Author Topic: MSE wants to UPGRADE but wont? (Read 27591 times)

ImnoGuru · « **on:** February 16, 2011, 03:36:12 AM »

Hello and thank you for taking the time to look at my thread today.

I have a Dell Inspiron with Windows XP Professional, SP3, Pentium 4, 3 Ghz and 1.5 G of Ram.

I have installed (some time ago) Microsoft Security Essentials and it has worked fine until recently.

MSE comes up with an Orange symbol saying it wants me to "UPGRADE".
When I try to do the up DATE, it continues and returns to the green symbol saying "virus definitions are up to date"
When I try to "UPGRADE", MSE goes through the motions and finally comes up with "MSE was not able to complete the upgrade and is no longer monitoring your computer.
Please reinstall MSE from the link below, and an Error Code:0x8004FF01".

On the, MSE program home stab on my computer, Im told there is a new version available and to UPGRADE, but it just wont.

I have googled lots of error code entries, forums, replies and been to the MSE site for assistance but still it comes up with "microsoft installer unable to access" (sorry I dont remember exactly, something about the MS installer).

So I tried to delete the program altogether and download from MSE website the new version, but it wont delete the program either. (Typical method to uninstall... through add and remove programs) and the same error code Error Code:0x8004FF01

I have also run SAS and Malwarebytes with no problems or threats indicated. (small grin).

Other than the orange indicator, (so far), it seems to working, that is it updates and scans at the scheduled time.

Does anyone have a solution to this upgrade problem?

If they might be able to enlighten me, I would be most appreciative of some answers to try.

Thank you ImnoGuru.

SuperDave · « **Reply #1 on:** February 16, 2011, 01:15:06 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
Are you sure you have enough free space on hour HD? You should have 15% or more.
Please try downloading and saving MSE and the uninstaller below on your computer. Disconnect (physically disconnect) from the internet and use the uninstaller to remove MSE and then try installing the new one. Don't reconnect to the net until your satisfied that your protection is working.

Uninstalling an antivirus or any other program should always be done through Add/Remove Programs or by using a free third party uninstaller like Revo Uninstaller. Only use the below methods if the add/remove programs method fails.

ImnoGuru · « **Reply #2 on:** March 08, 2011, 05:34:40 PM »

Thank you SuperDave fro your instructions.
I went to the site for the Revo Uninstaller and downloaded the pro 30 day trial version, disconnected from the internet and tried to uninstall MSE with the default uninstaller.

No success, as expected. I continued to install the new uninstaller from Revo and run revo through the uninstall process... success.(so it appears at this time I think).

Oops have to reboot first back in a minute.

ImnoGuru · « **Reply #3 on:** March 08, 2011, 06:05:05 PM »

Hmmm well that got rid of MSE OK, unfortunately the original problem and error code keep coming back up and now I cannot install the new version of MSE?

It tells me "A problem has occurred that prevented this installation. Your computer is not protected by MSE"

The first time I tried to install MSE, (from my downloads Box list) I was told it was not a valid 32 bit application. So I went to a microsoft forums website and got a new download file for MSE. That failed saying "a problem prevented installation", so I went to the Microsoft Essentials page to make sure I had the right file, (http://www.microsoft.com/security_essentials/ ) (now I have three copies of the same thing).

That also failed to install.

SuperDave, it goes through all the motions and asks if I want to join their program for enhanced benefits and tries to install, but then at the very end it suddenly fails.

Current status is that I have a firewall but now Essentials is removed and I am unable to install the new upgraded or latest version of MSE.

A frustrating quandary that has resulted?

For the time being I might get AVG temporarily. Better something than nothing dont you think?

Perhaps you might be able to help with another suggestion?
Thank you ImnoGuru.

SuperDave · « **Reply #4 on:** March 09, 2011, 12:46:48 PM »

Quote

For the time being I might get AVG temporarily. Better something than nothing dont you think?

Most definitely. Here's a list.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

ImnoGuru · « **Reply #5 on:** March 09, 2011, 06:35:41 PM »

Hi SuperDave. I tried to setup AVG antivirus but it failed to install.

The message it gave me was,

"General internal error. 0xc0070643. The Windows installer service could not be accessed. This can occur if you are running Windows in safe mode or if the Windows installer is not correctly installed. Contact your support personnel for assistance (0xC00706B7).
Context: MSI action failed."

I also downloaded and ran the DDS program you asked me to and have these two logs for you.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 11:41:17.51 on Thu 10/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1534.949 [GMT 11:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\program files\microsoft office\Office12\GrooveMonitor.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\My Received Files\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Wisdom-soft ScreenHunter 5.1 Pro] 0
uRun: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\n9lrtipw.default\
FF - prefs.js: browser.search.selectedEngine - YourDictionary
FF - prefs.js: browser.startup.homepage - hxxp://www.theage.com.au/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\n9lrtipw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\n9lrtipw.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\n9lrtipw.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\n9lrtipw.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\iwong\bar\1.bin\NP9uStub.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Shorten URL : {a1109c2a-1187-4027-901d-13097b755625} - %profile%\extensions\{a1109c2a-1187-4027-901d-13097b755625}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-9-28 15328]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-8-17 233136]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-8-17 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-8-17 818432]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-9-28 220128]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-8-17 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-8-17 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-8-17 115216]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2009-4-21 515803]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-15 136176]
S2 IWONGService;IWON Service;c:\progra~1\iwong\bar\1.bin\9ubarsvc.exe [2010-8-2 28766]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-03-10 00:34:55   --------   d-----w-   c:\docume~1\alluse~1\applic~1\MFAData
2011-03-08 23:56:20   --------   d-----w-   c:\docume~1\admini~1\locals~1\applic~1\VS Revo Group
2011-03-08 23:56:03   27064   ----a-w-   c:\windows\system32\drivers\revoflt.sys
2011-03-08 23:55:56   --------   d-----w-   c:\program files\VS Revo Group
.
==================== Find3M ====================
.
2011-01-21 14:44:37   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10:33   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34:28   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59:20   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59:19   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26   385024   ----a-w-   c:\windows\system32\html.iec
.
============= FINISH: 11:42:52.76 ===============

