 -------- d-----w- c:\documents and settings\Erle\Local Settings\Application Data\LogMeIn
2011-05-10 03:47 . 2011-03-01 19:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-05-10 03:47 . 2010-09-17 22:40 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-05-10 03:47 . 2010-09-17 22:39 25248 ----a-w- c:\windows\system32\LMImirr.dll
2011-05-10 03:47 . 2010-09-17 22:39 11552 ----a-w- c:\windows\system32\LMImirr2.dll
2011-05-10 03:47 . 2010-09-17 22:39 10144 ----a-w- c:\windows\system32\drivers\LMImirr.sys
2011-05-05 03:34 . 2011-05-05 03:34 -------- d-----w- c:\documents and settings\Erle\Application Data\SUPERAntiSpyware.com
2011-05-04 03:03 . 2011-05-05 22:04 -------- d-----w- c:\documents and settings\LogMeInRemoteUser.PLANTXP
2011-05-03 23:15 . 2011-05-10 03:47 -------- d-----w- c:\program files\LogMeIn
2011-05-03 23:06 . 2011-05-10 03:43 -------- d-----w- c:\documents and settings\Erle\Local Settings\Application Data\Deployment
2011-05-03 22:54 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-03 22:54 . 2011-05-03 22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-03 22:54 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 21:44 . 2011-05-03 21:44 -------- d-----w- c:\documents and settings\Erle\Application Data\Trend Micro
2011-05-03 21:44 . 2011-05-03 21:44 -------- d-----w- C:\temp
2011-05-03 18:37 . 2011-05-03 18:37 -------- d-sh--w- c:\documents and settings\Erle\IECompatCache
2011-05-03 18:26 . 2011-05-03 18:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trend Micro
2011-05-03 18:24 . 2011-05-03 18:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Trend Micro
2011-05-03 18:20 . 2011-05-10 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2011-05-02 03:07 . 2011-05-02 03:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-02 00:17 . 2011-05-02 00:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-04-24 05:13 . 2008-10-02 17:07 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-04-24 05:03 . 2011-04-24 05:03 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-24 05:03 . 2011-04-24 05:03 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-24 05:03 . 2011-04-24 05:04 -------- d-----w- c:\program files\NVIDIA Corporation
2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-01 14:37 . 2004-12-16 21:36 48128 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2011-03-11 14:10 . 2004-09-09 20:01 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33 . 2004-09-09 20:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-09-09 20:01 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-09-09 20:01 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-01 19:12 . 2008-12-02 15:18 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-02-23 15:27 . 2011-02-23 15:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 15:27 . 2011-02-23 15:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 15:27 . 2011-02-23 15:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 15:27 . 2011-02-23 15:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 15:27 . 2011-02-23 15:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 15:27 . 2011-02-23 15:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 15:27 . 2011-02-23 15:27 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 15:27 . 2011-02-23 15:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 15:27 . 2004-07-15 18:42 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-23 15:27 . 2004-07-15 18:42 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 15:27 . 2004-07-15 18:42 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-22 23:06 . 2004-09-09 20:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2004-09-09 20:01 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-09-09 20:01 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 11:41 . 2004-12-16 03:14 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-09-09 20:01 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-09-09 20:01 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 18:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-09-09 20:01 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-04 07:56 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-04-14 16:26 . 2011-05-10 03:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_17.16.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-11 23:46 . 2011-05-11 23:46 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat
+ 2009-10-09 21:56 . 2009-10-09 21:56 14848 c:\windows\system32\wsmprovhost.exe
+ 2009-10-09 21:56 . 2009-10-09 21:56 12288 c:\windows\system32\wsmplpxy.dll
+ 2009-10-09 21:56 . 2009-10-09 21:56 12288 c:\windows\system32\winrssrv.dll
+ 2009-10-09 21:56 . 2009-10-09 21:56 22528 c:\windows\system32\winrshost.exe
+ 2009-10-09 23:22 . 2009-10-09 23:22 69632 c:\windows\system32\winrs.exe
+ 2009-10-09 21:56 . 2009-10-09 21:56 25088 c:\windows\system32\winrmprov.dll
+ 2011-05-10 16:27 . 2009-10-09 21:56 24064 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
- 2004-07-23 00:28 . 2006-10-27 16:26 69632 c:\windows\system32\vuins32.dll
+ 2004-07-23 00:28 . 2006-10-27 15:26 69632 c:\windows\system32\vuins32.dll
+ 2011-05-11 19:43 . 2006-10-27 16:26 69632 c:\windows\system32\ReinstallBackups\0005\DriverFiles\vuins32.dll
+ 2011-05-11 19:43 . 2008-09-22 11:41 43520 c:\windows\system32\ReinstallBackups\0005\DriverFiles\fetnd5bv.sys
+ 2011-05-11 18:14 . 2008-04-13 18:39 14592 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\kbdhid.sys
+ 2011-05-11 18:14 . 2008-04-13 18:39 24576 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\kbdclass.sys
+ 2009-10-09 23:22 . 2009-10-09 23:22 42496 c:\windows\system32\pwrshplugin.dll
+ 2003-03-31 12:00 . 2011-05-11 23:50 79736 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2009-10-08 21:56 20480 c:\windows\system32\oleaccrc.dll
- 2004-09-09 20:01 . 2009-03-08 11:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-09-09 20:01 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2006-11-08 05:03 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 05:03 . 2009-03-08 11:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-09-09 20:01 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
- 2004-09-09 20:01 . 2009-03-08 11:33 25600 c:\windows\system32\jsproxy.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 70472 c:\windows\system32\dxva2.dll
- 2002-01-01 07:01 . 2008-04-13 18:39 14592 c:\windows\system32\drivers\kbdhid.sys
+ 2002-01-01 07:01 . 2008-04-13 17:39 14592 c:\windows\system32\drivers\kbdhid.sys
+ 2004-09-09 20:01 . 2008-04-13 17:39 24576 c:\windows\system32\drivers\kbdclass.sys
- 2004-09-09 20:01 . 2008-04-13 18:39 24576 c:\windows\system32\drivers\kbdclass.sys
+ 2003-03-31 12:00 . 2009-10-08 21:56 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2006-05-10 05:25 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:25 . 2009-03-08 11:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 14:43 . 2009-03-08 11:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 14:43 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-09-09 20:01 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2002-01-01 07:01 . 2008-04-13 18:39 14592 c:\windows\system32\dllcache\kbdhid.sys
+ 2002-01-01 07:01 . 2008-04-13 17:39 14592 c:\windows\system32\dllcache\kbdhid.sys
+ 2004-09-09 20:01 . 2008-04-13 17:39 24576 c:\windows\system32\dllcache\kbdclass.sys
+ 2006-05-10 05:25 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:25 . 2009-03-08 11:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2011-02-10 11:10 . 2011-02-10 11:10 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-05-11 18:19 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2510531-IE8\spmsg.dll
+ 2011-05-11 18:19 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2510531-IE8\spcustom.dll
+ 2011-05-11 18:18 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-05-11 18:18 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2497640-IE8\spmsg.dll
+ 2011-05-11 18:18 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2497640-IE8\spcustom.dll
+ 2011-05-11 18:18 . 2009-03-08 11:31 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-05-11 18:18 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-05-11 18:18 . 2009-03-08 11:34 43008 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-05-11 18:18 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9824b202ffe88c945577effdc7fc8fc3\UIAutomationProvider.ni.dll
+ 2011-05-11 20:34 . 2011-05-11 20:34 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\6474ae2cebac637025eab3cbcdc9ffe6\System.Windows.Presentation.ni.dll
+ 2011-05-11 20:33 . 2011-05-11 20:33 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\50cbf014f60fa88f67a763dfbead1fee\System.Web.ApplicationServices.ni.dll
+ 2011-05-11 20:33 . 2011-05-11 20:33 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f472171edc898ea876f14b97b4f332b8\System.ServiceModel.Channels.ni.dll
+ 2011-05-11 20:26 . 2011-05-11 20:26 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\473102f936b4a823e5e2b2e6282c5104\System.AddIn.Contract.ni.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\1a21a54acf18fabfddb0b94d40e509a1\Microsoft.VisualC.ni.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\7600f9d2a3bc01ba15674667283c2e53\Accessibility.ni.dll
+ 2011-05-11 18:17 . 2011-05-11 18:17 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\d3184c93213fa6a13593dd95c68ba607\Microsoft.WSMan.Runtime.ni.dll
+ 2011-05-11 18:16 . 2011-05-11 18:16 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\cb10e8baec74ef36db1c6d53018d1ef4\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.resources.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.resources.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.resources.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
+ 2011-05-11 18:15 . 2007-11-01 04:48 20992 c:\windows\$968930Uinstall_KB968930$\pwrshsip.dll
+ 2009-10-09 21:57 . 2009-10-09 21:57 20480 c:\windows\$968930Uinstall_KB968930$\PSCustomSetupUtil.exe
+ 2011-05-11 18:15 . 2011-05-10 16:28 65536 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.security.dll
+ 2004-09-09 20:02 . 2008-04-14 12:00 6656 c:\windows\system32\wuauserv.dll
- 2004-09-09 20:02 . 2008-04-14 00:12 6656 c:\windows\system32\wuauserv.dll
+ 2009-10-09 21:56 . 2009-10-09 21:56 2048 c:\windows\system32\winrsmgr.dll
+ 2011-05-10 16:27 . 2009-10-09 23:23 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
- 2011-05-10 16:27 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2009-10-09 23:23 . 2009-10-09 23:23 4096 c:\windows\system32\windowspowershell\v1.0\powershell_ise.resources.dll
+ 2003-12-04 20:47 . 2003-12-04 20:47 6060 c:\windows\system32\SetupKey.exe
+ 2004-09-09 20:02 . 2008-04-14 12:00 6656 c:\windows\system32\dllcache\wuauserv.dll
+ 2010-02-17 04:43 . 2010-10-18 11:10 7680 c:\windows\system32\dllcache\iecompat.dll
+ 2005-04-06 17:47 . 2005-04-06 17:47 4504 c:\windows\system32\Coinstal.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2011-05-11 18:18 . 2009-03-08 11:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\1a4701c5a061d081b78353bd04349c3e\dfsvc.ni.exe
+ 2011-05-11 18:15 . 2011-05-11 18:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
+ 2011-05-11 18:15 . 2007-06-30 18:49 4608 c:\windows\$968930Uinstall_KB968930$\pwrshmsg.dll
+ 2009-10-09 21:56 . 2009-10-09 21:56 9216 c:\windows\$968930Uinstall_KB968930$\PSSetupNativeUtils.exe
+ 2011-05-11 20:05 . 2011-05-11 20:05 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2004-08-03 20:59 . 2009-08-07 02:23 209624 c:\windows\system32\wuweb.dll
+ 2004-08-03 21:03 . 2008-04-14 12:00 183296 c:\windows\system32\wuaueng1.dll
+ 2004-08-03 21:01 . 2008-04-14 12:00 165888 c:\windows\system32\wuauclt1.exe
+ 2009-10-09 21:56 . 2009-10-09 21:56 209408 c:\windows\system32\WsmWmiPl.dll
+ 2009-10-09 23:22 . 2009-10-09 23:22 368640 c:\windows\system32\WsmRes.dll
+ 2009-10-09 21:56 . 2009-10-09 21:56 139776 c:\windows\system32\WsmAuto.dll
+ 2009-10-09 21:56 . 2009-10-09 21:56 225280 c:\windows\system32\wsmanhttpconfig.exe
+ 2009-10-09 21:56 . 2009-10-09 21:56 233984 c:\windows\system32\winrscmd.dll
+ 2009-08-01 06:27 . 2009-08-01 06:27 201184 c:\windows\system32\winrm.vbs
+ 2009-10-09 23:23 . 2009-10-09 23:23 148480 c:\windows\system32\windowspowershell\v1.0\pspluginwkr.dll
+ 2009-10-09 21:57 . 2009-10-09 21:57 204800 c:\windows\system32\windowspowershell\v1.0\powershell_ise.exe
+ 2011-05-10 16:27 . 2009-10-09 21:56 448000 c:\windows\system32\windowspowershell\v1.0\powershell.exe
+ 2009-10-09 21:57 . 2009-10-09 21:57 112640 c:\windows\system32\windowspowershell\v1.0\Modules\BitsTransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
+ 2009-07-16 17:22 . 2009-07-16 17:22 126976 c:\windows\system32\windowspowershell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2009-10-09 23:23 . 2009-10-09 23:23 178176 c:\windows\system32\wevtfwd.dll
+ 2007-10-09 21:03 . 2009-10-08 21:57 611328 c:\windows\system32\uiautomationcore.dll
+ 2011-05-11 19:43 . 2006-11-02 07:21 319456 c:\windows\system32\ReinstallBackups\0005\DriverFiles\difxapi.dll
+ 2003-03-31 12:00 . 2011-05-11 23:50 481662 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2009-10-08 21:57 220160 c:\windows\system32\oleacc.dll
+ 2004-09-09 20:01 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 771424 c:\windows\system32\msvcr100_clr0400.dll
- 2004-09-09 20:01 . 2009-03-08 11:32 611840 c:\windows\system32\mstime.dll
+ 2004-09-09 20:01 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
+ 2006-11-08 05:03 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
+ 2009-09-24 07:30 . 2009-09-24 07:30 156488 c:\windows\system32\mscorier.dll
+ 2004-09-09 20:01 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
- 2004-09-09 20:01 . 2009-03-08 11:33 726528 c:\windows\system32\jscript.dll
+ 2004-09-09 20:01 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2004-09-09 20:01 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2004-09-09 20:01 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 486216 c:\windows\system32\evr.dll
+ 2004-08-03 20:59 . 2009-08-07 02:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-03 21:03 . 2008-04-14 12:00 183296 c:\windows\system32\dllcache\wuaueng1.dll
+ 2004-08-03 21:01 . 2008-04-14 12:00 165888 c:\windows\system32\dllcache\wuauclt1.exe
+ 2006-05-10 05:25 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2003-03-31 12:00 . 2009-10-08 21:57 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2006-10-17 20:04 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:25 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:25 . 2009-03-08 11:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 14:43 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 11:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-05-10 05:25 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-07 11:27 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 11:26 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2010-01-12 19:27 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2010-01-12 19:27 . 2011-03-11 14:10 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2005-11-17 14:46 . 2006-11-02 06:21 319456 c:\windows\system32\difxapi.dll
- 2005-11-17 14:46 . 2006-11-02 07:21 319456 c:\windows\system32\difxapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 915800 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
+ 2010-03-18 07:51 . 2010-03-18 07:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
+ 2011-02-10 11:10 . 2011-02-10 11:10 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2011-02-10 11:10 . 2011-02-10 11:10 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
+ 2011-02-10 11:10 . 2011-02-10 11:10 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-05-11 20:05 . 2011-05-11 20:06 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 17:09 . 2010-03-18 17:09 158048 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\UIAutomationCore_x86.dll
+ 2011-05-11 18:19 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-05-11 18:19 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\updspapi.dll
+ 2011-05-11 18:19 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2510531-IE8\update.exe
+ 2011-05-11 18:19 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-05-11 18:19 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-05-11 18:19 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst.exe
+ 2011-05-11 18:19 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-05-11 18:18 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-05-11 18:18 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\updspapi.dll
+ 2011-05-11 18:18 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2497640-IE8\update.exe
+ 2011-05-11 18:19 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-05-11 18:19 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-05-11 18:18 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst.exe
+ 2011-05-11 18:18 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-05-11 18:18 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-05-11 18:18 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-05-11 18:18 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-05-11 18:18 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-05-11 18:18 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-05-11 18:18 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-05-11 18:18 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2011-05-11 18:18 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