.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14/09/2008 3:05:44 PM
System Uptime: 9/03/2011 11:36:05 AM (24 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2993/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 208.512 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP114: 10/12/2010 8:49:32 PM - Software Distribution Service 3.0
RP115: 11/12/2010 2:21:15 AM - Software Distribution Service 3.0
RP116: 11/12/2010 8:49:35 PM - Software Distribution Service 3.0
RP117: 12/12/2010 2:20:50 AM - Software Distribution Service 3.0
RP118: 12/12/2010 8:49:37 PM - Software Distribution Service 3.0
RP119: 13/12/2010 2:21:22 AM - Software Distribution Service 3.0
RP120: 13/12/2010 8:49:05 PM - Software Distribution Service 3.0
RP121: 14/12/2010 2:21:12 AM - Software Distribution Service 3.0
RP122: 14/12/2010 8:49:31 PM - Software Distribution Service 3.0
RP123: 15/12/2010 2:21:23 AM - Software Distribution Service 3.0
RP124: 15/12/2010 8:49:45 PM - Software Distribution Service 3.0
RP125: 16/12/2010 2:21:34 AM - Software Distribution Service 3.0
RP126: 16/12/2010 3:00:24 AM - Software Distribution Service 3.0
RP127: 16/12/2010 8:08:04 AM - Installed Java(TM) 6 Update 22
RP128: 16/12/2010 3:09:02 PM - Installed Java(TM) 6 Update 23
RP129: 17/12/2010 2:28:20 AM - Software Distribution Service 3.0
RP130: 17/12/2010 7:54:50 AM - Microsoft Antimalware Checkpoint
RP131: 17/12/2010 2:59:33 PM - Software Distribution Service 3.0
RP132: 18/12/2010 12:24:17 AM - Software Distribution Service 3.0
RP133: 18/12/2010 2:28:27 AM - Software Distribution Service 3.0
RP134: 18/12/2010 2:50:35 PM - Software Distribution Service 3.0
RP135: 19/12/2010 2:28:30 AM - Software Distribution Service 3.0
RP136: 19/12/2010 2:50:43 PM - Software Distribution Service 3.0
RP137: 20/12/2010 2:28:16 AM - Software Distribution Service 3.0
RP138: 20/12/2010 2:50:49 PM - Software Distribution Service 3.0
RP139: 21/12/2010 2:28:18 AM - Software Distribution Service 3.0
RP140: 21/12/2010 2:50:11 PM - Software Distribution Service 3.0
RP141: 22/12/2010 2:28:37 AM - Software Distribution Service 3.0
RP142: 22/12/2010 2:50:41 PM - Software Distribution Service 3.0
RP143: 23/12/2010 2:28:42 AM - Software Distribution Service 3.0
RP144: 23/12/2010 2:50:42 PM - Software Distribution Service 3.0
RP145: 24/12/2010 2:28:10 AM - Software Distribution Service 3.0
RP146: 24/12/2010 2:50:46 PM - Software Distribution Service 3.0
RP147: 25/12/2010 2:28:27 AM - Software Distribution Service 3.0
RP148: 25/12/2010 2:50:22 PM - Software Distribution Service 3.0
RP149: 26/12/2010 2:28:32 AM - Software Distribution Service 3.0
RP150: 27/12/2010 2:04:07 AM - Software Distribution Service 3.0
RP151: 28/12/2010 2:04:14 AM - Software Distribution Service 3.0
RP152: 29/12/2010 2:04:16 AM - Software Distribution Service 3.0
RP153: 30/12/2010 2:04:24 AM - Software Distribution Service 3.0
RP154: 31/12/2010 2:04:31 AM - Software Distribution Service 3.0
RP155: 1/01/2011 2:03:57 AM - Software Distribution Service 3.0
RP156: 2/01/2011 2:04:28 AM - Software Distribution Service 3.0
RP157: 3/01/2011 2:04:32 AM - Software Distribution Service 3.0
RP158: 4/01/2011 2:04:35 AM - Software Distribution Service 3.0
RP159: 5/01/2011 1:32:30 AM - Software Distribution Service 3.0
RP160: 5/01/2011 12:00:51 PM - Software Distribution Service 3.0
RP161: 6/01/2011 1:33:09 AM - Software Distribution Service 3.0
RP162: 6/01/2011 12:01:21 PM - Software Distribution Service 3.0
RP163: 7/01/2011 1:32:39 AM - Software Distribution Service 3.0
RP164: 7/01/2011 12:01:33 PM - Software Distribution Service 3.0
RP165: 8/01/2011 1:32:39 AM - Software Distribution Service 3.0
RP166: 8/01/2011 12:01:46 PM - Software Distribution Service 3.0
RP167: 9/01/2011 1:32:56 AM - Software Distribution Service 3.0
RP168: 9/01/2011 12:01:39 PM - Software Distribution Service 3.0
RP169: 10/01/2011 1:33:11 AM - Software Distribution Service 3.0
RP170: 10/01/2011 12:01:40 PM - Software Distribution Service 3.0
RP171: 11/01/2011 1:33:05 AM - Software Distribution Service 3.0
RP172: 11/01/2011 12:02:20 PM - Software Distribution Service 3.0
RP173: 12/01/2011 1:33:05 AM - Software Distribution Service 3.0
RP174: 13/01/2011 1:49:37 AM - Software Distribution Service 3.0
RP175: 13/01/2011 3:00:23 AM - Software Distribution Service 3.0
RP176: 14/01/2011 2:11:41 AM - Software Distribution Service 3.0
RP177: 15/01/2011 2:11:43 AM - Software Distribution Service 3.0
RP178: 16/01/2011 2:11:47 AM - Software Distribution Service 3.0
RP179: 17/01/2011 2:11:58 AM - Software Distribution Service 3.0
RP180: 18/01/2011 2:11:48 AM - Software Distribution Service 3.0
RP181: 19/01/2011 2:11:57 AM - Software Distribution Service 3.0
RP182: 20/01/2011 2:11:54 AM - Software Distribution Service 3.0
RP183: 21/01/2011 2:12:23 AM - Software Distribution Service 3.0
RP184: 22/01/2011 2:12:23 AM - Software Distribution Service 3.0
RP185: 23/01/2011 2:12:12 AM - Software Distribution Service 3.0
RP186: 24/01/2011 2:11:43 AM - Software Distribution Service 3.0
RP187: 25/01/2011 2:12:09 AM - Software Distribution Service 3.0
RP188: 26/01/2011 2:12:38 AM - Software Distribution Service 3.0
RP189: 27/01/2011 2:12:27 AM - Software Distribution Service 3.0
RP190: 28/01/2011 2:12:30 AM - Software Distribution Service 3.0
RP191: 29/01/2011 2:12:10 AM - Software Distribution Service 3.0
RP192: 30/01/2011 2:12:31 AM - Software Distribution Service 3.0
RP193: 30/01/2011 4:40:27 PM - Software Distribution Service 3.0
RP194: 30/01/2011 4:41:16 PM - Software Distribution Service 3.0
RP195: 31/01/2011 2:12:31 AM - Software Distribution Service 3.0
RP196: 1/02/2011 2:12:40 AM - Software Distribution Service 3.0
RP197: 2/02/2011 2:12:30 AM - Software Distribution Service 3.0
RP198: 2/02/2011 11:51:06 AM - Software Distribution Service 3.0
RP199: 2/02/2011 11:52:48 AM - Software Distribution Service 3.0
RP200: 2/02/2011 11:56:34 AM - Software Distribution Service 3.0
RP201: 3/02/2011 2:12:48 AM - Software Distribution Service 3.0
RP202: 4/02/2011 2:12:39 AM - Software Distribution Service 3.0
RP203: 5/02/2011 2:12:45 AM - Software Distribution Service 3.0
RP204: 6/02/2011 2:12:40 AM - Software Distribution Service 3.0
RP205: 6/02/2011 2:51:16 PM - Software Distribution Service 3.0
RP206: 6/02/2011 2:52:53 PM - Software Distribution Service 3.0
RP207: 7/02/2011 2:12:10 AM - Software Distribution Service 3.0
RP208: 8/02/2011 1:33:22 AM - Software Distribution Service 3.0
RP209: 8/02/2011 10:29:32 PM - Software Distribution Service 3.0
RP210: 9/02/2011 1:33:39 AM - Software Distribution Service 3.0
RP211: 9/02/2011 6:21:15 PM - Software Distribution Service 3.0
RP212: 10/02/2011 1:56:46 AM - Software Distribution Service 3.0
RP213: 10/02/2011 7:07:05 PM - Software Distribution Service 3.0
RP214: 11/02/2011 1:56:55 AM - Software Distribution Service 3.0
RP215: 11/02/2011 3:00:18 AM - Software Distribution Service 3.0
RP216: 11/02/2011 7:07:31 PM - Software Distribution Service 3.0
RP217: 12/02/2011 1:56:51 AM - Software Distribution Service 3.0
RP218: 12/02/2011 3:00:18 AM - Software Distribution Service 3.0
RP219: 12/02/2011 7:07:15 PM - Software Distribution Service 3.0
RP220: 13/02/2011 1:56:46 AM - Software Distribution Service 3.0
RP221: 13/02/2011 3:00:18 AM - Software Distribution Service 3.0
RP222: 13/02/2011 7:06:32 PM - Software Distribution Service 3.0
RP223: 14/02/2011 1:56:55 AM - Software Distribution Service 3.0
RP224: 14/02/2011 3:00:18 AM - Software Distribution Service 3.0
RP225: 14/02/2011 7:07:00 PM - Software Distribution Service 3.0
RP226: 15/02/2011 1:56:47 AM - Software Distribution Service 3.0
RP227: 15/02/2011 3:00:17 AM - Software Distribution Service 3.0
RP228: 16/02/2011 1:56:57 AM - Software Distribution Service 3.0
RP229: 16/02/2011 3:00:17 AM - Software Distribution Service 3.0
RP230: 16/02/2011 5:02:51 PM - Software Distribution Service 3.0
RP231: 16/02/2011 5:05:18 PM - Software Distribution Service 3.0
RP232: 16/02/2011 5:08:45 PM - Software Distribution Service 3.0
RP233: 16/02/2011 6:03:46 PM - Software Distribution Service 3.0
RP234: 16/02/2011 7:37:39 PM - Software Distribution Service 3.0
RP235: 17/02/2011 12:12:04 AM - Microsoft Antimalware Checkpoint
RP236: 17/02/2011 1:53:13 AM - Software Distribution Service 3.0
RP237: 17/02/2011 3:00:17 AM - Software Distribution Service 3.0
RP238: 17/02/2011 5:54:46 PM - Software Distribution Service 3.0
RP239: 18/02/2011 1:53:03 AM - Software Distribution Service 3.0
RP240: 18/02/2011 3:00:18 AM - Software Distribution Service 3.0
RP241: 18/02/2011 1:16:49 PM - Microsoft Antimalware Checkpoint
RP242: 18/02/2011 5:54:01 PM - Software Distribution Service 3.0
RP243: 19/02/2011 1:53:23 AM - Software Distribution Service 3.0
RP244: 19/02/2011 3:00:18 AM - Software Distribution Service 3.0
RP245: 19/02/2011 5:54:54 PM - Software Distribution Service 3.0
RP246: 20/02/2011 1:53:12 AM - Software Distribution Service 3.0
RP247: 20/02/2011 3:00:17 AM - Software Distribution Service 3.0
RP248: 20/02/2011 5:54:37 PM - Software Distribution Service 3.0
RP249: 21/02/2011 1:53:12 AM - Software Distribution Service 3.0
RP250: 21/02/2011 3:00:17 AM - Software Distribution Service 3.0
RP251: 21/02/2011 5:54:55 PM - Software Distribution Service 3.0
RP252: 22/02/2011 1:53:08 AM - Software Distribution Service 3.0
RP253: 22/02/2011 3:00:17 AM - Software Distribution Service 3.0
RP254: 22/02/2011 5:54:36 PM - Software Distribution Service 3.0
RP255: 23/02/2011 1:53:19 AM - Software Distribution Service 3.0
RP256: 23/02/2011 3:00:17 AM - Software Distribution Service 3.0
RP257: 23/02/2011 5:54:48 PM - Software Distribution Service 3.0
RP258: 24/02/2011 1:53:09 AM - Software Distribution Service 3.0
RP259: 24/02/2011 3:00:17 AM - Software Distribution Service 3.0
RP260: 24/02/2011 5:55:06 PM - Software Distribution Service 3.0
RP261: 25/02/2011 1:53:12 AM - Software Distribution Service 3.0
RP262: 25/02/2011 3:00:18 AM - Software Distribution Service 3.0
RP263: 25/02/2011 5:54:40 PM - Software Distribution Service 3.0
RP264: 26/02/2011 12:46:40 AM - Software Distribution Service 3.0
RP265: 26/02/2011 1:53:39 AM - Software Distribution Service 3.0
RP266: 26/02/2011 3:00:25 AM - Software Distribution Service 3.0
RP267: 26/02/2011 3:45:28 AM - Microsoft Antimalware Checkpoint
RP268: 26/02/2011 5:54:38 PM - Software Distribution Service 3.0
RP269: 27/02/2011 1:46:43 AM - Software Distribution Service 3.0
RP270: 27/02/2011 3:00:18 AM - Software Distribution Service 3.0
RP271: 27/02/2011 10:52:57 AM - Microsoft Antimalware Checkpoint
RP272: 27/02/2011 8:23:12 PM - Software Distribution Service 3.0
RP273: 28/02/2011 1:46:35 AM - Software Distribution Service 3.0
RP274: 28/02/2011 3:00:17 AM - Software Distribution Service 3.0
RP275: 28/02/2011 8:22:59 PM - Software Distribution Service 3.0
RP276: 1/03/2011 1:46:30 AM - Software Distribution Service 3.0
RP277: 1/03/2011 2:23:39 AM - Microsoft Antimalware Checkpoint
RP278: 1/03/2011 3:00:27 AM - Software Distribution Service 3.0
RP279: 1/03/2011 8:23:13 PM - Software Distribution Service 3.0
RP280: 2/03/2011 1:46:35 AM - Software Distribution Service 3.0
RP281: 2/03/2011 3:00:18 AM - Software Distribution Service 3.0
RP282: 3/03/2011 1:51:12 AM - Software Distribution Service 3.0
RP283: 3/03/2011 3:00:17 AM - Software Distribution Service 3.0
RP284: 3/03/2011 1:00:24 PM - Software Distribution Service 3.0
RP285: 4/03/2011 1:51:19 AM - Software Distribution Service 3.0
RP286: 4/03/2011 3:00:19 AM - Software Distribution Service 3.0
RP287: 4/03/2011 12:59:25 PM - Software Distribution Service 3.0
RP288: 5/03/2011 1:51:32 AM - Software Distribution Service 3.0
RP289: 5/03/2011 3:00:17 AM - Software Distribution Service 3.0
RP290: 5/03/2011 12:59:57 PM - Software Distribution Service 3.0
RP291: 6/03/2011 1:50:56 AM - Software Distribution Service 3.0
RP292: 6/03/2011 3:00:18 AM - Software Distribution Service 3.0
RP293: 6/03/2011 1:00:12 PM - Software Distribution Service 3.0
RP294: 7/03/2011 1:51:21 AM - Software Distribution Service 3.0
RP295: 7/03/2011 3:00:18 AM - Software Distribution Service 3.0
RP296: 7/03/2011 7:15:30 AM - Microsoft Antimalware Checkpoint
RP297: 7/03/2011 1:00:20 PM - Software Distribution Service 3.0
RP298: 8/03/2011 1:51:25 AM - Software Distribution Service 3.0
RP299: 8/03/2011 3:00:18 AM - Software Distribution Service 3.0
RP300: 8/03/2011 12:59:33 PM - Software Distribution Service 3.0
RP301: 9/03/2011 1:51:30 AM - Software Distribution Service 3.0
RP302: 9/03/2011 3:00:17 AM - Software Distribution Service 3.0
RP303: 9/03/2011 11:02:50 AM - Revo Uninstaller Pro's restore point - Microsoft Security Essentials
RP304: 9/03/2011 11:25:25 AM - Software Distribution Service 3.0
RP305: 9/03/2011 11:27:23 AM - Revo Uninstaller Pro's restore point - Microsoft Security Essentials
RP306: 10/03/2011 3:00:15 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 9.17 beta
ABBYY FineReader 6.0 Sprint
Acrobat.com
Activ E-Book Compiler 4.22
Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
AniFX 1.0
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
CCleaner
Conduit Engine
Critical Update for Windows Media Player 11 (KB959772)
Digital Camera
Epson Easy Photo Print 2
Epson Event Manager
EPSON Scan
Epson Stylus SX110_TX110 Manual
EPSON TX110 Series Printer Uninstall
EPSON Web-To-Page
ESET Online Scanner v3
FileZilla Client 3.3.4.1
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Icatch(IV) Camera Driver
InCD
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
IWON
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
LRC Editor 4.0 (remove only)
Macrium Reflect - Free Edition
MagneticOne Store Manager for Zen Cart 2.0.1.143
Malwarebytes' Anti-Malware
MFC RunTime files
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 97
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MultiMedia Disk
Nero Digital
Nero Media Player
Nero OEM
neroxml
NirSoft VideoCacheView
Notepad++
Nvu 1.0PR
OGA Notifier 2.0.0048.0
PC Tools Firewall Plus 6.0
PowerDVD
Project64 1.6
Revo Uninstaller Pro 2.5.1
Rootkit Unhooker LE 3.8 SR 2
Safety In The Market ABC Trader
SAMSUNG CDMA Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Save Flash 4.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SimCity 3000
SoundMAX
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Super Screen Capture 4.0
SUPERAntiSpyware
Tweet Adder 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uTorrentBar Toolbar
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
X-Sheet Invoicing
Xfire (remove only)
XfireXO Toolbar
ZScreen 2.25.1.1
.
==== Event Viewer Messages From Past Week ========
.
9/03/2011 3:00:54 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2495644).
9/03/2011 11:37:00 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
9/03/2011 11:37:00 AM, error: Service Control Manager [7000] - The Icatch(IV) Video Camera Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/03/2011 11:37:00 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
9/03/2011 11:26:17 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2290031 (2.0.657.0).
9/03/2011 10:58:49 AM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: Access is denied.
9/03/2011 10:58:49 AM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: Access is denied.
8/03/2011 3:00:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
8/03/2011 3:00:21 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/03/2011 3:00:21 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/03/2011 1:51:43 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
7/03/2011 7:17:24 AM, error: Microsoft Antimalware [1008] -
7/03/2011 3:00:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2492475).
5/03/2011 10:11:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
5/03/2011 10:11:03 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/03/2011 10:11:03 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
.
==== End Of File ===========================

In the meantime, seeing I cant get an antivirus installed at the moment, I am going to leave this computer disconected from the internet (physically unplug the connection) and just use one of the others. The other main computer connected to the modem doesnt have any drama with updating MSE.

Thank you.

SuperDave · « **Reply #6 on:** March 09, 2011, 07:43:46 PM »

The DDS log shows MSE is installed, updated but not enabled. Your PCTools firewall is also installed and enabled. Please confirm these.

P2P - I see you have P2P software installed on your machine (utorrentbar). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

ImnoGuru · « **Reply #7 on:** March 11, 2011, 08:36:07 AM »

Thank you for your reply.
I thought I told the kids to get rid of that utorrent from this machine. I dont mind if they want to use it on the other one but not this one. (This one is mine) ("stamping foot")

Actually looking through the programs list it isnt there?? Oops there it is... its a toolbar?
Well I'll get rid of it anyway. I am well and truly over using that sort of program.

It is possible they have installed it then deleted it after using it SuperDave?
(I have told so many times not to use it on my computer.)(Trouble is my computer is the most useable and convenient one to use.) Maybe I should just give in and give them one of the laptops to destroy.

At any rate SuperDave I understand how these programs can be detrimental to my computer, but I dont think that is the problem I am facing here.
Several times while trying to do these updates and upgrades, I am told that the Windows installer has failed access.
This seems to be the underlying problem.
Starting to run the security check317 now.
Thank you.

ImnoGuru · « **Reply #8 on:** March 11, 2011, 08:49:24 AM »

Well that didnt take long at all SuperDave.
Hope I did it correctly.. (I think I did)