+ 2011-05-11 18:18 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
+ 2011-05-11 20:34 . 2011-05-11 20:34 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\c854ff737035c79fdf1b56b95e28fdbc\WindowsFormsIntegration.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c085fc0d222fb39afe14cc8e5eb32eee\UIAutomationTypes.ni.dll
+ 2011-05-11 20:34 . 2011-05-11 20:34 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\974f99cb0c5b67484ce5a3fd1fc5e7dd\UIAutomationClient.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6d7c87b19bf40f2bc57ec4429b628c9a\System.Xml.Linq.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\21eb4743be4fdd8df5f0a9cd0dd52f5d\System.Windows.Input.Manipulations.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1fac5b5769af4e4dd0aa3f09d9834734\System.Transactions.ni.dll
+ 2011-05-11 20:33 . 2011-05-11 20:33 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\4e5c6a1e261c43961b19f4712359234f\System.ServiceProcess.ni.dll
+ 2011-05-11 20:33 . 2011-05-11 20:33 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9fc58e83505ef6bf05a4529665c7737d\System.ServiceModel.Routing.ni.dll
+ 2011-05-11 20:11 . 2011-05-11 20:11 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\df00a90a0ca189eb49b071dfd9530347\System.Security.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7de8fccb064fff0d219e8594a014b600\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 758784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\30b7ffac8d9d7ba0364dd19c158fe291\System.Runtime.Remoting.ni.dll
+ 2011-05-11 20:11 . 2011-05-11 20:11 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\f2304201110addb8170997ff442e87fc\System.Numerics.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56158e581a3dfce8f930fe7388cfe156\System.Net.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\8b3e59239912537657fc7f9c6b88dd8a\System.Messaging.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\117067671949b80852b0a7c112888b7b\System.Management.Instrumentation.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\a483116d4df8444911c9d47fd99b8b95\System.IO.Log.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3891b868ee83ca630686d547c328da31\System.IdentityModel.Selectors.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.Wrapper.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.ni.dll
+ 2011-05-11 20:10 . 2011-05-11 20:10 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\f9b335b9f86afcae5a54949288010a0f\System.Dynamic.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8a7ceaec74327e2be758e7291b8a5849\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\698dd101afeceb8ffc4a435b9be82038\System.DirectoryServices.Protocols.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\65b4592d5d04a0c5b6f102f8d1e065e8\System.Device.ni.dll
+ 2011-05-11 20:26 . 2011-05-11 20:26 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ee0a48c4f9340f1002baa71004a14932\System.Data.DataSetExtensions.ni.dll
+ 2011-05-11 20:10 . 2011-05-11 20:10 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7f7d2aa985906327e256d05472bdeb3\System.Configuration.ni.dll
+ 2011-05-11 20:26 . 2011-05-11 20:26 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\9a074aee02c2c27bd8a64bd39bb0f954\System.Configuration.Install.ni.dll
+ 2011-05-11 20:26 . 2011-05-11 20:26 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\f02a6c23986ba9eee3699717437b0f94\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-05-11 20:10 . 2011-05-11 20:10 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\50925baa7781cd6b13b345750b78cac2\System.ComponentModel.Composition.ni.dll
+ 2011-05-11 20:26 . 2011-05-11 20:26 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\d5de48c1c29a8498c89ed5da48e40690\System.AddIn.ni.dll
+ 2011-05-11 20:26 . 2011-05-11 20:26 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\d60de251f6401ab42fe195f6bf25ca73\System.Activities.DurableInstancing.ni.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\d42aded7e797fe07a002cec27071b509\SMSvcHost.ni.exe
+ 2011-05-11 20:25 . 2011-05-11 20:25 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\22f477b2dad8700e564daead57f5b825\SMDiagnostics.ni.dll
+ 2011-05-11 20:11 . 2011-05-11 20:11 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea81a1bfc0d3e8840be37dffb83fc12e\PresentationFramework.Luna.ni.dll
+ 2011-05-11 20:10 . 2011-05-11 20:10 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4498a63f9913a5d47d26de0da220fdc\PresentationFramework.Royale.ni.dll
+ 2011-05-11 20:11 . 2011-05-11 20:11 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\debfd1ead83df514b9a663bf3601669f\PresentationFramework.Classic.ni.dll
+ 2011-05-11 20:10 . 2011-05-11 20:10 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bc6292c4e40c4bf27d35ec5a8065893f\PresentationFramework.Aero.ni.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e6c8530bfd8c9a39e07a5401b3acba04\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\a78fa250714cf42472bc22d0b7ea14e5\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e665571fbfd43f6f3f715b715dd01f14\CustomMarshalers.ni.dll
+ 2011-05-11 18:17 . 2011-05-11 18:17 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\01ed65e1ba8b56ae8d5deef7cc5e988b\Microsoft.WSMan.Management.ni.dll
+ 2011-05-11 18:17 . 2011-05-11 18:17 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bd7921272bb48a6a80e18dd0521a2c56\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-05-11 18:16 . 2011-05-11 18:16 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\847363271bf83e3ed1d1b2809c9989fe\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-05-11 18:16 . 2011-05-11 18:16 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6d8097e41d8accbd67573c95526d0d08\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-05-11 18:17 . 2011-05-11 18:17 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1d799a510fa7cf10c5e3963a66bf5a4f\Microsoft.PowerShell.Security.ni.dll
+ 2011-05-11 18:16 . 2011-05-11 18:16 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1d47db5f44fe4d7cd1a462c2a07cb885\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 253952 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 274432 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 278528 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 651264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 991232 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
- 2011-05-10 16:28 . 2011-05-10 16:28 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 618496 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 262144 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 102400 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
+ 2011-05-11 18:15 . 2009-06-18 01:59 379184 c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
+ 2011-05-11 18:15 . 2009-06-18 01:59 221488 c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
+ 2011-05-11 18:15 . 2007-10-30 09:15 330240 c:\windows\$968930Uinstall_KB968930$\powershell.exe
+ 2011-05-11 18:15 . 2011-05-10 16:28 200704 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.consolehost.dll
+ 2011-05-11 18:15 . 2011-05-10 16:28 294912 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.commands.utility.dll
+ 2011-05-11 18:15 . 2011-05-10 16:28 139264 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.commands.management.dll
+ 2009-10-09 23:23 . 2009-10-09 23:23 1107456 c:\windows\system32\WsmSvc.dll
+ 2004-09-09 20:01 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll
+ 2004-09-09 20:01 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll
+ 2006-10-17 19:57 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2006-05-10 05:25 . 2011-02-22 23:06 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-19 15:06 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 14:43 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2004-09-09 20:01 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\explorer.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
+ 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
+ 2011-02-10 11:10 . 2011-02-10 11:10 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-02-10 11:10 . 2011-02-10 11:10 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
+ 2011-02-10 11:10 . 2011-02-10 11:10 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-05-11 20:06 . 2011-05-11 20:06 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-05-11 20:05 . 2011-05-11 20:05 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-05-11 19:51 . 2011-05-11 19:51 1160192 c:\windows\Installer\47d25b.msi
+ 2011-05-11 18:18 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-05-11 18:18 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-05-11 18:18 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-05-11 20:07 . 2011-05-11 20:07 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8d8cf1d60737d945a526fb11577d4b8a\WindowsBase.ni.dll
+ 2011-05-11 20:34 . 2011-05-11 20:34 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\28121866e3d6d8b0dc72d9e250b0af1c\UIAutomationClientsideProviders.ni.dll
+ 2011-05-11 20:07 . 2011-05-11 20:07 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\7abfd34ae39103ceccdfb8b262ed6a97\System.ni.dll
+ 2011-05-11 20:11 . 2011-05-11 20:11 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\eb45dda4b68ae7f29995c3a3d909fbe7\System.Xml.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\738a078bc59722d6b06b5ae5e99569f9\System.Xaml.ni.dll
+ 2011-05-11 20:33 . 2011-05-11 20:33 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\eec21f9b08bbed54d9e36038badaf289\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-05-11 20:33 . 2011-05-11 20:33 1828352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\46f59c5b9fee41849705f2b5f1102d66\System.Web.Services.ni.dll
+ 2011-05-11 20:33 . 2011-05-11 20:33 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\01a3b3bf7fadd971e17400c8502ec886\System.Speech.ni.dll
+ 2011-05-11 20:33 . 2011-05-11 20:33 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6856341eadab4c3ace0e39182649bba2\System.ServiceModel.Discovery.ni.dll
+ 2011-05-11 20:33 . 2011-05-11 20:33 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4048a5620b0fa66a7414cff30155d30c\System.ServiceModel.Activities.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\c46375bba06671d2a9369e630752987a\System.Runtime.Serialization.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\6b6309a2e7f384bac4ccbdf1eca34c30\System.Runtime.DurableInstancing.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\24f97354b0a95ef77b2db8de9e7374fe\System.Printing.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\05a0937d76f565aa728348fc24f6c2eb\System.Management.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1f045fc92d6402b27f6b9fb9291d44c3\System.IdentityModel.ni.dll
+ 2011-05-11 20:09 . 2011-05-11 20:09 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\526f0a9717cbd8a50d09a10b5ce81c0d\System.Drawing.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6dc0ed081400ec315f895bdc7fd016c4\System.DirectoryServices.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2a2a921350a9651e9bd681197edeb88d\System.Deployment.ni.dll
+ 2011-05-11 20:11 . 2011-05-11 20:11 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\adc8f2f7dff3233f2d72bcef8e58226a\System.Data.ni.dll
+ 2011-05-11 20:11 . 2011-05-11 20:11 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\c25dda9b477a33f9f235292114bb535c\System.Data.SqlXml.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\aa778d274523b93d389e581e58698918\System.Data.Services.Client.ni.dll
+ 2011-05-11 20:09 . 2011-05-11 20:09 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8e0d083a7ad85b579d176e3594b5f3b8\System.Data.Linq.ni.dll
+ 2011-05-11 20:09 . 2011-05-11 20:09 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\69b1f8a15cdfb26e30c8761fa4f96940\System.Core.ni.dll
+ 2011-05-11 20:26 . 2011-05-11 20:26 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\ec488a50a47246a625159744ad8e0931\System.Activities.ni.dll
+ 2011-05-11 20:26 . 2011-05-11 20:26 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\00fb4f96c610880aeee34d8670347a6d\System.Activities.Presentation.ni.dll
+ 2011-05-11 20:26 . 2011-05-11 20:26 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\a965a0f825fb91ce7cf78d99263968b4\System.Activities.Core.Presentation.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\3f04b2ab8961aceac03f8ae2ccabe947\ReachFramework.ni.dll
+ 2011-05-11 20:25 . 2011-05-11 20:25 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3aebfb1497141c9466ee8ce68a3bf805\PresentationUI.ni.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ff572ca3a119cd72903df8c6ed667b62\Microsoft.VisualBasic.ni.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 1134080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c9bbe042f095b833c13bf65d50aa54b6\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\320f1578082f1de1f8562ce92c0c2dab\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-05-11 20:24 . 2011-05-11 20:24 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ac03be8a96bd10965da87208d81eb07d\Microsoft.Transactions.Bridge.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\d4572ad085979b16261058f1433e73e9\Microsoft.JScript.ni.dll
+ 2011-05-11 20:11 . 2011-05-11 20:11 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\32454400da56267e19961852345d7a62\Microsoft.CSharp.ni.dll
+ 2011-05-11 18:17 . 2011-05-11 18:17 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4712e2b0eeef07ede187c12268070629\System.Management.Automation.ni.dll
+ 2011-05-11 18:17 . 2011-05-11 18:17 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f4b983358dae94854ef161a5a0aaa1cf\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-05-11 18:16 . 2011-05-11 18:16 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\733ac210fc218c3f0f04616d2733524d\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-05-11 18:17 . 2011-05-11 18:17 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\54633bac86442417dcbcd2d0a7f41e04\Microsoft.PowerShell.Editor.ni.dll
+ 2011-05-11 18:15 . 2011-05-11 18:15 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
+ 2011-05-11 18:15 . 2011-05-10 16:28 1564672 c:\windows\$968930Uinstall_KB968930$\system.management.automation.dll
+ 2005-05-11 14:19 . 2011-05-11 18:20 42829768 c:\windows\system32\MRT.exe
+ 2006-11-08 05:03 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll
+ 2007-05-09 14:43 . 2011-02-22 23:06 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-11 15:43 . 2011-02-11 15:43 10951168 c:\windows\Installer\563300.msp
+ 2011-05-11 18:18 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-05-11 20:10 . 2011-05-11 20:10 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\85b61e27d3c08c0c8ff19deb75912e1d\System.Windows.Forms.ni.dll
+ 2011-05-11 20:32 . 2011-05-11 20:33 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8964b15d32028ef9dfe776216af8524d\System.ServiceModel.ni.dll
+ 2011-05-11 20:30 . 2011-05-11 20:30 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\38409bc0ee7cdb9fbc981fefea83ab23\System.Data.Entity.ni.dll
+ 2011-05-11 20:09 . 2011-05-11 20:09 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f1e3e74b135fcd61fa30090a2c2596a6\PresentationFramework.ni.dll
+ 2011-05-11 20:08 . 2011-05-11 20:08 11058176 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3fe193ac81b9eafd76aafeec99bdbf6a\PresentationCore.ni.dll
+ 2011-05-11 20:07 . 2011-05-11 20:07 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\eb4e1e70734f6efb9c7de7ec5f452c9e\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-09 243072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-16 1818624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-01-09 180269]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-02-21 245760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-9-9 82026]
NkvMon.exe.lnk - c:\program files\Nikon\NkView5\NkvMon.exe [2004-9-9 233472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-03-01 19:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 12:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 12856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 FUTUREX;FUTUREX;\??\c:\program files\AIDA32 - Enterprise System Information\aida32.sys --> c:\program files\AIDA32 - Enterprise System Information\aida32.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/9/2004 1:01 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003Core.job
- c:\documents and settings\Erle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-03 23:07]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003UA.job
- c:\documents and settings\Erle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-03 23:07]
.
2011-05-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
2011-05-11 c:\windows\Tasks\User_Feed_Synchronization-{4A75A925-3F77-467D-A403-E7CB429A10A2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Trusted Zone: microsoft.com\windowsupdate
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://www.realquest.com/mapviewer/mapviewer.cab
FF - ProfilePath - c:\documents and settings\Erle\Application Data\Mozilla\Firefox\Profiles\gouu8tol.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 17:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-11 17:15:19
ComboFix-quarantined-files.txt 2011-05-12 00:15
ComboFix2.txt 2011-05-11 23:55
ComboFix3.txt 2011-05-11 17:19
.
Pre-Run: 399,961,694,208 bytes free
Post-Run: 399,941,451,776 bytes free
.
- - End Of File - - 1DB0E2423CAC9AB38B788F90B8DE7EF5
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6558