Screen317 Security Check result ImnoGuru 03122011
Results of screen317's Security Check version 0.99.9
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
PC Tools Firewall Plus 6.0
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
PC Tools Firewall Plus FWService.exe
PC Tools Firewall Plus FirewallGUI.exe
``````````End of Log````````````

Lets see what that tells us SuperDave.
Thank you ImnoGuru.

SuperDave · « **Reply #9 on:** March 11, 2011, 12:04:26 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

*****************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
**************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

ImnoGuru · « **Reply #10 on:** March 12, 2011, 06:02:49 AM »

SuperDave the Java update link works and I have tried to update it, but when it runs the install, it returns with

"The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance"

Actually SuperDave I tried all of those recommendations and none of them completed!!!

Combo fix seems to be the only one to have done the whole routine.
Here is the log.

ComboFix 11-03-11.02 - Administrator 12/03/2011 23:52:08.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1534.890 [GMT 11:00]
Running from: c:\documents and settings\Administrator\My Documents\My Received Files\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml
c:\windows\system32\midas.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 )))))))))))))))))))))))))))))))
.
.
2011-03-10 00:34 . 2011-03-10 00:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-03-08 23:56 . 2011-03-08 23:56   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group
2011-03-08 23:56 . 2009-12-30 00:20   27064   ----a-w-   c:\windows\system32\drivers\revoflt.sys
2011-03-08 23:55 . 2011-03-08 23:55   --------   d-----w-   c:\program files\VS Revo Group
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-13 18:42   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-13 18:41   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-09-14 05:01   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-09-14 05:01   677888   ----a-w-   c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-13 18:42   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-13 18:39   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-04-13 14:00   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-13 18:41   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2008-04-13 18:42   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2008-04-13 18:42   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2008-04-13 18:41   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2008-04-13 18:41   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-13 13:07   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-20 07:09 . 2010-06-12 10:24   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 07:08 . 2010-06-12 10:24   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2010-10-05_02.26.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-12 11:31 . 2011-03-12 11:31   16384 c:\windows\temp\Perflib_Perfdata_24c.dat
+ 2008-04-13 18:42 . 2010-11-03 13:12   46080 c:\windows\system32\tzchange.exe
- 2008-04-13 18:42 . 2010-06-21 14:46   46080 c:\windows\system32\tzchange.exe
+ 2008-04-13 18:42 . 2010-08-27 05:57   99840 c:\windows\system32\srvsvc.dll
+ 2001-08-23 11:00 . 2010-10-07 13:56   70516 c:\windows\system32\perfc009.dat
- 2008-04-13 18:42 . 2009-03-07 18:31   66560 c:\windows\system32\mshtmled.dll
+ 2008-04-13 18:42 . 2010-12-20 23:59   66560 c:\windows\system32\mshtmled.dll
+ 2009-03-07 18:31 . 2010-12-20 23:59   55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-07 18:31 . 2010-06-24 12:21   55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-13 18:41 . 2010-12-20 23:59   25600 c:\windows\system32\jsproxy.dll
- 2008-04-13 18:41 . 2010-06-24 12:21   25600 c:\windows\system32\jsproxy.dll
- 2008-09-14 05:02 . 2008-04-13 18:41   81920 c:\windows\system32\isign32.dll
+ 2008-09-14 05:02 . 2010-11-18 18:12   81920 c:\windows\system32\isign32.dll
+ 2010-12-15 22:33 . 2008-04-13 03:15   31744 c:\windows\system32\drivers\wceusbsh.sys
- 2010-07-29 10:28 . 2010-07-29 10:28   12256 c:\windows\system32\drivers\PSVolAcc.sys
+ 2010-09-28 12:40 . 2010-09-28 12:03   12256 c:\windows\system32\drivers\PSVolAcc.sys
+ 2010-09-28 12:40 . 2010-09-28 12:03   15328 c:\windows\system32\drivers\pssnap.sys
- 2010-07-29 10:28 . 2010-07-29 10:28   15328 c:\windows\system32\drivers\pssnap.sys
- 2010-07-29 10:27 . 2010-07-29 10:27   44512 c:\windows\system32\drivers\psmounter.sys
+ 2010-09-28 12:40 . 2010-09-28 12:03   44512 c:\windows\system32\drivers\psmounter.sys
+ 2008-04-13 13:27 . 2010-11-02 15:17   40960 c:\windows\system32\drivers\ndproxy.sys
- 2009-06-10 08:49 . 2010-06-24 12:22   12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-10 08:49 . 2010-12-20 23:59   12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-12-15 22:33 . 2008-04-13 03:15   31744 c:\windows\system32\dllcache\wceusbsh.sys
+ 2010-12-14 23:07 . 2010-10-11 14:59   45568 c:\windows\system32\dllcache\wab.exe
+ 2010-08-27 05:57 . 2010-08-27 05:57   99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-12-14 23:08 . 2010-11-02 15:17   40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2009-03-07 18:31 . 2010-12-20 23:59   66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-07 18:31 . 2009-03-07 18:31   66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-07-28 17:31 . 2010-12-20 23:59   55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-07-28 17:31 . 2010-06-24 12:21   55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-07 18:34 . 2010-12-20 23:59   43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-07 18:33 . 2010-12-20 23:59   25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-07 18:33 . 2010-06-24 12:21   25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12   81920 c:\windows\system32\dllcache\isign32.dll
- 2009-12-14 07:08 . 2009-12-14 07:08   33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30   33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-13 18:41 . 2010-12-09 14:30   33280 c:\windows\system32\csrsrv.dll
- 2008-04-13 18:41 . 2009-12-14 07:08   33280 c:\windows\system32\csrsrv.dll
- 2010-03-22 19:31 . 2010-03-22 19:31   30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-21 22:43 . 2010-09-21 22:43   30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-04-01 01:42 . 2010-04-01 01:42   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 04:55 . 2010-09-23 04:55   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-22 15:26 . 2010-09-22 15:26   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-03-31 04:51 . 2010-03-31 04:51   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-03-31 04:51 . 2010-03-31 04:51   86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-22 15:26 . 2010-09-22 15:26   86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 04:51 . 2010-03-31 04:51   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-22 15:26 . 2010-09-22 15:26   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-03-31 05:32 . 2010-03-31 05:32   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-22 16:17 . 2010-09-22 16:17   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-22 16:17 . 2010-09-22 16:17   24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-03-31 05:32 . 2010-03-31 05:32   24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-12-14 12:20 . 2010-12-14 12:20   28160 c:\windows\Installer\3e5c9812.msi
+ 2010-10-18 18:43 . 2010-10-18 18:43   21504 c:\windows\Installer\35e3e56.msi
- 2009-01-19 12:50 . 2010-09-15 17:06   90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-01-19 12:50 . 2010-09-15 17:06   45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-01-19 12:50 . 2010-09-15 17:06   22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-01-19 12:50 . 2010-09-15 17:06   30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-01-19 12:50 . 2010-09-15 17:06   16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-01-19 12:50 . 2010-09-15 17:06   34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-01-19 12:50 . 2010-09-15 17:06   81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-29 11:27 . 2010-09-15 17:06   35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-29 11:27 . 2011-01-12 16:03   35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-29 11:27 . 2011-01-12 16:03   18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-10-29 11:27 . 2010-09-15 17:06   18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-10-29 11:27 . 2011-01-12 16:03   20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-10-29 11:27 . 2010-09-15 17:06   20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-06-05 13:50 . 2010-09-29 17:01   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-05 13:50 . 2010-12-17 13:25   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2010-10-13 01:36 . 2010-06-24 12:22   12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-10-13 01:36 . 2009-03-07 18:31   66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-10-13 01:36 . 2010-06-24 12:21   55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-10-13 01:36 . 2009-03-07 18:34   43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-10-13 01:36 . 2010-06-24 12:21   25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-10-07 13:52 . 2010-10-07 13:52   90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_80ab2d77\System.Drawing.Design.dll
+ 2010-10-07 13:52 . 2010-10-07 13:52   61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_41dfc7e3\CustomMarshalers.dll
+ 2010-10-07 14:04 . 2010-10-07 14:04   36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-07 13:51 . 2010-10-07 13:51   81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-11 09:43 . 2010-06-11 09:43   81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-02-09 07:22 . 2009-12-14 07:08   33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2010-12-15 16:06 . 2010-06-21 14:46   46080 c:\windows\$NtUninstallKB2443685$\tzchange.exe
+ 2010-12-15 16:06 . 2010-11-05 05:57   16896 c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll
+ 2010-12-15 16:07 . 2008-04-13 18:41   81920 c:\windows\$NtUninstallKB2443105$\isign32.dll
+ 2010-12-15 16:06 . 2008-04-13 13:27   40576 c:\windows\$NtUninstallKB2440591$\ndproxy.sys
+ 2010-12-15 16:01 . 2008-04-13 18:42   46080 c:\windows\$NtUninstallKB2423089$\wab.exe
+ 2010-10-13 01:40 . 2008-04-13 18:42   96768 c:\windows\$NtUninstallKB2345886$\srvsvc.dll
+ 2010-10-13 01:38 . 2009-05-26 11:40   26488 c:\windows\$hf_mig$\KB982132\update\spcustom.dll
+ 2010-10-13 01:38 . 2009-05-26 11:40   17272 c:\windows\$hf_mig$\KB982132\spmsg.dll
+ 2010-10-13 01:32 . 2010-02-22 14:23   26488 c:\windows\$hf_mig$\KB981957\update\spcustom.dll
+ 2010-10-13 01:32 . 2010-02-22 14:23   17272 c:\windows\$hf_mig$\KB981957\spmsg.dll
+ 2010-10-13 01:37 . 2009-05-26 09:01   26488 c:\windows\$hf_mig$\KB979687\update\spcustom.dll
+ 2010-10-13 01:37 . 2009-05-26 09:01   17272 c:\windows\$hf_mig$\KB979687\spmsg.dll
+ 2011-02-09 07:25 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-09 07:25 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-09 07:25 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-09 07:25 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-09 07:22 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-09 07:22 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-09 02:20 . 2010-12-20 23:58   12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-09 02:20 . 2010-12-20 23:58   66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-09 02:20 . 2010-12-20 23:58   55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-09 02:20 . 2010-12-20 23:58   43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-09 02:20 . 2010-12-20 23:58   25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-02-09 07:25 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-09 07:25 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-09 07:25 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-09 07:25 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-09 07:22 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-09 07:22 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-09 07:22 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-09 07:22 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:29 . 2010-12-09 14:29   33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2010-12-15 16:06 . 2010-02-22 14:23   26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2010-12-15 16:06 . 2010-02-22 14:23   17272 c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2010-12-15 16:07 . 2010-02-22 14:23   26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2010-12-15 16:07 . 2010-02-22 14:23   17272 c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12   81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2010-12-15 16:06 . 2009-05-26 11:40   26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
+ 2010-12-15 16:06 . 2009-05-26 11:40   17272 c:\windows\$hf_mig$\KB2440591\spmsg.dll
+ 2010-12-14 23:08 . 2010-11-03 05:55   40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
+ 2010-12-15 16:06 . 2009-05-26 11:40   26488 c:\windows\$hf_mig$\KB2436673\update\spcustom.dll
+ 2010-12-15 16:06 . 2009-05-26 11:40   17272 c:\windows\$hf_mig$\KB2436673\spmsg.dll
+ 2010-12-15 16:01 . 2010-02-22 14:23   26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
+ 2010-12-15 16:01 . 2010-02-22 14:23   17272 c:\windows\$hf_mig$\KB2423089\spmsg.dll
+ 2010-12-14 23:07 . 2010-10-11 14:55   45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2011-01-12 16:01 . 2010-02-22 14:23   26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-12 16:01 . 2010-02-22 14:23   17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2010-12-15 16:07 . 2010-02-22 14:23   26488 c:\windows\$hf_mig$\KB2416400-IE8\update\spcustom.dll
+ 2010-12-15 16:07 . 2010-02-22 14:23   17272 c:\windows\$hf_mig$\KB2416400-IE8\spmsg.dll
+ 2010-12-14 23:09 . 2010-11-06 00:27   12800 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\xpshims.dll
+ 2010-12-14 23:09 . 2010-11-06 00:27   66560 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtmled.dll
+ 2010-12-14 23:09 . 2010-11-06 00:27   55296 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeedsbs.dll
+ 2010-12-14 23:09 . 2010-11-06 00:27   43520 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\licmgr10.dll
+ 2010-12-14 23:09 . 2010-11-06 00:27   25600 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\jsproxy.dll
+ 2011-02-09 07:21 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-09 02:19 . 2010-12-09 15:15   16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-09 07:21 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll
+ 2010-10-13 01:40 . 2010-02-22 14:23   26488 c:\windows\$hf_mig$\KB2387149\update\spcustom.dll
+ 2010-10-13 01:40 . 2010-02-22 14:23   17272 c:\windows\$hf_mig$\KB2387149\spmsg.dll
+ 2010-10-13 01:31 . 2010-02-22 14:23   26488 c:\windows\$hf_mig$\KB2360937\update\spcustom.dll
+ 2010-10-13 01:31 . 2010-02-22 14:23   17272 c:\windows\$hf_mig$\KB2360937\spmsg.dll
+ 2010-10-13 01:36 . 2009-05-26 09:01   26488 c:\windows\$hf_mig$\KB2360131-IE8\update\spcustom.dll
+ 2010-10-13 01:36 . 2009-05-26 09:01   17272 c:\windows\$hf_mig$\KB2360131-IE8\spmsg.dll
+ 2010-10-12 19:51 . 2010-09-10 05:57   12800 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\xpshims.dll
+ 2010-10-12 19:51 . 2010-09-10 05:57   66560 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtmled.dll
+ 2010-10-12 19:51 . 2010-09-10 05:57   55296 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\msfeedsbs.dll
+ 2010-10-12 19:51 . 2010-09-10 05:57   43520 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\licmgr10.dll
+ 2010-10-12 19:51 . 2010-09-10 05:57   25600 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\jsproxy.dll
+ 2010-10-13 01:40 . 2010-02-22 14:23   26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
+ 2010-10-13 01:40 . 2010-02-22 14:23   17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll
+ 2010-08-27 06:05 . 2010-08-27 06:05   99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
+ 2010-12-15 16:08 . 2009-05-26 11:40   26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
+ 2010-12-15 16:08 . 2009-05-26 11:40   17272 c:\windows\$hf_mig$\KB2296199\spmsg.dll
+ 2010-10-13 01:40 . 2010-02-22 14:23   26488 c:\windows\$hf_mig$\KB2279986\update\spcustom.dll
+ 2010-10-13 01:40 . 2010-02-22 14:23   17272 c:\windows\$hf_mig$\KB2279986\spmsg.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-04-16 11:11 . 2010-07-22 05:57   5120 c:\windows\system32\xpsp4res.dll
+ 2009-04-16 11:11 . 2010-08-26 12:52   5120 c:\windows\system32\xpsp4res.dll
- 2009-01-19 12:50 . 2010-09-15 17:06   3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-01-19 12:50 . 2010-09-15 17:06   8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-01-19 12:50 . 2010-09-15 17:06   2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2010-08-12 06:45 . 2010-08-12 06:45   7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-12 06:45 . 2010-08-12 06:45   5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-12 06:45 . 2010-08-12 06:45   6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-13 01:31 . 2010-07-22 05:57   5120 c:\windows\$NtUninstallKB2360937$\xpsp4res.dll
+ 2010-10-13 01:40 . 2010-08-13 12:53   5120 c:\windows\$NtUninstallKB2345886$\xpsp4res.dll
+ 2010-07-12 12:53 . 2010-07-12 12:53   5120 c:\windows\$hf_mig$\KB979687\SP3QFE\xpsp4res.dll
+ 2010-10-12 19:54 . 2010-08-13 12:53   5120 c:\windows\$hf_mig$\KB2360937\SP3QFE\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52   5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-08-12 06:45 . 2010-08-12 06:45   258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-10-07 13:55 . 2010-10-07 13:55   258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-10-13 01:39 . 2008-04-13 18:42   221184 c:\windows\system32\wmpns.dll
+ 2008-04-13 18:42 . 2010-08-27 08:02   119808 c:\windows\system32\t2embed.dll
- 2008-04-13 18:42 . 2009-10-15 16:28   119808 c:\windows\system32\t2embed.dll
+ 2008-04-13 18:42 . 2010-08-16 08:45   590848 c:\windows\system32\rpcrt4.dll
- 2008-04-13 18:42 . 2010-07-22 15:49   590848 c:\windows\system32\rpcrt4.dll
+ 2001-08-23 11:00 . 2010-10-07 13:56   440646 c:\windows\system32\perfh009.dat
- 2008-04-13 18:42 . 2008-04-13 18:42   249856 c:\windows\system32\odbc32.dll
+ 2008-04-13 18:42 . 2010-11-09 14:52   249856 c:\windows\system32\odbc32.dll
+ 2008-04-13 18:42 . 2010-12-20 23:59   206848 c:\windows\system32\occache.dll
- 2008-04-13 18:42 . 2010-06-24 12:22   206848 c:\windows\system32\occache.dll
+ 2008-04-13 18:41 . 2010-12-09 15:15   718336 c:\windows\system32\ntdll.dll
+ 2008-04-13 18:42 . 2010-12-20 23:59   611840 c:\windows\system32\mstime.dll
- 2008-04-13 18:42 . 2010-06-24 12:22   611840 c:\windows\system32\mstime.dll
+ 2009-03-07 18:32 . 2010-12-20 23:59   602112 c:\windows\system32\msfeeds.dll
+ 2010-02-04 06:30 . 2010-10-19 20:51   222080 c:\windows\system32\MpSigStub.exe
+ 2007-04-02 21:44 . 2010-09-18 01:23   974848 c:\windows\system32\mfc42u.dll
+ 2008-04-13 18:41 . 2010-09-18 06:53   974848 c:\windows\system32\mfc42.dll
+ 2008-04-13 18:41 . 2010-09-18 06:53   953856 c:\windows\system32\mfc40u.dll
+ 2001-08-23 11:00 . 2010-09-18 06:53   954368 c:\windows\system32\mfc40.dll
+ 2011-03-09 00:38 . 2011-03-09 00:38   235168 c:\windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe
+ 2010-12-16 04:09 . 2010-11-12 07:53   157472 c:\windows\system32\javaws.exe
+ 2010-12-16 04:09 . 2010-11-12 07:53   145184 c:\windows\system32\javaw.exe
- 2010-08-10 00:55 . 2010-07-16 19:00   145184 c:\windows\system32\javaw.exe
- 2010-08-10 00:55 . 2010-07-16 19:00   145184 c:\windows\system32\java.exe
+ 2010-12-16 04:09 . 2010-11-12 07:53   145184 c:\windows\system32\java.exe
+ 2008-04-13 18:41 . 2010-12-20 23:59   184320 c:\windows\system32\iepeers.dll
- 2008-04-13 18:41 . 2010-06-24 12:21   184320 c:\windows\system32\iepeers.dll
+ 2008-04-13 18:41 . 2010-12-20 23:59   387584 c:\windows\system32\iedkcs32.dll
- 2008-04-13 18:41 . 2010-06-24 12:21   387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-13 18:42 . 2010-12-20 12:55   173568 c:\windows\system32\ie4uinit.exe
+ 2008-04-13 13:45 . 2010-08-26 13:39   357248 c:\windows\system32\drivers\srv.sys
+ 2009-04-16 11:11 . 2010-07-12 12:55   218112 c:\windows\system32\dllcache\wordpad.exe
+ 2008-06-23 15:09 . 2010-12-20 23:59   916480 c:\windows\system32\dllcache\wininet.dll
- 2008-06-23 15:09 . 2010-06-24 12:22   916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-16 14:36 . 2010-08-27 08:02   119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-06-16 14:36 . 2009-10-15 16:28   119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-11-18 06:15 . 2010-08-26 13:39   357248 c:\windows\system32\dllcache\srv.sys
+ 2011-01-21 14:44 . 2011-01-21 14:44   439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2011-02-09 13:53 . 2011-02-09 13:53   270848 c:\windows\system32\dllcache\sbe.dll
- 2009-04-15 14:51 . 2010-07-22 15:49   590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-04-15 14:51 . 2010-08-16 08:45   590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52   249856 c:\windows\system32\dllcache\odbc32.dll
- 2009-03-07 18:34 . 2010-06-24 12:22   206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-07 18:34 . 2010-12-20 23:59   206848 c:\windows\system32\dllcache\occache.dll
+ 2009-04-16 11:15 . 2010-12-09 15:15   718336 c:\windows\system32\dllcache\ntdll.dll
- 2009-03-07 18:32 . 2010-06-24 12:22   611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-07 18:32 . 2010-12-20 23:59   611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52   102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-07-28 17:31 . 2010-12-20 23:59   602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52   200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52   180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52   536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52   143360 c:\windows\system32\dllcache\msadco.dll