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/11/2011 5:22:42 PM
mbam-log-2011-05-11 (17-22-42).txt

Scan type: Quick scan
Objects scanned: 232735
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I will send eset as soon as it is finished scanning

Thank You
  • 0

#8
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
:)

The main infection is gone. Well let ESET take care what we cant see then we'll just perform minor cleanup of leftovers.

Keep me posted.
  • 0

#9
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
Ok here is the eset.

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=14007afa1624e549b20940fbac44323b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-12 02:42:52
# local_time=2011-05-11 07:42:52 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 87 0 16257509 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=217315
# found=4
# cleaned=4
# scan_time=8326
C:\OldHD\Documents and Settings\Windows User\Local Settings\Temp\newayb.exe probably a variant of Win32/TrojanDownloader.Swizzor trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\OldHD\Program Files\Common Files\BTLINK\btlink.dll a variant of Win32/Adware.Wintol.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{61931A6A-EDD8-4A2F-97D5-E7F7574C7CCD}\RP2580\A0176702.exe probably a variant of Win32/TrojanDownloader.Swizzor trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{61931A6A-EDD8-4A2F-97D5-E7F7574C7CCD}\RP2580\A0176703.dll a variant of Win32/Adware.Wintol.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Are we clean?
What additional cleanup should we do?
What is the range of donations people make for your excellent service?
Thank you.
  • 0

#10
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Excellent.

How is the computer running?

Lets take a look at an OTL log for a bit of fine tuning. :unsure:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Standard Output at the top
  • Under the Extra Registry sectionm ensure that Safelist is selected
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

What is the range of donations people make for your excellent service?


From a cup of coffee to a dinner, but any would be very much appreciated when it comes from the heart. :)
  • 0

#11
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
OTL logfile created on: 5/12/2011 6:44:24 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Erle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 202.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 377.44 Gb Free Space | 81.04% Space Free | Partition Type: NTFS

Computer Name: PLANTXP | User Name: Erle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 06:41:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erle\Desktop\OTL.exe
PRC - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/09 10:52:36 | 000,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/02/21 13:53:24 | 000,245,760 | ---- | M] (BTC) -- C:\Program Files\HP Wireless Keyboard\Kmaestro.exe
PRC - [2005/01/09 11:43:52 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2002/10/15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
PRC - [2002/07/23 11:02:28 | 000,233,472 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView5\NkvMon.exe
PRC - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 11:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/10/11 17:35:02 | 000,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 06:41:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erle\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/06/03 10:47:06 | 000,138,216 | ---- | M] (Babylon Ltd.) -- C:\Program Files\IncrediMail\bin\B4ImApp.dll
MOD - [2008/04/13 17:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2004/06/15 15:32:12 | 000,018,476 | ---- | M] (BTC) -- C:\Program Files\HP Wireless Keyboard\HidKeybd.dll
MOD - [2001/10/08 10:17:36 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/05/12 05:58:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D375C359-925B-40C0-A7ED-F6C83FB4AFB3}\MpKsl7e152648.sys -- (MpKsl7e152648)
DRV - [2011/05/11 20:06:30 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01EAB0A3-E700-4D89-85D4-7CD83E5D98FD}\MpKslea22d5b6.sys -- (MpKslea22d5b6)
DRV - [2011/03/01 12:12:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/05/15 14:57:22 | 000,037,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-854245398-1580436667-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-854245398-1580436667-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-854245398-1580436667-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-854245398-1580436667-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-854245398-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 20:51:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/09 20:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erle\Application Data\Mozilla\Extensions
[2011/05/09 20:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2008/12/01 22:17:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 20:50:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/11 16:50:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-854245398-1580436667-682003330-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-854245398-1580436667-682003330-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP Wireless Keyboard\KMaestro.exe (BTC)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-854245398-1580436667-682003330-1003..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1580436667-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1580436667-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-1580436667-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1580436667-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-854245398-1580436667-682003330-1003\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1305137389250 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://www.realquest...r/mapviewer.cab (First American Res MapActiveX Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.192.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Erle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/09 11:43:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{8ADB2D55-EC58-4962-BB75-5F6D1E5C0F01} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 06:41:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erle\Desktop\OTL.exe
[2011/05/11 17:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/11 12:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/11 11:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/11 11:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/05/11 11:15:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/11 11:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP Wireless Keyboard
[2011/05/11 11:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\HP Wireless Keyboard
[2011/05/11 10:06:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/11 10:00:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/11 10:00:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/11 10:00:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/11 10:00:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/11 10:00:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/11 09:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/11 09:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Desktop\tdsskiller
[2011/05/11 08:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Desktop\RK_Quarantine
[2011/05/11 08:24:34 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Erle\Desktop\aswMBR.exe
[2011/05/10 09:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Application Data\ElevatedDiagnostics
[2011/05/10 09:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/05/10 09:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/05/10 09:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/10 08:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2011/05/10 08:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
[2011/05/09 21:47:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/09 21:23:48 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/05/09 20:59:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Erle\Recent
[2011/05/09 20:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Local Settings\Application Data\Mozilla
[2011/05/09 20:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Application Data\Mozilla
[2011/05/09 20:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/09 20:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Local Settings\Application Data\LogMeIn
[2011/05/09 20:47:34 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/05/09 20:47:34 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/05/09 20:47:34 | 000,025,248 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMImirr.dll
[2011/05/09 20:47:34 | 000,011,552 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMImirr2.dll
[2011/05/04 20:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Application Data\SUPERAntiSpyware.com
[2011/05/04 20:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/03 16:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/05/03 16:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\My Documents\Downloads
[2011/05/03 16:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Start Menu\Programs\Google Chrome
[2011/05/03 16:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Local Settings\Application Data\Deployment
[2011/05/03 15:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/03 15:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/03 15:54:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/03 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/03 14:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erle\Application Data\Trend Micro
[2011/05/03 14:44:00 | 000,000,000 | ---D | C] -- C:\temp
[2011/05/03 11:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2011/05/03 11:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/05/03 11:37:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Erle\IECompatCache
[2011/05/03 11:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Trend Micro
[2011/05/03 11:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Trend Micro
[2011/05/03 11:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2011/05/01 23:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/05/01 20:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/01 20:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/01 18:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/01 18:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/01 17:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/05/01 17:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/05/01 12:48:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/30 18:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/30 18:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/23 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Erle\My Documents\*.tmp files -> C:\Documents and Settings\Erle\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 06:41:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erle\Desktop\OTL.exe
[2011/05/12 06:12:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003UA.job
[2011/05/12 01:25:37 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A75A925-3F77-467D-A403-E7CB429A10A2}.job
[2011/05/11 22:24:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/11 20:01:43 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 20:01:19 | 000,481,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/11 20:01:19 | 000,079,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/11 19:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 16:50:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/11 16:30:12 | 004,346,086 | R--- | M] () -- C:\Documents and Settings\Erle\Desktop\ComboFix.exe
[2011/05/11 11:35:59 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Erle\Desktop\New Compressed (zipped) Folder.zip
[2011/05/11 11:19:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/11 10:06:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/11 09:34:04 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\Erle\Desktop\tdsskiller.zip
[2011/05/11 08:20:05 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Erle\Desktop\aswMBR.exe
[2011/05/11 08:19:42 | 000,551,424 | ---- | M] () -- C:\Documents and Settings\Erle\Desktop\RogueKiller.exe
[2011/05/10 09:12:21 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/10 08:39:28 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\KeyFinder.lnk
[2011/05/10 08:39:27 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
[2011/05/10 08:29:48 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/10 07:38:30 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/09 20:55:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/09 20:51:24 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/09 20:51:23 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/09 20:47:31 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/05/09 15:07:27 | 000,000,070 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2011/05/06 18:13:23 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Erle\Desktop\Google Chrome.lnk
[2011/05/06 18:13:23 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/06 16:12:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003Core.job