+ 2010-09-18 01:23 . 2010-09-18 01:23   974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-12 19:55 . 2010-09-18 06:53   974848 c:\windows\system32\dllcache\mfc42.dll
+ 2010-10-12 19:55 . 2010-09-18 06:53   953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2010-10-12 19:55 . 2010-09-18 06:53   954368 c:\windows\system32\dllcache\mfc40.dll
- 2009-04-16 11:15 . 2009-06-25 08:25   730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-16 11:15 . 2010-12-20 17:26   730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57   677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2009-06-25 08:25 . 2009-06-25 08:25   301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34   301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-10 08:49 . 2010-06-24 12:21   247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-10 08:49 . 2010-12-20 23:59   247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-07 18:31 . 2010-12-20 23:59   184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-07 18:31 . 2010-06-24 12:21   184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 17:14 . 2010-12-20 23:59   743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 17:14 . 2010-06-24 12:21   743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 04:09 . 2010-06-24 12:21   387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 04:09 . 2010-12-20 23:59   387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-07 18:32 . 2010-12-20 12:55   173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-09 13:53 . 2011-02-09 13:53   186880 c:\windows\system32\dllcache\encdec.dll
+ 2010-10-12 19:55 . 2010-08-23 16:12   617472 c:\windows\system32\dllcache\comctl32.dll
+ 2010-04-20 05:30 . 2011-01-07 14:09   290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-05-09 07:32 . 2010-11-12 07:53   472808 c:\windows\system32\deployJava1.dll
+ 2008-04-13 18:41 . 2010-08-23 16:12   617472 c:\windows\system32\comctl32.dll
- 2008-04-13 18:41 . 2008-04-13 18:41   617472 c:\windows\system32\comctl32.dll
- 2010-03-22 19:31 . 2010-03-22 19:31   435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-21 22:43 . 2010-09-21 22:43   435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-31 04:51 . 2010-03-31 04:51   102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-22 15:26 . 2010-09-22 15:26   102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 04:49 . 2010-03-31 04:49   315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-22 15:25 . 2010-09-22 15:25   315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17   258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-03-31 05:32 . 2010-03-31 05:32   258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 10:02 . 2010-09-23 10:02   798208 c:\windows\Installer\f54d90.msp
+ 2010-10-13 01:40 . 2010-10-13 01:40   264192 c:\windows\Installer\7fee6d2.msi
+ 2010-07-22 14:03 . 2010-07-22 14:03   338432 c:\windows\Installer\444f32ef.msp
+ 2010-11-16 01:54 . 2010-11-16 01:54   906240 c:\windows\Installer\444f32ba.msp
- 2009-01-19 12:50 . 2010-09-15 17:06   114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-01-19 12:50 . 2010-12-15 16:06   167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2009-01-19 12:50 . 2010-09-15 17:06   167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2009-10-29 11:27 . 2010-09-15 17:06   888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-10-29 11:27 . 2011-01-12 16:03   888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-10-29 11:27 . 2010-09-15 17:06   272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-10-29 11:27 . 2011-01-12 16:03   272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-10-29 11:27 . 2011-01-12 16:03   922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-10-29 11:27 . 2010-09-15 17:06   922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-10-29 11:27 . 2011-01-12 16:03   845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-10-29 11:27 . 2010-09-15 17:06   845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-10-29 11:27 . 2010-09-15 17:06   217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-10-29 11:27 . 2011-01-12 16:03   217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-10-29 11:27 . 2010-09-15 17:06   184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-10-29 11:27 . 2011-01-12 16:03   184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-10-29 11:27 . 2011-01-12 16:03   159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-10-29 11:27 . 2010-09-15 17:06   159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-09-22 07:10 . 2010-09-22 07:10   103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
+ 2008-11-03 17:13 . 2008-11-03 17:13   118128 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2011-02-09 07:22 . 2010-11-06 00:26   916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-09 07:22 . 2010-07-05 13:16   382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-09 07:22 . 2010-07-05 13:15   231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-09 07:22 . 2010-11-06 00:26   206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-09 07:22 . 2010-11-06 00:26   387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-09 07:22 . 2010-11-03 12:26   173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2010-12-15 16:07 . 2010-09-10 05:58   916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-15 16:07 . 2010-07-05 13:16   382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-15 16:07 . 2010-02-22 14:23   231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-15 16:07 . 2010-09-10 05:58   206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-15 16:07 . 2010-09-10 05:58   387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-15 16:07 . 2010-08-26 12:22   173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2010-10-13 01:36 . 2010-06-24 12:22   916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-10-13 01:36 . 2010-07-05 13:16   382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-10-13 01:36 . 2009-05-26 09:01   231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-10-13 01:36 . 2010-06-24 12:22   206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-10-13 01:36 . 2010-06-24 12:22   611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-10-13 01:36 . 2010-06-24 12:21   599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-10-13 01:36 . 2010-06-24 12:21   247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-10-13 01:36 . 2010-06-24 12:21   184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-10-13 01:36 . 2010-06-24 12:21   743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-10-13 01:36 . 2010-06-24 12:21   387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-10-13 01:36 . 2010-06-23 12:08   173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-10-08 01:28 . 2010-10-08 01:28   835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_702d3dce\System.Drawing.dll
+ 2010-10-08 01:28 . 2010-10-08 01:28   192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_46d0a4fb\System.Drawing.Design.dll
+ 2010-10-08 01:28 . 2010-10-08 01:28   118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c2be2ea1\CustomMarshalers.dll
+ 2010-10-07 14:03 . 2010-10-07 14:03   633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f39d526b39e8928e719d9ce8a971383e\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-10-07 14:03 . 2010-10-07 14:03   851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0916f4cf87dafdf941b66056dd0e005\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-10-07 14:03 . 2010-10-07 14:03   594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa7ddbdf38e8a7129fb0befd951897f5\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-10-07 14:03 . 2010-10-07 14:03   152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7619247d1c0a0779042423940f5f93de\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-10-07 14:04 . 2010-10-07 14:04   129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-10-09 04:35 . 2010-10-09 04:35   859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-09 04:35 . 2010-10-09 04:35   328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-09 04:35 . 2010-10-09 04:35   301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-09 04:35 . 2010-10-09 04:35   547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-07 14:04 . 2010-10-07 14:04   141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-10-07 14:03 . 2010-10-07 14:03   771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
+ 2010-10-07 14:04 . 2010-10-07 14:04   756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-10-07 14:04 . 2010-10-07 14:04   320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-10-07 14:01 . 2010-10-07 14:01   842240 c:\windows\assembly\NativeImages_v2.

SuperDave · « **Reply #11 on:** March 12, 2011, 11:26:24 AM »

That is not a complete ComboFix log and ComboFix is running from the wrong location. It should be running from your desktop. Please uninstall it, download a new one to your desktop and run the scan again.

ImnoGuru · « **Reply #12 on:** March 13, 2011, 06:41:13 AM »

OK. Now this might sound like a really stupid question but how do I change where stuff downloads to.

Basically SuperDave when I download stuff, I get a downloads box appears, but it doesnt have any way to change where it downloads to, so I just double click on it and it opens the new file.

I looked in "Help and Suppoort" and "CH" to change the download location but came up empty, just got a sample test file to download... which went to that little box I was talking about.

That's why I'm no Guru.

(Bit of Levity there)

ImnoGuru · « **Reply #13 on:** March 13, 2011, 08:25:41 AM »

Sorry SuperDave. I am tired... It would have helped if I read your guide properly before making a post.

I did find how to reset my download location.. Then I read your instructions. (I am such a dummy).

Anyway Combofix should be right this time and here is the post of the txt log.

ComboFix 11-03-12.01 - Administrator 14/03/2011 0:22.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1534.1109 [GMT 11:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-10 00:34 . 2011-03-10 00:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-03-08 23:56 . 2011-03-08 23:56   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group
2011-03-08 23:56 . 2009-12-30 00:20   27064   ----a-w-   c:\windows\system32\drivers\revoflt.sys
2011-03-08 23:55 . 2011-03-08 23:55   --------   d-----w-   c:\program files\VS Revo Group
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-13 18:42   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-13 18:41   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-09-14 05:01   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-09-14 05:01   677888   ----a-w-   c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-13 18:42   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-13 18:39   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-04-13 14:00   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-13 18:41   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2008-04-13 18:42   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2008-04-13 18:42   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2008-04-13 18:41   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2008-04-13 18:41   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-13 13:07   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-20 07:09 . 2010-06-12 10:24   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 07:08 . 2010-06-12 10:24   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-03-12_12.56.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-13 12:13 . 2011-03-13 12:13   16384 c:\windows\temp\Perflib_Perfdata_258.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Pro"="0" [X]
"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-02-27 1269870]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"GrooveMonitor"="c:\program files\microsoft office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-07 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\SITM\\ABC Trader\\ABCTrader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Nvu\\nvu.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\MagneticOne\\Store Manager for Zen Cart\\ZenCart_Manager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
"8085:TCP"= 8085:TCP:tgi
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [28/09/2010 11:40 PM 15328]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [17/08/2010 11:02 PM 233136]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 5:41 AM 67656]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [17/08/2010 11:01 PM 88040]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [28/09/2010 11:40 PM 220128]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [17/08/2010 11:09 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [17/08/2010 11:09 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [17/08/2010 11:09 PM 115216]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [21/04/2009 1:10 PM 515803]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/07/2010 4:38 AM 136176]
S2 IWONGService;IWON Service;c:\progra~1\IWONG\bar\1.bin\9ubarsvc.exe [2/08/2010 12:13 AM 28766]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ     getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 17:37]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 17:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\
FF - prefs.js: browser.search.selectedEngine - YourDictionary
FF - prefs.js: browser.startup.homepage - hxxp://www.theage.com.au/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Shorten URL : {a1109c2a-1187-4027-901d-13097b755625} - %profile%\extensions\{a1109c2a-1187-4027-901d-13097b755625}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- File Associations -------
.
.txt=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 00:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-1647877149-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,1a,14,1f,33,05,db,48,b9,15,09,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,00,a1,fc,2d,8a,50,49,a7,eb,94,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222 A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,67,79,45,10,df,a7,4c,ae,ee,35,\
.
[HKEY_USERS\S-1-5-21-1275210071-1647877149-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(13100)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-14 00:28:26
ComboFix-quarantined-files.txt 2011-03-13 13:28
ComboFix2.txt 2011-03-12 12:58
ComboFix3.txt 2010-10-05 02:27
.
Pre-Run: 227,740,962,816 bytes free
Post-Run: 227,725,824,000 bytes free
.
- - End Of File - - FB16DA90A3E283CE9F0C90D22B548611

I did read through it a bit and noticed that there is still a reference to Utorrent in the Supplementary Scan section. But how is that so, I deleted all I could see in reference to Utorrent after you first said it was there. There is nothing in my "Add and Remove Programs" folder, programs list or anywhere else that I could see?

Well lets see what this scan details give us an insight to.

Thank you so much for your ongoing assistance with this problem.

SuperDave · « **Reply #14 on:** March 13, 2011, 11:40:53 AM »

Quote

I did read through it a bit and noticed that there is still a reference to Utorrent in the Supplementary Scan section. But how is that so, I deleted all I could see in reference to Utorrent after you first said it was there. There is nothing in my "Add and Remove Programs" folder, programs list or anywhere else that I could see?

This will get rid of it. You don't have to post this log.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

DDS::
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script.
*****************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- At the bottom of the page
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

ImnoGuru · « **Reply #15 on:** March 16, 2011, 12:59:04 AM »

OK SuperDave that seemed to work well. I generated this log.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B0133000
Module End: B014B000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79DF000
Module End: F79E1000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: F77C7000
Module End: F77CF000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F79F1000
Module End: F79F3000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Anthony Robbins Personal Power 2 Self Help Tapes Complete\Anthony Robbins - Personal Power 2 - Bonus tapes! The Driving Force The Six Human Nee
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Anthony Robbins Personal Power 2 Self Help Tapes Complete\Anthony Robbins - Personal Power 2 - Day 02 - The Controlling Force that Directs You
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Anthony Robbins Personal Power 2 Self Help Tapes Complete\Anthony Robbins - Personal Power 2 - Day 05,6,7 - What Everyone Wants And how u can g
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Anthony Robbins Personal Power 2 Self Help Tapes Complete\Anthony Robbins - Personal Power 2 - Day 12,14 - Creating Your Future the Goal settin
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Anthony Robbins Personal Power 2 Self Help Tapes Complete\Anthony Robbins - Personal Power 2 - Day 15 - Success Conditioning The power of ritua
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Anthony Robbins Personal Power 2 Self Help Tapes Complete\Anthony Robbins - Personal Power 2 - Day 19,20,21 - Overcoming Fears of Failure and S
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Anthony Robbins Personal Power 2 Self Help Tapes Complete\Anthony Robbins - Personal Power 2 - Day 22 - Eliminating Self-Sabotage & Creating Un
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Anthony Robbins Personal Power 2 Self Help Tapes Complete\Anthony Robbins - Personal Power 2 - Day 25 - How to solve problems quickly and effec
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Anthony Robbins Personal Power 2 Self Help Tapes Complete\Anthony Robbins - Personal Power 2 - Day 26,27,28,29,30 - My Personal Challenge to Yo
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Anthony Robbins Personal Power 2 Self Help Tapes Complete\anthony robbins - vibrant health and energy document Insight to the messages in the S
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Financial, Trading, & Real Estate E-Books\Ahead Of The Market - The Zacks Method For Spotting Stocks Early In Any Economy (Harpercollins-2003)
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Financial, Trading, & Real Estate E-Books\Comfort Zone Investing - How To Tailor Your Portfolio For High Returns And Peace Of Mind (Career-2002
Status: Hidden

Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Assorted How to instructional manuals and ebooks\Rich Dad's Roads To Riches- 6 Steps To Becoming A Successful Real Estate Investor\Rich Dad's Roads To Riches- 6 Steps To Becoming A Successful
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Let me know what you see in there please.
Thanks ImnoGuru.

ImnoGuru · « **Reply #16 on:** March 16, 2011, 02:12:21 AM »

Here's an unexpected find. When I ran the AVG scan.

The results list has come up with some (6 so far) old documents that says "The file is signed with a broken digital signature, issued by Microsoft Corporation."
The list doesnt see these as a threat just in the scan results list. All of those 6 are audio driver's .exe

Im not sure exactly what that actually means, but it may help in our jouney of discovery.

SuperDave · « **Reply #17 on:** March 16, 2011, 11:51:52 AM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

ImnoGuru · « **Reply #18 on:** March 17, 2011, 12:06:32 AM »

This is the log from ESET Online.
Thanks SuperDave.

C:\Documents and Settings\Administrator\My Documents\Downloads\Big Fish Games Collection (Mega Pack).zip   multiple threats   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Inception 2010 DVDSCR XviD-ESPiSE\Inception 2010 DVDSCR XviD-ESPiSE.avi   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   unable to clean
C:\Documents and Settings\Administrator\My Documents\Downloads\Killers 2010 DVDrip XviD-KiNGDOM\Killers.2010.DVDrip.XviD-KiNGDOM.avi   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   unable to clean
C:\Documents and Settings\Administrator\My Documents\My Received Files\beachholiday.zip   PHP/Kryptik.AB trojan   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\My Received Files\CursorMania.exe   a variant of Win32/AdInstaller application   cleaned by deleting - quarantined
C:\Program Files\IWONG\bar\1.bin\9udatact.dll   a variant of Win32/Toolbar.MyWebSearch.A application   cleaned by deleting - quarantined
C:\Program Files\IWONG\bar\1.bin\9uhtml.dll   probably a variant of Win32/Toolbar.MyWebSearch.F application   cleaned by deleting - quarantined
C:\Program Files\IWONG\bar\1.bin\9uhtmlmu.dll   probably a variant of Win32/Toolbar.MyWebSearch.B application   cleaned by deleting - quarantined
C:\Program Files\IWONG\bar\1.bin\9uPlugin.dll   probably a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
C:\Program Files\IWONG\bar\1.bin\9uregfft.dll   probably a variant of Win32/Spy.Agent.GSCZTKA trojan   cleaned by deleting - quarantined
C:\Program Files\IWONGEI\Installr\1.bin\9uEIPlug.dll   a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E69DF2CF-181D-4092-9FD6-F8D03B4C12EF}\RP281\A0013517.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E69DF2CF-181D-4092-9FD6-F8D03B4C12EF}\RP317\A0015291.dll   a variant of Win32/Toolbar.MyWebSearch.A application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E69DF2CF-181D-4092-9FD6-F8D03B4C12EF}\RP317\A0015292.dll   probably a variant of Win32/Toolbar.MyWebSearch.F application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E69DF2CF-181D-4092-9FD6-F8D03B4C12EF}\RP317\A0015293.dll   probably a variant of Win32/Toolbar.MyWebSearch.B application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E69DF2CF-181D-4092-9FD6-F8D03B4C12EF}\RP317\A0015294.dll   probably a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E69DF2CF-181D-4092-9FD6-F8D03B4C12EF}\RP317\A0015295.dll   probably a variant of Win32/Spy.Agent.GSCZTKA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E69DF2CF-181D-4092-9FD6-F8D03B4C12EF}\RP317\A0015296.dll   a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined

SuperDave · « **Reply #19 on:** March 17, 2011, 01:15:38 PM »

AVENGER

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Click the Execute button.
You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

ImnoGuru · « **Reply #20 on:** March 18, 2011, 08:06:42 AM »

Ran that one just now and it come up with this log SuperDave.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

Looks like there is nothing there. Is there only the one reboot from this?
I tried to look in the .txt file, to confirm the file contents but it asked for a password to enter.

Thanks ImnoGuru.

SuperDave · « **Reply #21 on:** March 18, 2011, 01:20:12 PM »

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

:Files
C:\Documents and Settings\Administrator\My Documents\Downloads\Inception 2010 DVDSCR XviD-ESPiSE\Inception 2010 DVDSCR XviD-ESPiSE.avi 
C:\Documents and Settings\Administrator\My Documents\Downloads\Killers 2010 DVDrip XviD-KiNGDOM\Killers.2010.DVDrip.XviD-KiNGDOM.avi  

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
Please run another ESET scan after doing the above and post the log.

ImnoGuru · « **Reply #22 on:** March 20, 2011, 07:02:51 AM »

All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\Documents and Settings\Administrator\My Documents\Downloads\Inception 2010 DVDSCR XviD-ESPiSE\Inception 2010 DVDSCR XviD-ESPiSE.avi not found.
File\Folder C:\Documents and Settings\Administrator\My Documents\Downloads\Killers 2010 DVDrip XviD-KiNGDOM\Killers.2010.DVDrip.XviD-KiNGDOM.avi not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: 4 GIG FLASH

User: Administrator
->Temp folder emptied: 152827 bytes
->Temporary Internet Files folder emptied: 35883 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39836020 bytes
->Flash cache emptied: 890 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1109 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 03202011_231549

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Running the ESET Scan now.
Thanks SuperDave.

ImnoGuru · « **Reply #23 on:** March 20, 2011, 08:59:33 AM »

and here is the next ESET scan.

C:\_OTL\MovedFiles\03202011_134244\C_Documents and Settings\Administrator\My Documents\Downloads\Inception 2010 DVDSCR XviD-ESPiSE\Inception 2010 DVDSCR XviD-ESPiSE.avi a variant of WMA/TrojanDownloader.GetCodec.gen trojan unable to clean
C:\_OTL\MovedFiles\03202011_134244\C_Documents and Settings\Administrator\My Documents\Downloads\Killers 2010 DVDrip XviD-KiNGDOM\Killers.2010.DVDrip.XviD-KiNGDOM.avi a variant of WMA/TrojanDownloader.GetCodec.gen trojan unable to clean

Thank you SuperDave.

SuperDave · « **Reply #24 on:** March 20, 2011, 01:12:30 PM »

Could you please search for these files and let me know if you can find them. OTL says it can't find them but ESET is finding them.

Click Start, Search, select All Files and Folders. Copy and paste each one separately.

Code: [Select]

C:\Documents and Settings\Administrator\My Documents\Downloads\Inception 2010 DVDSCR XviD-ESPiSE\Inception 2010 DVDSCR XviD-ESPiSE.avi   
C:\Documents and Settings\Administrator\My Documents\Downloads\Killers 2010 DVDrip XviD-KiNGDOM\Killers.2010.DVDrip.XviD-KiNGDOM.avi

and click search. Delete this file.

ImnoGuru · « **Reply #25 on:** March 20, 2011, 10:06:14 PM »

I found the folders for both of those but there were no contents in it. I deleted each of them and emptied the recycle bin as well.

So they should well and truly gone SuperDave.

SuperDave · « **Reply #26 on:** March 21, 2011, 01:15:48 PM »

That's good. Let's do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
****************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

ImnoGuru · « **Reply #27 on:** March 22, 2011, 09:04:47 AM »

Thank you for your most dedicated help with my computer security SuperDave.

It was indeed an intense and thorough cleaning of all possible infections.
Also in your transcripts I found many interesting links that helped explain why computer security is so vital.

I rest assured that your instructions have rendered my computer totally free from all past infections and thank you again for a most intensive effort.

After running the, near last of your recommendations, to update software (Secunia Software Inspector ) I was presented with a list of Microsoft updates amongst the list.
I tried to download and install the updates but have been continually failed as the Microsoft installer seems to be inoperative/corrupted, inaccessible.

Do you think I should continue this "update/download fail" problem in the software forum?

Thanks ImnoGuru

SuperDave · « **Reply #28 on:** March 22, 2011, 01:24:22 PM »

Quote

Do you think I should continue this "update/download fail" problem in the software forum?

Please try this first. Be sure to read all the warnings.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

•Open the folder and run Dial-a-fix.exe
•2 windows will open. Close the one in the background labeled Restrictive Policies
•Check the box in section 1, Empty temp folders.

•Check the box in section 2, Fix Windows Installer.

•Check the box in section 3, Fix Windows Update.

•Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked

•Check all boxes in section 5, labeled Registration Center.

•Click Go

•OK any error messages if received, but write them down and post them here.

•Restart the computer when done.

ImnoGuru · « **Reply #29 on:** March 22, 2011, 07:58:57 PM »

I went there and did Dial-a-Fix and it came back with,

1. Windows Installer access denied.

2. Dial-a-fix error code 2147467259 was encountered while trying to unregister C:\windows\system32\msxml3.dll. Error text is unspecified error.

3. An error occurred during registration of the file C:\WINDOWS\system32\wuaueng.dll (version 7.4.7600.226). Error code 0x80070005:"Access denied" It is suggested that you run "repair permissions" which is found in the tools dialog. XP users will need secedit.exe to perform this repair. http://DjLizard.net/software/secedit.sfx.exe.

Then there were a string of windows totaling about 10 with similar error codes and reasons. I took photo's of them rather than writing them all down. (if you want to see them as well SuperDave.)

SuperDave · « **Reply #30 on:** March 23, 2011, 12:57:47 PM »

Quote

I tried to download and install the updates but have been continually failed as the Microsoft installer seems to be inoperative/corrupted, inaccessible.

Are you getting any errors when you try this?

ImnoGuru · « **Reply #31 on:** March 23, 2011, 10:04:51 PM »

Yes SuperDave, the Windows Installer seems to be the main problem.

Quote from: ImnoGuru on March 22, 2011, 07:58:57 PM

I went there and did Dial-a-Fix and it came back with,

1. Windows Installer access denied.

2. Dial-a-fix error code 2147467259 was encountered while trying to unregister C:\windows\system32\msxml3.dll. Error text is unspecified error.

After that there are a string of other error codes from Dial-a-Fix. There were that many that copying them became excessive, so I photographed them as they came up.

Other updates that I have tried also fail with the primary fail message "Windows Installer cannot be accessed." There are no other error messages from the Windows Installer other than "Access denied".

It seems a general, across the board problem that all other fails come up with as well, such as Abobe Reader update "Error 1604", MSE and others.

I guess maybe I should start looking for my Windows CD.

SuperDave · « **Reply #32 on:** March 24, 2011, 08:28:26 AM »

What I meant was were there any error messages when you try to get the Windows updates?
Let's try this to make sure there are no corrupt files.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

ImnoGuru · « **Reply #33 on:** March 24, 2011, 09:33:23 AM »

SuperDave, over the years I have got/bought/inherited/found several copies of XP (and you must admit by todays standards XP is a bit outdated), and I am not sure which one is on this computer.
I suppose that I should just keep this computer as XP Pro and that is that.

Is there a way to find out which CD is the right one for this computer (usually I write it on the CD)?

I have in the past tried the wrong CD in different machines and it tries to install a new copy all the time.
Can I find out the Registration Key Code from the machine somewhere?

I have 2 here in front of me with different key codes. A slipstream bootable CD of W2K and another that says it is service pack 3 (probably this one), and then there are my laptops which should have new CD's for each x 3 for Vista?
( I mean obviously not the Vista ones, what I was thinking is, is it worth upgrading to Vista maybe? Or would that cause more problems for me?

Oh my head hurts...
Lets just stick to the CD's and reg keys OK.
Thank you ImnoGuru. $:-\$

SuperDave · « **Reply #34 on:** March 24, 2011, 04:29:47 PM »

Quote

Is there a way to find out which CD is the right one for this computer (usually I write it on the CD)?

If you right-click on My Computer and select Properties the info. should be there under the General tab.Or, you could just run SFC. If it asks for a disk, just insert the ones you have.

Quote

I have in the past tried the wrong CD in different machines and it tries to install a new copy all the time.

SFC will not install a new copy.

ImnoGuru · « **Reply #35 on:** March 27, 2011, 07:23:36 PM »

I tried all the CD's I had found SuperDave, but none of them were the right disk.

"Start run SFD" went through the check, but none of the files were accepted and I had to click the "skip file" box all the way through.

Right now, I dont seem to have this Windows install CD.

Actually just thinking deeply about it ... I think I inherited this machine from someone.
Which means of course that I dont have access to the original install disk.

I remember at one time recently that Patio recommended I use Macrium Reflect to take a copy of the drive, which I did, to an external hard drive.
Would that be able to help with this problem SuperDave?

Thank you ImnoGuru.

SuperDave · « **Reply #36 on:** March 28, 2011, 12:50:56 PM »

From what you're telling me, there is a problem with some of the Windows files. If you made a copy of your harddrive, you could use it to restore your computer back to when the copy was made and you should be back in business. I will check with my buddy to see if there's anything else we can.

SuperDave · « **Reply #37 on:** March 29, 2011, 11:59:26 AM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..
**************************************************
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

ImnoGuru · « **Reply #38 on:** March 29, 2011, 10:20:02 PM »

Thanks SuperDave, I ran the TDSSKiller and got this report.

2011/03/30 15:14:05.0218 4232   TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/30 15:14:07.0218 4232   ================================================================================
2011/03/30 15:14:07.0218 4232   SystemInfo:
2011/03/30 15:14:07.0218 4232
2011/03/30 15:14:07.0218 4232   OS Version: 5.1.2600 ServicePack: 3.0
2011/03/30 15:14:07.0218 4232   Product type: Workstation
2011/03/30 15:14:07.0218 4232   ComputerName: DELLCOMPUTER1
2011/03/30 15:14:07.0218 4232   UserName: Administrator
2011/03/30 15:14:07.0218 4232   Windows directory: C:\WINDOWS
2011/03/30 15:14:07.0218 4232   System windows directory: C:\WINDOWS
2011/03/30 15:14:07.0218 4232   Processor architecture: Intel x86
2011/03/30 15:14:07.0218 4232   Number of processors: 1
2011/03/30 15:14:07.0218 4232   Page size: 0x1000
2011/03/30 15:14:07.0218 4232   Boot type: Normal boot
2011/03/30 15:14:07.0218 4232   ================================================================================
2011/03/30 15:14:08.0656 4232   Initialize success
2011/03/30 15:14:53.0421 5668   ================================================================================
2011/03/30 15:14:53.0421 5668   Scan started
2011/03/30 15:14:53.0421 5668   Mode: Manual;
2011/03/30 15:14:53.0421 5668   ================================================================================
2011/03/30 15:14:53.0796 5668   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/30 15:14:53.0859 5668   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/30 15:14:53.0968 5668   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/30 15:14:54.0093 5668   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/30 15:14:54.0625 5668   Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/03/30 15:14:54.0671 5668   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/30 15:14:54.0703 5668   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/30 15:14:54.0781 5668   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/30 15:14:54.0843 5668   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/30 15:14:54.0937 5668   AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/30 15:14:55.0000 5668   AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/03/30 15:14:55.0046 5668   AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/30 15:14:55.0109 5668   AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/03/30 15:14:55.0140 5668   Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/03/30 15:14:55.0187 5668   Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/03/30 15:14:55.0218 5668   Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/03/30 15:14:55.0281 5668   Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/03/30 15:14:55.0359 5668   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/30 15:14:55.0453 5668   Ca533av (a8eae8e358de3a21e6eb54f4fc7f65ec) C:\WINDOWS\system32\Drivers\Ca533av.sys
2011/03/30 15:14:55.0531 5668   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/30 15:14:55.0578 5668   CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/30 15:14:55.0656 5668   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/30 15:14:55.0687 5668   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/30 15:14:55.0718 5668   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/30 15:14:55.0953 5668   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/30 15:14:56.0015 5668   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/30 15:14:56.0062 5668   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/30 15:14:56.0078 5668   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/30 15:14:56.0140 5668   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/30 15:14:56.0265 5668   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/30 15:14:56.0375 5668   E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/30 15:14:56.0546 5668   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/30 15:14:56.0578 5668   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/30 15:14:56.0609 5668   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/30 15:14:56.0640 5668   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/30 15:14:56.0703 5668   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/30 15:14:56.0765 5668   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/30 15:14:56.0796 5668   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/30 15:14:56.0859 5668   giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/03/30 15:14:56.0921 5668   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/30 15:14:57.0046 5668   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/30 15:14:57.0125 5668   HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/30 15:14:57.0156 5668   HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/30 15:14:57.0218 5668   HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/30 15:14:57.0296 5668   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/30 15:14:57.0406 5668   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/30 15:14:57.0500 5668   ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/30 15:14:57.0593 5668   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/30 15:14:57.0656 5668   InCDfs (868883fb2c9ab158df2a5015837e2f3a) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/03/30 15:14:57.0671 5668   InCDPass (15d32c0e4b24276e76f180b508f5deba) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/03/30 15:14:57.0734 5668   InCDrec (dbfb05d659500a268797bbc32f3742f0) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/03/30 15:14:57.0812 5668   incdrm (9d1adfe6ce5c2e2a42f3b8aa57821d87) C:\WINDOWS\system32\drivers\incdrm.sys
2011/03/30 15:14:58.0062 5668   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/30 15:14:58.0125 5668   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/30 15:14:58.0171 5668   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/30 15:14:58.0218 5668   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/30 15:14:58.0250 5668   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/30 15:14:58.0312 5668   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/30 15:14:58.0390 5668   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/30 15:14:58.0484 5668   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/30 15:14:58.0625 5668   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/30 15:14:58.0687 5668   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/30 15:14:58.0765 5668   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/30 15:14:58.0843 5668   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/30 15:14:58.0890 5668   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/30 15:14:59.0000 5668   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/30 15:14:59.0078 5668   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/30 15:14:59.0125 5668   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/30 15:14:59.0203 5668   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/30 15:14:59.0234 5668   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/30 15:14:59.0296 5668   MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/03/30 15:14:59.0343 5668   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/30 15:14:59.0437 5668   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/30 15:14:59.0484 5668   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/30 15:14:59.0562 5668   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/30 15:14:59.0609 5668   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/30 15:14:59.0640 5668   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/30 15:14:59.0687 5668   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/30 15:14:59.0765 5668   MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/30 15:14:59.0796 5668   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/30 15:14:59.0859 5668   NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/30 15:14:59.0921 5668   NCHSSVAD (e78ce4b8e70ccc1a6e63008c3660867c) C:\WINDOWS\system32\drivers\nchssvad.sys
2011/03/30 15:15:00.0109 5668   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/30 15:15:00.0156 5668   NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/30 15:15:00.0203 5668   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/30 15:15:00.0265 5668   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/30 15:15:00.0312 5668   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/30 15:15:00.0390 5668   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/30 15:15:00.0546 5668   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/30 15:15:00.0593 5668   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/30 15:15:00.0750 5668   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/30 15:15:00.0812 5668   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/30 15:15:00.0890 5668   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/30 15:15:00.0921 5668   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/30 15:15:00.0953 5668   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/30 15:15:01.0031 5668   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/30 15:15:01.0062 5668   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/30 15:15:01.0093 5668   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/30 15:15:01.0156 5668   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/30 15:15:01.0218 5668   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/03/30 15:15:01.0265 5668   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/30 15:15:01.0343 5668   PCTAppEvent (cc174f32cc9c18ea3109c4b0fc2ca8df) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011/03/30 15:15:01.0421 5668   PCTFW-PacketFilter (4a7ef973fcd9c6cad6040ebb61262a5c) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
2011/03/30 15:15:01.0484 5668   pctgntdi (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/03/30 15:15:01.0562 5668   pctNDIS (8bbe917bc4da64b0ba8db33d4c0e0b7d) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/03/30 15:15:01.0671 5668   pctplfw (6d74df36716a458619a62dd764fc4f8b) C:\WINDOWS\system32\drivers\pctplfw.sys
2011/03/30 15:15:02.0218 5668   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/30 15:15:02.0390 5668   pssnap (32c45180bbc19abeb5742b5b9dc4b8d7) C:\WINDOWS\system32\DRIVERS\pssnap.sys
2011/03/30 15:15:02.0453 5668   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/30 15:15:02.0515 5668   QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2011/03/30 15:15:02.0703 5668   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/30 15:15:02.0765 5668   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/30 15:15:02.0828 5668   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/30 15:15:02.0859 5668   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/30 15:15:02.0906 5668   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/30 15:15:02.0937 5668   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/30 15:15:03.0000 5668   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/30 15:15:03.0078 5668   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/30 15:15:03.0156 5668   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/30 15:15:03.0359 5668   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/30 15:15:03.0421 5668   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/30 15:15:03.0515 5668   senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/03/30 15:15:03.0578 5668   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/30 15:15:03.0718 5668   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/30 15:15:03.0875 5668   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/30 15:15:03.0984 5668   SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/30 15:15:04.0031 5668   smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/30 15:15:04.0109 5668   speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2011/03/30 15:15:04.0218 5668   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/30 15:15:04.0312 5668   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/30 15:15:04.0375 5668   Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/30 15:15:04.0453 5668   sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/03/30 15:15:04.0500 5668   sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/03/30 15:15:04.0531 5668   sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/03/30 15:15:04.0593 5668   StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/03/30 15:15:04.0640 5668   streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/30 15:15:04.0687 5668   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/30 15:15:04.0750 5668   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/30 15:15:04.0890 5668   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/30 15:15:05.0000 5668   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/30 15:15:05.0078 5668   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/30 15:15:05.0125 5668   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/30 15:15:05.0187 5668   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/30 15:15:05.0296 5668   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/30 15:15:05.0375 5668   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/30 15:15:05.0468 5668   usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/30 15:15:05.0609 5668   USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\Bulk533.sys
2011/03/30 15:15:05.0734 5668   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/30 15:15:05.0781 5668   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/30 15:15:05.0812 5668   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/30 15:15:05.0875 5668   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/30 15:15:05.0890 5668   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/30 15:15:05.0953 5668   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/30 15:15:06.0000 5668   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/30 15:15:06.0031 5668   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/30 15:15:06.0109 5668   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/30 15:15:06.0171 5668   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/30 15:15:06.0250 5668   wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/03/30 15:15:06.0343 5668   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/30 15:15:06.0484 5668   WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/30 15:15:06.0546 5668   WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/30 15:15:06.0625 5668   WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/30 15:15:06.0671 5668   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/30 15:15:06.0703 5668   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/30 15:15:06.0906 5668   ================================================================================
2011/03/30 15:15:06.0906 5668   Scan finished
2011/03/30 15:15:06.0906 5668   ================================================================================

It was very fast, ran all the way through and reported that there were no infections found.
Now I am downloading OTL to run.

ImnoGuru · « **Reply #39 on:** March 29, 2011, 10:42:27 PM »

and here is my OTL report.

OTL logfile created on: 30/03/2011 3:23:16 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 211.41 Gb Free Space | 45.39% Space Free | Partition Type: NTFS

Computer Name: DELLCOMPUTER1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 15:21:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/03/24 18:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/28 23:02:58 | 000,220,128 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2010/01/12 12:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/09 12:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/12/04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 09:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/01/12 09:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2004/02/27 17:02:32 | 001,269,870 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/02/27 17:02:02 | 000,847,984 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe

========== Modules (SafeList) ==========

MOD - [2011/03/30 15:21:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/03/28 10:40:18 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (UPS)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/28 23:02:58 | 000,220,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2010/08/02 00:13:09 | 000,028,766 | ---- | M] (IWON) [Auto | Stopped] -- C:\Program Files\IWONG\bar\1.bin\9ubarsvc.exe -- (IWONGService)
SRV - [2010/02/19 19:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/09 12:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2007/12/18 09:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/12 09:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2004/02/27 17:02:02 | 000,847,984 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/28 23:03:21 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/05/11 05:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 00:35:13 | 000,033,848 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) SoundTap Recorder (32 Bit)
DRV - [2010/02/05 10:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/13 09:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 10:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 12:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/11/23 14:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/02/03 19:30:13 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/09/25 00:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/03/23 18:15:56 | 000,033,536 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/12/22 12:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 12:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 12:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/02/27 17:03:56 | 000,027,440 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/02/27 17:03:46 | 000,094,320 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2002/10/21 12:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av) Icatch(IV)
DRV - [2002/07/25 12:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) Icatch(IV)
DRV - [1997/12/23 13:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1996/04/04 06:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\IWONG\bar\1.bin [2011/03/17 15:37:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/03/16 18:09:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/16 15:07:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 01:45:30 | 000,000,000 | ---D | M]

[2009/12/29 15:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/03/30 11:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions
[2011/03/28 10:49:11 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/03/28 09:55:47 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/04/28 23:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 09:55:51 | 000,000,000 | ---D | M] ("ToolbarBrowser") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{2e710e6b-5e9d-44ba-8f4e-09a040978b49}
[2009/11/23 12:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/11/23 12:42:53 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2)
[2010/01/20 23:55:18 | 000,000,000 | ---D | M] (CashKeywords Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{9eb64fa9-57c4-4a41-9940-e12e0418b693}(2)
[2011/03/28 09:55:46 | 000,000,000 | ---D | M] ("Shorten URL") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{a1109c2a-1187-4027-901d-13097b755625}
[2010/01/20 23:56:54 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(2)
[2010/12/15 20:31:07 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/01/07 21:49:20 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/03/28 09:55:47 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/03/14 18:23:04 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/02 17:43:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\[email protected]
[2011/03/28 10:49:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\[email protected]
[2009/11/23 12:43:55 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\[email protected](2).com
[2010/01/20 23:54:44 | 000,000,000 | ---D | M] (FirePHP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\FirePHPExtension-Build@firephp(2).org
[2009/11/23 12:44:25 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\smarterwiki@wikiatic(2).com
[2011/03/28 09:55:50 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\[email protected]
[2010/01/19 19:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\FirePHPExtension-Build@firephp(2).org\__MACOSX(2)
[2010/01/20 23:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\FirePHPExtension-Build@firephp(2).org\chrome(2)
[2010/01/20 23:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n9lrtipw.default\extensions\FirePHPExtension-Build@firephp(2).org\defaults(2)
[2011/03/29 10:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 18:32:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 11:55:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/16 08:09:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/16 15:10:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/20 23:15:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKCU..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] File not found
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Pro] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/14 16:05:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {75D04B76-E0D3-9685-9369-AF82CB13E868} - Microsoft Windows Media Player
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8DB52A01-AEF7-9ACF-7808-55F420F23178} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.SP54 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP55 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP56 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP57 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP58 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 15:21:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/03/30 15:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tdsskiller
[2011/03/28 11:23:17 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/03/28 11:23:17 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/03/28 11:23:16 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2011/03/28 11:22:06 | 000,019,455 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2011/03/28 11:22:06 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/03/28 11:22:03 | 000,012,063 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2011/03/28 11:22:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2011/03/28 11:21:50 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2011/03/28 11:21:49 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/03/28 11:21:49 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/03/28 11:21:43 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011/03/28 11:21:43 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2011/03/28 11:21:35 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/03/28 11:21:35 | 000,023,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2011/03/28 11:21:33 | 000,033,599 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2011/03/28 11:21:33 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv10nt.sys
[2011/03/28 11:21:33 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv06nt.sys
[2011/03/28 11:21:33 | 000,019,551 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2011/03/28 11:21:32 | 000,029,311 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2011/03/28 11:21:27 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv11nt.sys
[2011/03/28 11:21:26 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv09nt.sys
[2011/03/28 11:21:26 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv07nt.sys
[2011/03/28 11:21:26 | 000,011,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2011/03/28 11:21:26 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv08nt.sys
[2011/03/28 11:21:25 | 000,012,415 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2011/03/28 11:21:25 | 000,012,127 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2011/03/28 11:21:22 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/03/28 11:21:22 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/03/28 11:21:22 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/03/28 11:21:08 | 000,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaagp.sys
[2011/03/28 11:21:08 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2011/03/28 11:21:08 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2011/03/28 11:21:05 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\vchnt5.dll
[2011/03/28 11:20:23 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2011/03/28 11:20:22 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/03/28 11:20:22 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2011/03/28 11:20:21 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/03/28 11:20:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2011/03/28 11:20:19 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2011/03/28 11:20:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2011/03/28 11:20:18 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/03/28 11:20:18 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2011/03/28 11:20:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2011/03/28 11:20:18 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2011/03/28 11:20:17 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/03/28 11:20:17 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2011/03/28 11:20:17 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2011/03/28 11:20:16 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/03/28 11:20:16 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2011/03/28 11:20:14 | 000,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
[2011/03/28 11:20:08 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/03/28 11:20:08 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/03/28 11:20:08 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/03/28 11:20:07 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/03/28 11:20:07 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/03/28 11:20:06 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/03/28 11:20:06 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2011/03/28 11:19:58 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2011/03/28 11:19:53 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2011/03/28 11:19:48 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/03/28 11:19:48 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/03/28 11:19:47 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/03/28 11:19:44 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/03/28 11:19:44 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/03/28 11:19:23 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2011/03/28 11:19:23 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2011/03/28 11:19:22 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2011/03/28 11:19:22 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2011/03/28 11:19:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2011/03/28 11:19:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2011/03/28 11:19:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2011/03/28 11:19:18 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2011/03/28 11:19:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2011/03/28 11:19:09 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/03/28 11:19:04 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/03/28 11:19:03 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2011/03/28 11:18:52 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/03/28 11:18:51 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2011/03/28 11:18:47 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2011/03/28 11:18:44 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2011/03/28 11:18:25 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/03/28 11:18:22 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/03/28 11:18:20 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/03/28 11:18:20 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/03/28 11:18:19 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/03/28 11:18:19 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2011/03/28 11:18:19 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2011/03/28 11:18:18 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2011/03/28 11:18:18 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbali.sys
[2011/03/28 11:18:16 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2011/03/28 11:18:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2011/03/28 11:18:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2011/03/28 11:18:07 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2011/03/28 11:17:37 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/03/28 11:17:37 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/03/28 11:17:36 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2011/03/28 11:17:36 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/03/28 11:17:36 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2011/03/28 11:17:35 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2011/03/28 11:17:35 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2011/03/28 11:17:35 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisagp.sys
[2011/03/28 11:17:35 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/03/28 11:17:34 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2011/03/28 11:17:34 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2011/03/28 11:17:34 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2011/03/28 11:17:34 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2011/03/28 11:17:33 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\siint5.dll
[2011/03/28 11:17:18 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/03/28 11:17:17 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/03/28 11:17:17 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2011/03/28 11:17:13 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2011/03/28 11:17:13 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011/03/28 11:17:07 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2011/03/28 11:17:06 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2011/03/28 11:17:06 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2011/03/28 11:17:03 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/03/28 11:17:03 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2011/03/28 11:17:02 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/03/28 11:17:02 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/03/28 11:17:01 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2011/03/28 11:17:01 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2011/03/28 11:17:00 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2011/03/28 11:17:00 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2011/03/28 11:16:59 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/03/28 11:16:59 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/03/28 11:16:59 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/03/28 11:16:58 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/03/28 11:16:54 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/03/28 11:16:54 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/03/28 11:16:49 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnb.dll
[2011/03/28 11:16:49 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnbm.sys