[2011/05/06 14:40:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 05:25:25 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/04 20:33:45 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/03 15:54:54 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/03 15:54:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/03 11:56:15 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/05/03 11:53:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/03 11:43:17 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/29 21:54:13 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Erle\Desktop\Microsoft Word.lnk
[2011/04/23 22:03:55 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/23 22:03:55 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/23 22:03:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/04/23 10:53:04 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Erle\My Documents\*.tmp files -> C:\Documents and Settings\Erle\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 11:35:59 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Erle\Desktop\New Compressed (zipped) Folder.zip
[2011/05/11 11:14:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\KmRemove.exe
[2011/05/11 11:12:54 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/11 10:06:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/11 10:06:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/11 10:00:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/11 10:00:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/11 10:00:07 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/11 10:00:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/11 10:00:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/11 09:56:39 | 004,346,086 | R--- | C] () -- C:\Documents and Settings\Erle\Desktop\ComboFix.exe
[2011/05/11 09:56:36 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\Erle\Desktop\tdsskiller.zip
[2011/05/11 08:24:29 | 000,551,424 | ---- | C] () -- C:\Documents and Settings\Erle\Desktop\RogueKiller.exe
[2011/05/10 09:16:30 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/10 09:12:21 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/10 09:11:14 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/10 08:39:28 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\KeyFinder.lnk
[2011/05/10 08:39:27 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
[2011/05/09 21:52:07 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/09 20:55:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/09 20:51:23 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/09 20:51:23 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/09 20:51:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/09 20:47:11 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/05/04 20:33:45 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/03 16:09:31 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Erle\Desktop\Google Chrome.lnk
[2011/05/03 16:09:31 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/03 16:07:44 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003UA.job
[2011/05/03 16:07:43 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003Core.job
[2011/05/03 15:54:54 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Erle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/03 15:54:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/03 11:56:15 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/05/03 11:53:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/03 11:41:23 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/03 11:41:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/03 11:13:11 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A75A925-3F77-467D-A403-E7CB429A10A2}.job
[2011/05/02 19:02:45 | 000,011,186 | -HS- | C] () -- C:\Documents and Settings\Erle\Local Settings\Application Data\0o7l0g3c1o417th51a72l7ia164x0qlgr83h0
[2011/05/02 19:02:45 | 000,011,186 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0o7l0g3c1o417th51a72l7ia164x0qlgr83h0
[2011/04/30 21:31:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/23 22:03:55 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/23 22:03:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/23 22:03:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/02/23 08:27:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/12 23:51:58 | 000,087,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/26 22:22:52 | 000,026,876 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/03 19:59:12 | 000,000,268 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2009/02/25 23:11:52 | 000,046,456 | R--- | C] () -- C:\WINDOWS\System32\exitwx.exe
[2008/10/11 13:46:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/19 11:48:25 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2006/12/15 20:35:52 | 000,001,270 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/05/03 14:30:52 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2006/03/16 19:08:16 | 000,001,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/10 20:58:03 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/01/10 20:56:29 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Erle\Local Settings\Application Data\fusioncache.dat
[2006/01/10 20:56:14 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2006/01/10 20:56:14 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2006/01/10 20:56:14 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2006/01/10 20:56:14 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2006/01/10 20:55:09 | 000,001,056 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2005/12/15 10:31:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ONLINE.INI
[2005/11/23 19:18:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL
[2005/11/15 10:59:55 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/10/07 12:26:15 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Erle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/26 17:25:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/06/19 20:26:12 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\vskt7.ini
[2004/12/15 20:14:15 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/12/15 20:14:15 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/12/15 20:14:14 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/12/15 20:14:14 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/12/15 20:14:14 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/11/28 14:09:46 | 000,000,219 | ---- | C] () -- C:\WINDOWS\satmat.ini
[2004/10/23 10:22:43 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/10/20 17:47:30 | 000,000,045 | ---- | C] () -- C:\WINDOWS\AFIMJMG.ini
[2004/10/02 13:19:40 | 000,001,200 | ---- | C] () -- C:\WINDOWS\BRCONDO2.INI
[2004/09/22 11:48:48 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/09/22 11:46:54 | 000,000,349 | ---- | C] () -- C:\WINDOWS\WinSkt.INI
[2004/09/14 17:18:05 | 000,001,339 | ---- | C] () -- C:\WINDOWS\BRURAR2.INI
[2004/09/13 20:20:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/09/11 19:30:13 | 000,000,908 | ---- | C] () -- C:\WINDOWS\BRSMIN2.INI
[2004/09/10 14:34:21 | 000,000,558 | ---- | C] () -- C:\WINDOWS\CFORMDB.INI
[2004/09/09 21:47:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/09/09 21:14:21 | 000,000,663 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/09/09 21:13:43 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2004/09/09 20:24:08 | 000,000,302 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/09/09 20:22:36 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WIN2SEC.INI
[2004/09/09 19:46:53 | 000,000,418 | ---- | C] () -- C:\WINDOWS\SKETCHER.INI
[2004/09/09 19:43:23 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\vskt2.ini
[2004/09/09 19:14:06 | 000,000,165 | ---- | C] () -- C:\WINDOWS\ORDERMGR.INI
[2004/09/09 19:11:40 | 000,000,615 | ---- | C] () -- C:\WINDOWS\Compeval.ini
[2004/09/09 19:11:40 | 000,000,237 | ---- | C] () -- C:\WINDOWS\Foto.ini
[2004/09/09 18:57:28 | 000,000,115 | ---- | C] () -- C:\WINDOWS\CFORMS.INI
[2004/09/09 18:57:24 | 000,074,400 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip.dll
[2004/09/09 18:45:22 | 000,000,479 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/09 18:45:22 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/09/09 18:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2004/09/09 13:01:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/09/09 12:57:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/09 12:32:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2004/09/09 11:46:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/09 11:40:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/09 04:13:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/09 04:11:08 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/07/22 17:28:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/06/15 03:00:00 | 000,077,321 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2003/03/31 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 05:00:00 | 000,481,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 05:00:00 | 000,079,736 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/30 09:21:29 | 000,000,544 | ---- | C] () -- C:\WINDOWS\System32\WinSkt7.INI
[2002/11/19 15:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 15:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2002/05/15 14:57:22 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/22 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/04/01 01:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/04/01 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/04/01 01:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/04/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/02/23 09:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2005/11/23 19:18:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/02/23 09:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/07/10 17:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/07/10 17:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/05/11 05:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/07/10 00:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/26 16:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/12/26 14:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bryana\Application Data\Nikon
[2007/07/08 14:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bryana.PLANTXP\Application Data\Grisoft
[2006/12/03 19:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bryana.PLANTXP\Application Data\Nikon
[2007/08/19 19:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bryanahill\Application Data\Grisoft
[2006/12/03 20:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bryanahill\Application Data\Nikon
[2010/10/04 07:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\Easy Thumbnails
[2011/05/10 09:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\ElevatedDiagnostics
[2004/09/09 21:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\InterTrust
[2007/06/12 09:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\JAM Software
[2007/07/29 13:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\MyPublisher
[2004/09/09 21:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\Nikon
[2006/12/15 21:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erle\Application Data\Snapfish
[2011/05/11 22:24:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/12 01:25:37 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4A75A925-3F77-467D-A403-E7CB429A10A2}.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 5/12/2011 6:44:24 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Erle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 202.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 377.44 Gb Free Space | 81.04% Space Free | Partition Type: NTFS