[2011/03/28 11:16:47 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/03/28 11:16:47 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/03/28 11:16:43 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/03/28 11:16:42 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/03/28 11:16:34 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2011/03/28 11:16:33 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2011/03/28 11:16:33 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2011/03/28 11:16:32 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/03/28 11:16:31 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2011/03/28 11:16:28 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2011/03/28 11:16:27 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2011/03/28 11:16:27 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/03/28 11:16:13 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2011/03/28 11:16:07 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2011/03/28 11:16:07 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2011/03/28 11:15:53 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2011/03/28 11:15:53 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2011/03/28 11:15:53 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2011/03/28 11:15:52 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2011/03/28 11:15:52 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2011/03/28 11:15:43 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2011/03/28 11:15:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2011/03/28 11:15:42 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2011/03/28 11:15:42 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/03/28 11:15:40 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2011/03/28 11:15:39 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2011/03/28 11:15:39 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2011/03/28 11:15:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2011/03/28 11:15:30 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2011/03/28 11:15:30 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2011/03/28 11:15:30 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2011/03/28 11:15:29 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2011/03/28 11:15:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2011/03/28 11:15:29 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2011/03/28 11:15:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2011/03/28 11:15:28 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2011/03/28 11:15:28 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2011/03/28 11:15:27 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2011/03/28 11:15:27 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2011/03/28 11:15:26 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2011/03/28 11:15:26 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2011/03/28 11:15:25 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2011/03/28 11:15:23 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2011/03/28 11:15:23 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2011/03/28 11:15:23 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2011/03/28 11:15:18 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/03/28 11:15:16 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2011/03/28 11:15:16 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2011/03/28 11:15:15 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2011/03/28 11:15:06 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/03/28 11:15:06 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/03/28 11:15:05 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/03/28 11:15:04 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2011/03/28 11:15:01 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2011/03/28 11:15:01 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2011/03/28 11:15:00 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2011/03/28 11:15:00 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2011/03/28 11:14:50 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2011/03/28 11:14:50 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2011/03/28 11:14:49 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2011/03/28 11:14:48 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/03/28 11:14:48 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/03/28 11:14:47 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2011/03/28 11:14:46 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/03/28 11:14:44 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2011/03/28 11:14:43 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/03/28 11:14:43 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/03/28 11:14:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2011/03/28 11:14:28 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2011/03/28 11:14:28 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2011/03/28 11:14:23 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/03/28 11:14:10 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhd.dll
[2011/03/28 11:14:10 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhm.sys
[2011/03/28 11:14:10 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011/03/28 11:13:56 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2011/03/28 11:13:53 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2011/03/28 11:13:51 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2011/03/28 11:13:41 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2011/03/28 11:13:41 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2011/03/28 11:13:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2011/03/28 11:13:36 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/03/28 11:13:34 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2011/03/28 11:13:32 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2011/03/28 11:13:20 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2011/03/28 11:13:20 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2011/03/28 11:13:12 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2011/03/28 11:13:12 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2011/03/28 11:13:11 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2011/03/28 11:13:10 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/03/28 11:13:03 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2011/03/28 11:13:03 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2011/03/28 11:13:03 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2011/03/28 11:13:02 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2011/03/28 11:13:02 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2011/03/28 11:12:45 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2011/03/28 11:12:43 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/03/28 11:12:43 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/03/28 11:12:42 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/03/28 11:12:42 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/03/28 11:12:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/03/28 11:12:40 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/03/28 11:12:39 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/03/28 11:12:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2011/03/28 11:12:33 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/03/28 11:12:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011/03/28 11:10:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011/03/28 11:10:28 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2011/03/28 11:10:

SuperDave · « **Reply #40 on:** March 30, 2011, 11:37:43 AM »

The OTL Extra.txt log is missing.

ImnoGuru · « **Reply #41 on:** April 03, 2011, 07:36:46 PM »

Quote from: ImnoGuru on March 29, 2011, 10:42:27 PM

and here is my OTL report.

[2011/03/28 11:12:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/03/28 11:12:40 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/03/28 11:12:39 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/03/28 11:12:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2011/03/28 11:12:33 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/03/28 11:12:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011/03/28 11:10:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011/03/28 11:10:28 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2011/03/28 11:10:

Yes I found that part that was missing SuperDave. I highlighted a bit of the overlap for you to continue from. (Hope I was accurate with that)

Maybe it was to big to process the whole thing? OR it could have been an operators mistake?

2011/03/28 11:12:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/03/28 11:12:40 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/03/28 11:12:39 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/03/28 11:12:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2011/03/28 11:12:33 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/03/28 11:12:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011/03/28 11:10:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011/03/28 11:10:28 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2011/03/28 11:10:28 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2011/03/28 11:10:27 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2011/03/28 11:10:27 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2011/03/28 11:10:27 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/03/28 11:10:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2011/03/28 11:10:17 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2011/03/28 11:10:16 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2011/03/28 11:09:40 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2011/03/28 11:09:39 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2011/03/28 11:09:39 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2011/03/28 11:09:39 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2011/03/28 11:09:38 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2011/03/28 11:09:38 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2011/03/28 11:09:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2011/03/28 11:09:38 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2011/03/28 11:09:37 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2011/03/28 11:09:37 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2011/03/28 11:09:37 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2011/03/28 11:09:36 | 000,161,020 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2011/03/28 11:09:36 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2011/03/28 11:09:36 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2011/03/28 11:09:35 | 000,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2011/03/28 11:09:35 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2011/03/28 11:09:35 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2011/03/28 11:09:34 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2011/03/28 11:09:34 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2011/03/28 11:08:55 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2011/03/28 11:08:52 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2011/03/28 11:08:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2011/03/28 11:08:52 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2011/03/28 11:08:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2011/03/28 11:08:51 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/03/28 11:08:51 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2011/03/28 11:08:50 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/03/28 11:08:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2011/03/28 11:08:49 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2011/03/28 11:08:49 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2011/03/28 11:08:47 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidir.sys
[2011/03/28 11:08:47 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2011/03/28 11:08:47 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2011/03/28 11:08:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbth.sys
[2011/03/28 11:08:46 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2011/03/28 11:08:42 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/03/28 11:08:41 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/03/28 11:08:40 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/03/28 11:08:39 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2011/03/28 11:08:39 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2011/03/28 11:08:38 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2011/03/28 11:08:38 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2011/03/28 11:08:38 | 000,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gagp30kx.sys
[2011/03/28 11:08:37 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2011/03/28 11:08:37 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2011/03/28 11:07:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2011/03/28 11:07:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2011/03/28 11:07:38 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2011/03/28 11:07:37 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2011/03/28 11:07:34 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/03/28 11:07:34 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2011/03/28 11:07:33 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/03/28 11:07:33 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/03/28 11:07:30 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2011/03/28 11:07:24 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2011/03/28 11:07:24 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2011/03/28 11:07:22 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2011/03/28 11:07:20 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2011/03/28 11:07:20 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2011/03/28 11:07:19 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2011/03/28 11:07:10 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2011/03/28 11:07:10 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2011/03/28 11:07:10 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2011/03/28 11:07:10 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2011/03/28 11:06:59 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2011/03/28 11:06:59 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2011/03/28 11:06:59 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2011/03/28 11:06:59 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2011/03/28 11:06:58 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2011/03/28 11:06:57 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2011/03/28 11:06:57 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2011/03/28 11:06:57 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2011/03/28 11:06:57 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2011/03/28 11:06:56 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2011/03/28 11:06:56 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2011/03/28 11:06:56 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2011/03/28 11:06:56 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2011/03/28 11:06:53 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2011/03/28 11:06:42 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2011/03/28 11:06:42 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2011/03/28 11:06:41 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2011/03/28 11:06:41 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2011/03/28 11:06:41 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2011/03/28 11:06:40 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2011/03/28 11:06:38 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2011/03/28 11:06:38 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2011/03/28 11:06:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/03/28 11:06:34 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/03/28 11:06:33 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2011/03/28 11:06:30 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2011/03/28 11:06:30 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/03/28 11:06:30 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2011/03/28 11:06:30 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2011/03/28 11:06:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2011/03/28 11:06:27 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/03/28 11:06:24 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/03/28 11:05:24 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/03/28 11:05:24 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/03/28 11:05:23 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2011/03/28 11:05:23 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2011/03/28 11:05:23 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/03/28 11:05:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2011/03/28 11:05:22 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2011/03/28 11:05:21 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2011/03/28 11:05:21 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2011/03/28 11:05:21 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2011/03/28 11:05:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2011/03/28 11:05:17 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2011/03/28 11:05:17 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2011/03/28 11:05:16 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2011/03/28 11:05:02 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/03/28 11:05:02 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/03/28 11:05:01 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/03/28 11:05:01 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/03/28 11:05:01 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/03/28 11:05:01 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/03/28 11:05:00 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2011/03/28 11:05:00 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/03/28 11:04:58 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2011/03/28 11:04:58 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2011/03/28 11:04:57 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2011/03/28 11:04:56 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2011/03/28 11:04:56 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2011/03/28 11:04:55 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/03/28 11:04:51 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2011/03/28 11:04:51 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2011/03/28 11:04:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2011/03/28 11:04:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2011/03/28 11:04:46 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2011/03/28 11:04:45 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2011/03/28 11:04:44 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/03/28 11:04:44 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2011/03/28 11:04:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2011/03/28 11:04:06 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\ch7xxnt5.dll
[2011/03/28 11:04:05 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/03/28 11:04:05 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/03/28 11:04:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/03/28 11:04:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/03/28 11:04:04 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/03/28 11:04:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2011/03/28 11:04:00 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/03/28 11:04:00 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/03/28 11:04:00 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/03/28 11:03:50 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2011/03/28 11:03:50 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2011/03/28 11:03:50 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2011/03/28 11:03:50 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2011/03/28 11:03:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2011/03/28 11:03:49 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2011/03/28 11:03:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2011/03/28 11:03:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2011/03/28 11:03:48 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2011/03/28 11:03:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011/03/28 11:03:30 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2011/03/28 11:03:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2011/03/28 11:03:29 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2011/03/28 11:03:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2011/03/28 11:03:29 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/03/28 11:03:29 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2011/03/28 11:03:28 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/03/28 11:03:28 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/03/28 11:03:28 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/03/28 11:03:28 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/03/28 11:03:27 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/03/28 11:03:27 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/03/28 11:03:26 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/03/28 11:03:25 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/03/28 11:03:25 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/03/28 11:03:25 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/03/28 11:03:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011/03/28 11:03:24 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/03/28 11:03:24 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/03/28 11:03:23 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/03/28 11:03:23 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/03/28 11:03:23 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/03/28 11:03:22 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/03/28 11:03:22 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/03/28 11:03:18 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011/03/28 11:03:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011/03/28 11:03:17 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/03/28 11:03:15 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/03/28 11:03:15 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/03/28 11:03:14 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/03/28 11:03:14 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/03/28 11:03:14 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2011/03/28 11:03:13 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/03/28 11:03:13 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/03/28 11:03:10 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/03/28 11:02:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/03/28 11:02:55 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/03/28 11:02:53 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2011/03/28 11:02:53 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2011/03/28 11:02:53 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2011/03/28 11:02:53 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2011/03/28 11:02:52 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2011/03/28 11:02:51 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2011/03/28 11:02:50 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2011/03/28 11:02:50 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2011/03/28 11:02:50 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2011/03/28 11:02:43 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2011/03/28 11:02:42 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2011/03/28 11:02:42 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2011/03/28 11:02:42 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2011/03/28 11:02:42 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2011/03/28 11:02:41 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2011/03/28 11:02:41 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2011/03/28 11:02:41 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2011/03/28 11:02:41 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2011/03/28 11:02:41 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2011/03/28 11:02:40 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011/03/28 11:02:40 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011/03/28 11:02:40 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011/03/28 11:02:40 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011/03/28 11:02:39 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011/03/28 11:02:39 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011/03/28 11:02:39 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011/03/28 11:02:38 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2011/03/28 11:02:38 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2011/03/28 11:02:38 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2011/03/28 11:02:37 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2011/03/28 11:02:37 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2011/03/28 11:02:37 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2011/03/28 11:02:36 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2011/03/28 11:02:36 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2011/03/28 11:02:36 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2011/03/28 11:02:36 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2011/03/28 11:02:36 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2011/03/28 11:02:35 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2011/03/28 11:02:35 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2011/03/28 11:02:35 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2011/03/28 11:02:34 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2011/03/28 11:02:34 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2011/03/28 11:02:34 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2011/03/28 11:02:27 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/03/28 11:02:21 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011/03/28 11:02:20 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011/03/28 11:02:20 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011/03/28 11:02:05 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/03/28 11:02:04 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\dllcache\amdagp.sys
[2011/03/28 11:02:04 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011/03/28 11:02:04 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011/03/28 11:02:03 | 000,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alim1541.sys
[2011/03/28 11:02:03 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/03/28 11:02:03 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011/03/28 11:02:02 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/03/28 11:02:02 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/03/28 11:02:01 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011/03/28 11:02:01 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011/03/28 11:02:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011/03/28 11:01:55 | 000,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agpcpq.sys
[2011/03/28 11:01:55 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2011/03/28 11:01:54 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/03/28 11:01:53 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2011/03/28 11:01:53 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2011/03/28 11:01:53 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2011/03/28 11:01:53 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2011/03/28 11:01:52 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2011/03/28 11:01:52 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2011/03/28 11:01:52 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2011/03/28 11:01:47 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011/03/28 11:01:47 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/03/28 11:01:46 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/03/28 11:01:45 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/03/28 11:01:45 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/03/28 11:01:44 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/03/28 11:01:44 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/03/28 11:01:44 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/03/28 11:01:43 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/03/28 11:01:42 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/03/28 11:01:42 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011/03/28 11:01:41 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/03/28 11:01:41 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/03/28 11:01:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/03/28 11:01:40 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/03/28 11:01:40 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/03/28 11:01:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/03/28 11:01:32 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/03/28 11:01:31 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/03/28 11:01:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/03/28 11:01:27 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2011/03/28 11:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/28 11:00:21 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/03/28 11:00:21 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/03/28 10:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2011/03/28 10:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Freecorder
[2011/03/28 10:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/03/28 10:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ConduitEngine
[2011/03/28 10:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/03/28 10:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Freecorder
[2011/03/28 10:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FLVService
[2011/03/28 10:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freecorder
[2011/03/28 10:39:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Freecorder
[2011/03/28 10:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2011/03/23 12:31:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/03/23 11:22:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/16 19:10:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/03/16 18:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/03/16 18:10:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/16 18:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/03/16 18:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/16 18:09:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/03/16 18:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/16 17:47:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/16 13:29:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/10 11:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/09 10:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group
[2011/03/09 10:56:03 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/03/09 10:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/03/09 10:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[46 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/30 15:24:21 | 000,000,410 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8BFB428B-A956-4BAC-B2D4-FDCAD16CEE5B}.job
[2011/03/30 15:21:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/03/30 15:13:03 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/03/30 14:48:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 13:45:20 | 007,858,208 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2 Winning Tattslotto Tickets.jpg
[2011/03/30 13:09:46 | 013,496,453 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\3 Winning Tattslotto Tickets.jpg
[2011/03/30 12:38:36 | 013,702,958 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\5 Winning Tattslotto Tickets 2.jpg
[2011/03/30 12:07:08 | 011,507,368 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\5 Winning Tattslotto Tickets.jpg
[2011/03/30 09:41:28 | 110,353,329 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/30 05:48:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/29 18:35:11 | 000,106,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/03/29 09:41:18 | 110,164,074 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/03/28 09:53:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/28 09:53:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/23 12:32:43 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/23 12:32:43 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/23 11:41:50 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/23 11:25:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/23 11:24:28 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/03/22 23:54:16 | 006,854,650 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Barcode Petrol Voucher.jpg
[2011/03/22 11:26:19 | 002,157,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/20 23:15:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/10 11:40:51 | 000,010,158 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\AVGInstLog.cab
[2011/03/09 11:49:55 | 000,002,115 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[46 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/30 15:12:54 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/03/30 13:44:56 | 007,858,208 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2 Winning Tattslotto Tickets.jpg
[2011/03/30 13:09:18 | 013,496,453 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\3 Winning Tattslotto Tickets.jpg
[2011/03/30 12:37:46 | 013,702,958 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\5 Winning Tattslotto Tickets 2.jpg
[2011/03/30 12:06:35 | 011,507,368 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\5 Winning Tattslotto Tickets.jpg
[2011/03/30 09:41:28 | 110,353,329 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/29 18:35:10 | 000,106,698 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/03/29 09:41:18 | 110,164,074 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/03/28 11:23:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/03/28 11:23:17 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/03/28 11:15:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/03/28 11:15:42 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/03/28 11:13:40 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/03/28 11:08:51 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/03/28 11:08:51 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/03/28 11:08:50 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/03/28 11:08:50 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/03/28 11:08:49 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/03/28 11:07:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/03/28 11:02:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/03/28 11:02:51 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/03/28 11:02:50 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/03/28 11:02:50 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/03/28 11:02:49 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/03/28 11:02:49 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/03/28 11:02:49 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/03/28 11:02:48 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/03/28 11:02:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/03/28 11:02:39 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/03/28 10:44:23 | 000,000,410 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8BFB428B-A956-4BAC-B2D4-FDCAD16CEE5B}.job
[2011/03/23 11:24:28 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/03/22 23:53:37 | 006,854,650 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Barcode Petrol Voucher.jpg
[2011/03/10 11:40:51 | 000,010,158 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\AVGInstLog.cab
[2010/09/05 04:10:46 | 000,000,013 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/07/10 06:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/06/18 14:17:34 | 000,000,155 | ---- | C] () -- C:\WINDOWS\viewer.ini
[2010/06/18 14:17:27 | 000,000,083 | ---- | C] () -- C:\WINDOWS\artgalry.ini
[2010/06/18 14:16:59 | 000,004,028 | ---- | C] () -- C:\WINDOWS\MSWORKS3.INI
[2010/02/27 21:42:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/02/27 21:05:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/27 21:05:15 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/02/27 21:05:15 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/02/27 21:05:15 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/02/27 21:05:15 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/02/27 21:05:15 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/02/27 21:05:15 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/02/27 21:05:15 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/02/27 21:05:15 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/02/27 21:05:15 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/02/27 21:05:15 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/02/27 21:05:15 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/02/27 21:05:15 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/02/27 21:05:15 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/02/27 21:05:15 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/02/27 21:05:15 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/02/27 21:05:15 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/02/27 21:05:15 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/02/27 21:05:15 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/10/18 18:58:39 | 000,000,016 | ---- | C] () -- C:\WINDOWS\aebconfig.ini
[2009/09/18 17:19:08 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ovas.ini
[2009/09/17 09:10:07 | 000,000,053 | ---- | C] () -- C:\WINDOWS\ArticleAssistant.ini
[2009/09/05 19:25:10 | 000,000,381 | ---- | C] () -- C:\WINDOWS\EMSOFT.INI
[2009/09/01 02:12:10 | 000,000,059 | ---- | C] () -- C:\WINDOWS\FAX.INI
[2009/08/09 17:29:06 | 000,000,637 | ---- | C] () -- C:\WINDOWS\aasinst.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/08/01 13:54:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/04/21 13:13:53 | 000,000,730 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2009/04/21 13:13:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/04/21 13:13:33 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2009/04/21 13:11:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2009/04/21 13:10:08 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2009/04/21 13:10:08 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2009/04/21 13:10:08 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2009/04/13 20:37:45 | 000,001,450 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\filterclsid.dat
[2009/03/22 09:43:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/03/04 13:36:00 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/03/04 12:30:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/02/15 21:18:11 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/03 19:30:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/02/03 19:03:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/18 17:01:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/15 23:57:18 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2008/09/15 23:50:27 | 000,000,168 | ---- | C] () -- C:\WINDOWS\atoms.ini
[2008/09/15 01:56:18 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/15 01:55:18 | 002,157,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/15 00:10:21 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/14 23:51:17 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/09/14 22:33:02 | 000,000,139 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2008/09/14 22:26:02 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2008/09/14 22:26:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2008/09/14 21:30:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/14 16:51:05 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/09/14 16:05:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/14 16:02:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 22:00:00 | 000,440,646 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 22:00:00 | 000,070,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 22:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/07/11 01:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/04/04 06:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-18 13:28:15

< MD5 for: AGP440.SYS >
[2008/05/17 03:03:46 | 016,511,184 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 14:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/05/17 03:03:46 | 016,511,184 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: BEEP.SYS >
[2001/08/23 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001/08/23 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001/08/23 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\dllcache\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/03/22 01:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/22 01:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/22 01:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2009/03/22 00:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/06/21 04:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 00:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS

< MD5 for: NTMSSVC.DLL >
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\dllcache\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/18 00:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/18 00:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010/08/18 00:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/18 00:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61AC

SuperDave · « **Reply #42 on:** April 04, 2011, 01:16:34 PM »

It's been almost a month since we started on this. Is there any change in your computer?

ImnoGuru · « **Reply #43 on:** April 04, 2011, 08:18:16 PM »

Yes SuperDave I think there has been a significant improvement.

The drive has had a complete cleaning of unwanted programs and is running quite smoothly now. Viruses and potential threats have been removed and I feel that the drive/computer is once again reliable and safe to use for my banking. (This above all else is my greatest concern SuperDave.)

We have discovered during this journey that the system restore did not resolve the problem. MSE is removed but still wont reinstall, Security center will not change the automatic updates configuration and Adobe update installs, still fail.

AVG is running and updating regularly.

Also that there is a problem with the Windows files and I dont have the CD for this build. (which just goes to show, me/others how important it is to back up your data.(Thank you Allan. See here for discussion/thread)).

I have learned different operations, that before hand I would not have had the confidence to even try.
I think that is what, you and CH ultimately are all about... teaching others and not just relying on the specialists and to build confidence to try things yourself always knowing that there is help at hand if I get stuck.

I have the external drive now.

Quote from: SuperDave on March 28, 2011, 12:50:56 PM

From what you're telling me, there is a problem with some of the Windows files. If you made a copy of your harddrive, you could use it to restore your computer back to when the copy was made and you should be back in business. I will check with my buddy to see if there's anything else we can do.

and with a little more help maybe I can restore my corrupted Windows file/s.

I think my computer is as good and clean as we can make it.

I am quite happy to start a new thread to restore the files, in a different forum if that is what you wish, because obviously your time to help one individual can be consuming when you can direct your expertise to others in need of your help.

I can only say at this time "Thank you" for your continued assistance and support SuperDave.

Thank you ImnoGuru.

SuperDave · « **Reply #44 on:** April 05, 2011, 12:51:41 PM »

Ok. You may be able to remove MSE with this tool.

Revo Uninstaller

Malware is often stored in System Restore so that every time you use System Restore you re-infect the computer.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

******************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: MSE wants to UPGRADE but wont? (Read 27591 times)

ImnoGuru

SuperDave

ImnoGuru

ImnoGuru

SuperDave

ImnoGuru

SuperDave

ImnoGuru

ImnoGuru

SuperDave

ImnoGuru

SuperDave

ImnoGuru

ImnoGuru

SuperDave

ImnoGuru

ImnoGuru

SuperDave

ImnoGuru

SuperDave

ImnoGuru

SuperDave

ImnoGuru

ImnoGuru

SuperDave

ImnoGuru

SuperDave

ImnoGuru

SuperDave

ImnoGuru

SuperDave

ImnoGuru

SuperDave

ImnoGuru

SuperDave

ImnoGuru

SuperDave

SuperDave

ImnoGuru

ImnoGuru

SuperDave

ImnoGuru

SuperDave

ImnoGuru

SuperDave