Computer Name: PLANTXP | User Name: Erle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-854245398-1580436667-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{085FE193-B676-11D4-82BC-00A0C993905F}" = Thomas Guide DE
"{0A48F047-5D01-463F-A732-DE75D224034B}" = Point
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1" = Yahoo! Photos Print-at-Home Tool
"{224C47F4-CB95-406C-8AD6-81002FEED0CF}" = Hoyle Casino 2004
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 21
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{4162AD40-3C5A-11D6-A5EC-0080C6F20037}" = WinSketch
"{43A11100-D20B-11D5-A7C9-0080C6F23D71}" = Appraiser's ToolBox 16-bit
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD4F991-BA3E-4EC4-A7A1-EFB61F4D7291}" = Setup
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners
"{6EA6D4E3-134D-4A11-AF2A-7986F61BB2F6}" = ImageRescue3
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{862983D7-FA08-493E-A9ED-6B7859E069D3}" = Canon PhotoRecord
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AE27686-485A-48E3-AC93-1E366E67AABC}" = ClickFORMS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C82F57-F312-4525-A19C-40E228E09939}" = Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F2E0640D-BEB8-4E14-8C97-71D5C7A29844}" = Point
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ArcSoft Software Suite" = ArcSoft Software Suite
"Barbie® Pet Rescue" = Barbie® Pet Rescue
"BtcMaestro" = HP Wireless Keyboard Driver V1.7 (2.0.W-127AU MUL)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CSCLIB" = Canon Camera Support Core Library
"Defraggler" = Defraggler
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"hp instant support" = hp instant support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail Xe
"InstallShield_{224C47F4-CB95-406C-8AD6-81002FEED0CF}" = Hoyle Casino 2004
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher BookMaker" = MyPublisher BookMaker
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ordermgr" = Order Express
"PCI Audio Driver" = PCI Audio Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Speccy" = Speccy
"The Appraiser's ToolBox" = The Appraiser's ToolBox
"TreeSize Free_is1" = TreeSize Free V2.1
"Viewer97" = Microsoft Word Viewer 97
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinSketch Pro 7" = WinSketch Pro 7
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Photos Easy Upload Tool" = Yahoo! Photos Easy Upload Tool
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomAlbum Cover Creator_is1" = ZoomAlbum - Cover Creator Version 1
"ZoomAlbum_is1" = ZoomAlbum Creator Version 1
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-854245398-1580436667-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.452

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2011 1:56:47 AM | Computer Name = PLANTXP | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/12/2011 1:56:47 AM | Computer Name = PLANTXP | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/12/2011 1:56:47 AM | Computer Name = PLANTXP | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/17/2011 5:24:47 PM | Computer Name = PLANTXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x650133ce.

Error - 4/18/2011 12:47:17 AM | Computer Name = PLANTXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x650133ce.

Error - 4/20/2011 12:39:20 AM | Computer Name = PLANTXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x650133ce.

Error - 4/24/2011 12:38:46 PM | Computer Name = PLANTXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x650133ce.

Error - 4/25/2011 12:04:47 PM | Computer Name = PLANTXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mapvie~1.ocx, version 2.2.1.3, fault address 0x00003f13.

Error - 4/25/2011 7:02:31 PM | Computer Name = PLANTXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x650133ce.

Error - 1/1/2002 4:36:09 AM | Computer Name = PLANTXP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 5/11/2011 8:04:32 AM | Computer Name = PLANTXP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.1405.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 5/11/2011 9:36:11 AM | Computer Name = PLANTXP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 5/11/2011 9:45:02 AM | Computer Name = PLANTXP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.1405.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 5/11/2011 9:48:32 AM | Computer Name = PLANTXP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 5/11/2011 1:03:11 PM | Computer Name = PLANTXP | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 5/11/2011 1:09:15 PM | Computer Name = PLANTXP | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 5/11/2011 1:12:19 PM | Computer Name = PLANTXP | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 5/11/2011 1:12:51 PM | Computer Name = PLANTXP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Media Player
Network Sharing Service service to connect.

Error - 5/11/2011 1:12:51 PM | Computer Name = PLANTXP | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%1053

Error - 5/11/2011 2:23:46 PM | Computer Name = PLANTXP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f020b: VIA - Network - VIA Rhine II Fast Ethernet Adapter.


< End of report >

Ok now what?
  • 0

#12
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Thats it. The machine is clean.

Lets wrap up.

We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Remove ComboFix
  • Click the Start button
  • Click Run...
  • Type Combofix /Uninstall in the run dialog box and click OK
Posted Image


Remove Other Tools
  • Download OTC to your desktop and run it
  • Click CleanUp! to begin the cleanup process and remove our tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

You may manually delete any remaining clutter from your desktop.

Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
  • Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window

++++++++++++++++++++++++++++++++++++

Maintaning your computer

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete CLEAN
THEN
  • Download Flush Flash from Here and follow the easy to use instructions on the same page
NEXT

Defrag the harddrive

++++++++++++++++++++++++++++++++++

Other things to keep in mind

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.

Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
  • Flush Flash - by Bobbi Flekman - cleans Flash Player cookies
  • ERUNT (Emergency Recovery Utility NT) - a registry backup utility
  • Cobian Backup - a very good backup utility - read the tutorial here
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for Chrome and Opera.
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there! Posted Image
  • 0

#13
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP