Author Topic: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba (Read 17082 times)

goodie2010 · « **on:** June 24, 2010, 06:05:59 AM »

Good day, 2 days ago I noticed my start menu was gone, taskbar, no sound, can't copy, paste, can't do a system restore, can't run malwarebytes, can't use my internet download manager, can't play videos, etc.... When I try to run malwarebytes I get runtime error 372.
I also noticed in task manager something asd.exe, I ran spybot, hijackthis, SAS. and ATF Cleaner. This is horrible, there's so much I can't do and my computer right now.

I tried running setupsp6 since i did a search and some said that's needed, but when i tried to run it say stops and said couldn't complete setup.

It wont let me do a system restore

here's my SAS log and thanks for your help!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/23/2010 at 08:12 PM

Application Version : 4.39.1002

Core Rules Database Version : 4935
Trace Rules Database Version: 2747

Scan type : Complete Scan
Total Scan Time : 01:41:55

Memory items scanned : 332
Memory threats detected : 0
Registry items scanned : 7572
Registry threats detected : 0
File items scanned : 26623
File threats detected : 473

Adware.Tracking Cookie
convoad.technoratimedia.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\URXKQ36H ]
core.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\URXKQ36H ]
crackle.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\URXKQ36H ]
media.scanscout.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\URXKQ36H ]
media1.break.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\URXKQ36H ]
objects.tremormedia.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\URXKQ36H ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\URXKQ36H ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.stopzilla.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www3.smartadserver.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.chitika.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads2.ontecnia.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.qsstats.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.qsstats.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserving.cpxinteractive.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserving.cpxinteractive.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.oasn04.247realmedia.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserving.cpxinteractive.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Trojan.Agent/Gen-HackPatch
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3191AC.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3191E1.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3191EF.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3191F1.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319205.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31921A.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31923A.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319241.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31924A.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319255.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319264.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31926E.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319291.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319292.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3192A4.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3192A5.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3192AD.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3192AF.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3192D6.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3192DA.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3192E2.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3192EA.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3192FE.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31931C.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31932E.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31932F.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319350.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31935A.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31935C.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319363.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319364.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319365.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31936F.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319386.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31938A.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3193A6.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3193BF.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3193D2.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3193DA.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3193DD.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3193E5.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3193E9.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3193ED.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31941B.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319426.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319431.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319435.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319437.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31943C.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319440.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31946B.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31947E.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319484.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31948A.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319491.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3194DA.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B3194E9.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319519.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319530.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319533.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B31953E.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319540.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319E7D.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319F15.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319F1A.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319F25.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319F2F.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319F39.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319F44.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319F47.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319F48.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319F53.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B319F54.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40353E.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40357E.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403599.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40359B.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40359D.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40359F.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4035A0.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4035B5.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4035C0.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4035C3.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4035DA.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4035DB.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4035FC.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4035FD.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403608.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40360A.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403621.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403627.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40362A.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403638.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40363E.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403641.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403642.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403652.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403663.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40366B.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403676.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40367D.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403691.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40369C.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4036D2.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4036D5.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B4036E6.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40371C.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403720.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403721.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403726.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403736.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403741.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403756.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40375C.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403768.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40376B.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B40376C.TMP
C:\_OTM\MOVEDFILES\05152010_133750\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\XFER\4B403782.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ150D.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ150E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ151D.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ151F.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1534.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1535.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ153D.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ154B.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ157D.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ157E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1581.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ158A.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ158C.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1598.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ15A4.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ15AA.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ15C4.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ15C6.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ15CE.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ15CF.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ15DC.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ15E0.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ180E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ181C.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1902.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1923.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1949.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1964.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1967.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1972.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ197D.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1985.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ198F.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ19C6.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ19DD.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ19DE.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A00.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A0C.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A0F.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A11.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A16.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A17.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A20.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A37.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A4B.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A4D.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A57.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A72.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A8C.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A95.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1A9D.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1AA1.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1AA7.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1ABC.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1AC5.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1ACD.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1AE6.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1AFD.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B16.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B18.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B24.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B2E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B2F.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B3E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B44.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B46.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B48.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B50.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B54.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B5F.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B71.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B90.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B97.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B9B.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1B9E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1BB9.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1BBA.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1BC0.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1BD1.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1BEF.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C0B.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C0E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C15.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C1C.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C23.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C2B.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C2D.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C44.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C46.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C52.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C72.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1C7E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1CC5.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1CCA.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1CE1.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1CEA.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D02.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D09.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D0B.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D15.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D2C.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D41.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D44.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D5E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D68.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D74.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D98.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D99.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1D9C.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1DA2.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1DA3.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1DA9.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1DAE.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1DB1.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1DD1.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E00.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E02.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E03.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E18.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E21.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E24.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E32.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E36.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E3A.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E3F.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E5C.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E73.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E8D.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1E99.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1EB2.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1EBD.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1ECF.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1EED.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1EF3.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1F16.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1F22.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1F45.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1F4A.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1F76.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1F83.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1F86.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1F98.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1FA5.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1FAC.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1FB2.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1FBA.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1FBC.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1FD0.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1FD1.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1FDB.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ1FEA.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2000.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2020.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2052.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ20E1.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ20F7.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2101.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ210A.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2113.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2121.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2122.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ21BD.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2391.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ23FC.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ23FD.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2434.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ243A.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2D87.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2DB3.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2DB6.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2DD3.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2DDB.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2DE9.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2DED.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2DF7.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E03.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E16.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E1F.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E21.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E35.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E40.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E42.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E49.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E62.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E6B.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2E6C.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2EC1.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2ED0.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2EDA.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2EDD.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2EF6.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F05.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F10.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F1E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F23.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F4B.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F59.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F61.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F80.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F8A.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F94.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2F98.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2FA9.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2FB0.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2FC1.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2FC2.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2FC6.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2FC7.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2FCA.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2FD7.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2FF4.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ2FFA.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3005.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3012.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3018.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3021.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3027.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ302F.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3035.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3045.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3054.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3056.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3067.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ306D.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3074.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ307C.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ307E.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3082.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3084.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ30AE.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ30B4.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ30DB.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ30E2.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ30E6.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ30E9.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ30EB.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ30EF.TMP
C:\_OTM\MOVEDFILES\05152010_134900\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SRTSP\QUARANTINE\APQ3108.T

SuperDave · « **Reply #1 on:** June 24, 2010, 05:21:45 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

=============================

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

goodie2010 · « **Reply #2 on:** June 24, 2010, 05:37:57 PM »

Thanks for your help superdave! I followed your instructions, unfortunately as previously reported I can't run mbam

it keeps saying runtime error 372 )

thanks, here's the rkill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrator on 06/24/2010 at 19:36:43.

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\rkill (1).com

Rkill completed on 06/24/2010 at 19:36:45.

SuperDave · « **Reply #3 on:** June 25, 2010, 12:16:10 PM »

Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
Please post the log in your next reply.

===================================

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

goodie2010 · « **Reply #4 on:** June 25, 2010, 01:28:18 PM »

thanks so much superdave, it took combofix forever to finish, its never taken so long.

here's hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:04 PM, on 6/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\fsproflt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Seagate\SeagateManager\ManagerApp\stxmanager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (filesize 153008 bytes, MD5 702EC8BBF84204BAEE28DF38ED04275D)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (filesize 882416 bytes, MD5 6A2E0E49A4F2A9DF3E6293E37E7486BD)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (filesize 75128 bytes, MD5 5CF6190CD875DA6B35256FEE573E7908)
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (filesize 110592 bytes, MD5 5F04E79AB3C0016ED1F6B5E35CDDBCC6)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 73728 bytes, MD5 37EDBCC7E5E0B89E59941FF79A2F9746)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (filesize 882416 bytes, MD5 6A2E0E49A4F2A9DF3E6293E37E7486BD)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (filesize 33280 bytes, MD5 037B1E7798960E0420003D05BB577EE6)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEC:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exeC:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe (filesize 303104 bytes, MD5 3036F85E07FBC8E4994657A1EE593B46)
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exeC:\WINDOWS\system32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (filesize 437584 bytes, MD5 5F0388038E7355982FE50B039D10315C)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (filesize 687560 bytes, MD5 2AC015CD0D8AA59E4AAD8EFFE29798EF)
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (filesize 1004544 bytes, MD5 D1EA7694103F5D5CF11148F9B3864C45)
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (filesize 136176 bytes, MD5 F02A533F517EB38333CB12A9E8963773)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2025429265-1292428093-1801674531-500\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-2025429265-1292428093-1801674531-500\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User '?')
O4 - HKUS\S-1-5-21-2025429265-1292428093-1801674531-500\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-1292428093-1801674531-500\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-2025429265-1292428093-1801674531-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm (filesize 283 bytes, MD5 648E7B2602158D2FF9197D664F59B28B)
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm (filesize 278 bytes, MD5 0474B49F5F2AD77C0A191C570818CB4D)
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm (filesize 1453 bytes, MD5 F14293E34FE33B40D71843AE513548D1)
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm (filesize 277 bytes, MD5 7EE0CC294B365F8FC4FAB2F06E01AC95)
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL (filesize 449536 bytes, MD5 2063F5DE2B28B68FF9A153A8DEFA1F69)
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL (filesize 449536 bytes, MD5 2063F5DE2B28B68FF9A153A8DEFA1F69)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236394652509
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllC:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exeC:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exeC:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exeC:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\WINDOWS\system32\emaudsv.exeC:\WINDOWS\system32\emaudsv.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exeC:\WINDOWS\system32\fsproflt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exeC:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeC:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exeC:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeC:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exeC:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exeC:\WINDOWS\system32\STacSV.exe

--
End of file - 13672 bytes

ComboFix 10-06-23.05 - Administrator 06/25/2010 14:50:47.11.2 - x86
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))))))
.

2010-06-24 01:22 . 2010-06-24 01:22   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
2010-06-23 22:02 . 2010-04-29 19:39   38224   -c--a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-23 22:02 . 2010-04-29 19:39   20952   -c--a-w-   c:\windows\system32\drivers\mbam.sys
2010-06-23 19:23 . 2010-06-23 19:23   --------   dc----w-   C:\Setup
2010-06-23 19:23 . 2010-06-23 19:23   --------   dc----w-   C:\VSS
2010-06-23 19:22 . 2010-06-23 19:23   --------   dc----w-   C:\VB98
2010-06-23 19:22 . 2010-06-23 19:22   --------   dc----w-   C:\Shared
2010-06-23 19:22 . 2010-06-23 19:22   --------   dc----w-   C:\MSDesign
2010-06-23 19:22 . 2010-06-23 19:22   --------   dc----w-   C:\Common
2010-06-23 19:22 . 2010-06-23 19:22   --------   dc----w-   C:\os
2010-06-23 12:19 . 2010-06-23 12:19   132608   -csha-r-   c:\windows\system32\systemi.dll
2010-06-14 06:18 . 2010-06-14 06:21   --------   dc----w-   c:\documents and settings\All Users\Application Data\Ulead Systems
2010-06-14 06:18 . 2010-06-14 06:18   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Ulead Systems
2010-06-14 06:18 . 2010-06-14 06:18   --------   dc----w-   c:\program files\Ulead Systems
2010-06-14 06:17 . 1999-10-15 16:50   1056768   -c--a-w-   c:\windows\system32\ROBOEX32.DLL
2010-06-14 06:17 . 1999-01-28 19:44   49152   -c--a-w-   c:\windows\system32\INETWH32.dll
2010-06-14 06:17 . 2010-06-14 06:17   --------   dc----w-   c:\windows\Noslip
2010-06-12 21:44 . 2008-05-02 03:05   26112   -c--a-w-   c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 23:31 . 2009-12-09 00:38   --------   dc----w-   c:\program files\Malwarebytes' Anti-Malware
2010-06-24 18:16 . 2009-03-15 20:43   --------   dc----w-   c:\program files\Sonique
2010-06-23 22:03 . 2009-03-16 04:30   --------   dc----w-   c:\documents and settings\Administrator\Application Data\DMCache
2010-06-23 20:13 . 2009-08-28 04:52   --------   dc----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-23 20:03 . 2008-05-02 03:05   25080   -c--a-w-   c:\windows\system32\userinit.exe
2010-06-23 12:50 . 2009-05-30 11:47   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Tracktion 3
2010-06-23 12:50 . 2009-05-11 23:41   --------   dc----w-   c:\documents and settings\All Users\Application Data\Tracktion 3
2010-06-21 09:57 . 2004-01-06 09:32   --------   dc----w-   c:\program files\SUPERAntiSpyware
2010-06-15 00:46 . 2009-03-07 04:53   29336   -c--a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 06:17 . 2009-03-07 02:21   --------   dc-h--w-   c:\program files\InstallShield Installation Information
2010-05-03 21:48 . 2010-05-03 21:48   0   -c-ha-w-   c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-05-03 21:47 . 2010-05-03 21:47   0   -c-ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-03 13:39 . 2010-05-03 13:39   581192   -c--a-w-   c:\windows\system32\WinUSBCoInstaller.dll
2010-05-03 13:39 . 2010-05-03 13:39   1112288   -c--a-w-   c:\windows\system32\WdfCoInstaller01007.dll
2010-04-23 01:12 . 2010-01-24 11:01   16   -c--a-w-   c:\windows\msocreg32.dat
2010-04-22 10:51 . 2010-04-22 10:51   2892   -c--a-w-   c:\windows\system32\audcon.sys
2010-04-18 22:35 . 2010-04-18 22:35   69632   -c--a-w-   c:\windows\system32\com.fxpansion.fxshared.dll
2010-04-18 22:35 . 2010-01-08 03:46   69632   -c--a-w-   c:\windows\system32\FxShared.dll
.

------- Sigcheck -------

[-] 2008-05-02 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-05-02 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-05-02 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-05-02 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

[-] 2008-05-02 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2008-05-02 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\asyncmac.sys
[-] 2008-05-02 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-05-02 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2008-05-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2008-05-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-05-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-05-02 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-05-02 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-05-02 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ndis.sys
[-] 2008-05-02 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-05-02 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ntfs.sys
[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2008-05-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2008-05-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-05-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-05-02 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-05-02 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\tcpip.sys

[-] 2008-05-02 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-05-02 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\browser.dll
[-] 2008-05-02 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-05-02 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-05-02 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-05-02 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\lsass.exe
[-] 2008-05-02 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-05-02 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-05-02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-05-02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\netman.dll
[-] 2008-05-02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-05-02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-05-02 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2008-05-02 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\qmgr.dll
[-] 2008-05-02 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-05-02 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-05-02 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-05-02 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-05-02 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-05-02 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\services.exe

[-] 2008-05-02 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-05-02 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\spoolsv.exe
[-] 2008-05-02 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-05-02 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-05-02 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-05-02 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\winlogon.exe
[-] 2008-05-02 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-05-02 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-05-02 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-05-02 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\comctl32.dll
[-] 2008-05-02 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-05-02 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-05-02 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-05-02 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-05-02 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\cryptsvc.dll
[-] 2008-05-02 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-05-02 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-05-02 03:05 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-05-02 03:05 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\es.dll

[-] 2008-05-02 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2008-05-02 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\imm32.dll
[-] 2008-05-02 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-05-02 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-05-02 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-05-02 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\kernel32.dll

[-] 2008-05-02 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-05-02 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\linkinfo.dll
[-] 2008-05-02 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-05-02 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-05-02 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2008-05-02 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\lpk.dll
[-] 2008-05-02 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-05-02 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3gdr\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3qfe\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\system32\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-05-02 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie7\mshtml.dll
[-] 2008-05-02 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll

[-] 2008-05-02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-05-02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\msvcrt.dll
[-] 2008-05-02 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-05-02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-05-02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-05-02 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-05-02 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\mswsock.dll

[-] 2008-05-02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2008-05-02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\netlogon.dll
[-] 2008-05-02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-05-02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-05-02 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ntoskrnl.exe

[-] 2008-05-02 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-05-02 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\powrprof.dll
[-] 2008-05-02 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-05-02 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-05-02 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-05-02 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\scecli.dll
[-] 2008-05-02 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-05-02 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-05-02 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-05-02 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\sfc.dll
[-] 2008-05-02 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-05-02 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-05-02 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-05-02 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\svchost.exe
[-] 2008-05-02 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-05-02 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-05-02 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-05-02 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\tapisrv.dll
[-] 2008-05-02 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-05-02 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-05-02 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-05-02 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\user32.dll
[-] 2008-05-02 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-05-02 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2010-06-23 20:03 . 4A592C61CEC6C6D841CDA9EA65E8B21F . 25080 . . [] . . c:\windows\system32\userinit.exe
[-] 2008-05-02 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2008-05-02 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\userinit.exe
[-] 2008-05-02 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3qfe\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3gdr\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\system32\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-05-02 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie7\wininet.dll
[-] 2008-05-02 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll

[-] 2008-05-02 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-05-02 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ws2_32.dll
[-] 2008-05-02 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-05-02 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-05-02 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ws2help.dll
[-] 2008-05-02 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-05-02 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

[-] 2008-05-02 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-05-02 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-05-02 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\explorer.exe
[-] 2008-05-02 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-05-02 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-05-02 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\srsvc.dll
[-] 2008-05-02 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-05-02 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-05-02 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-05-02 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\wscntfy.exe
[-] 2008-05-02 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-05-02 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-05-02 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-05-02 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\xmlprov.dll
[-] 2008-05-02 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-05-02 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-05-02 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-05-02 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\eventlog.dll
[-] 2008-05-02 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-05-02 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-05-02 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2008-05-02 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\sfcfiles.dll
[-] 2008-05-02 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-05-02 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-05-02 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-05-02 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ctfmon.exe
[-] 2008-05-02 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-05-02 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-05-02 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-05-02 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\shsvcs.dll
[-] 2008-05-02 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-05-02 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-05-02 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-05-02 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\regsvc.dll
[-] 2008-05-02 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-05-02 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-05-02 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-05-02 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\schedsvc.dll
[-] 2008-05-02 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-05-02 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-05-02 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-05-02 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ssdpsrv.dll
[-] 2008-05-02 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-05-02 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-05-02 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-05-02 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\termsrv.dll
[-] 2008-05-02 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-05-02 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-05-02 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
[-] 2008-05-02 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\appmgmts.dll
[-] 2008-05-02 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-05-02 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-05-02 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2008-05-02 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2008-05-02 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\aec.sys
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-05-02 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-05-02 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ip6fw.sys
[-] 2008-05-02 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-05-02 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-05-02 03:05 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-05-02 03:05 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\mfc40u.dll
[-] 2008-05-02 03:05 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-05-02 03:05 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-05-02 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2008-05-02 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\msgsvc.dll
[-] 2008-05-02 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-05-02 03:05 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-05-02 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ntkrnlpa.exe

[-] 2008-05-02 03:05 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-05-02 03:05 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ntmssvc.dll
[-] 2008-05-02 03:05 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-05-02 03:05 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-05-02 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-05-02 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\upnphost.dll
[-] 2008-05-02 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-05-02 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2008-05-02 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll
[-] 2008-05-02 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\dsound.dll
[-] 2008-05-02 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-05-02 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

[-] 2008-05-02 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\d3d9.dll
[-] 2008-05-02 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-05-02 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll

[-] 2008-05-02 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ddraw.dll
[-] 2008-05-02 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-05-02 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

[-] 2008-05-02 03:05 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\olepro32.dll
[-] 2008-05-02 03:05 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-05-02 03:05 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

[-] 2008-05-02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\perfctrs.dll
[-] 2008-05-02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-05-02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-24_14.51.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-25 16:28 . 2010-06-25 16:28   16384 c:\windows\temp\Perflib_Perfdata_6ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-21 2403568]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-23 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 303104]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 643592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   -c--a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42   72208   -c--a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10   35696   -c--a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22   1004544   -c--a-w-   c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-05-02 03:05   27648   -c--a-w-   c:\windows\system32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-05-02 03:05   15360   -c----w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40   687560   -c--a-w-   c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-MU USB Audio Control Panel]
2007-11-26 19:03   274432   -c----w-   c:\program files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-08-03 14:33   1626112   -c--a-w-   c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22   3739648   -c--a-w-   c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2008-12-05 01:23   2745776   -c--a-w-   c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06   1840424   -c--a-w-   c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29

SuperDave · « **Reply #5 on:** June 25, 2010, 05:10:56 PM »

P2P - I see you have P2P software installed on your machine. (Ares) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

============================

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\stu2.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

=================================

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

goodie2010 · « **Reply #6 on:** June 25, 2010, 05:19:07 PM »

thanks again for your help and yes i'll be making some serious changes once this issue is solved, thanks

http://virusscan.jotti.org/en/scanresult/2a2b525f016
ae60a92fb794c6e6c2cb004a60a43/da5fe18ee2f67cea
2dcdfea0e3ab635b719a694d

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 16
Out of date Java installed!
Adobe Flash Player 10.0.22.87
Adobe Reader 9.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.4)
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

SuperDave · « **Reply #7 on:** June 25, 2010, 07:41:58 PM »

I'm still working on your ComboFix log. In the meantime, here's something you can do, please. The Security check reported this. Windows Security Center service is not running! Could you please activate it?
Click on Start, then Run, type in "services.msc" without the quotes. When the page comes up, on the far right scroll down the list and doubleclick on Security Center. Where it says Startup, set from Disabled to Automatic. Just below that you will see the word "Start". click on that and then click OK. Restart your computer and your Service Center will be active.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

============================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

goodie2010 · « **Reply #8 on:** June 25, 2010, 07:57:36 PM »

thanks for your response, when i tried to uninstall java 6 and adobe reader it says "windows installer could not be accessed....could be running in safe mode or not properly installed"

error 1068 could not start security system on local computer, but its already on automatic.

SuperDave · « **Reply #9 on:** June 26, 2010, 01:40:38 PM »

Quote

thanks for your response, when i tried to uninstall java 6 and adobe reader it says "windows installer could not be accessed....could be running in safe mode or not properly installed"

error 1068 could not start security system on local computer, but its already on automatic.

Ok. We'll deal with these later. If I forget, please remind me. There's one file we'll have to fix first.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

FCopy::
c:\windows\ERDNT\cache\userinit.exe | c:\windows\system32\userinit.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

goodie2010 · « **Reply #10 on:** June 26, 2010, 01:52:12 PM »

I can't drag/drop or copy paste

goodie2010 · « **Reply #11 on:** June 26, 2010, 02:44:19 PM »

ComboFix 10-06-25.01 - Administrator 06/26/2010 16:04:13.15.2 - x86
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\Downloads\CFScript.txt,.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
--------------- FCopy ---------------

c:\windows\ERDNT\cache\userinit.exe --> c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-26 16:55 . 2008-04-14 09:42   116224   -c--a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2010-06-26 16:53 . 2001-08-17 17:28   771581   -c--a-w-   c:\windows\system32\dllcache\winacisa.sys
2010-06-26 16:52 . 2001-08-17 17:28   604253   -c--a-w-   c:\windows\system32\dllcache\vmodem.sys
2010-06-26 16:51 . 2001-08-18 02:36   28160   -c--a-w-   c:\windows\system32\dllcache\umaxu40.dll
2010-06-26 16:50 . 2001-08-17 18:56   315520   -c--a-w-   c:\windows\system32\dllcache\trid3d.dll
2010-06-26 16:49 . 2001-08-17 17:52   7040   -c--a-w-   c:\windows\system32\dllcache\tandqic.sys
2010-06-26 16:48 . 2001-08-17 16:11   48736   -c--a-w-   c:\windows\system32\dllcache\srwlnd5.sys
2010-06-26 16:47 . 2001-08-17 16:10   35913   -c--a-w-   c:\windows\system32\dllcache\smcirda.sys
2010-06-26 16:46 . 2001-08-17 18:56   252032   -c--a-w-   c:\windows\system32\dllcache\sis300iv.dll
2010-06-26 16:45 . 2001-08-17 17:51   23936   -c--a-w-   c:\windows\system32\dllcache\sccmn50m.sys
2010-06-26 16:44 . 2001-08-18 02:36   9216   -c--a-w-   c:\windows\system32\dllcache\rsmgrstr.dll
2010-06-26 16:43 . 2001-08-17 17:28   130942   -c--a-w-   c:\windows\system32\dllcache\ptserlv.sys
2010-06-26 16:42 . 2008-04-14 09:40   211584   -c--a-w-   c:\windows\system32\dllcache\perm2dll.dll
2010-06-26 16:41 . 2001-08-17 18:05   48000   -c--a-w-   c:\windows\system32\dllcache\ovcam2.sys
2010-06-26 16:40 . 2001-08-17 16:11   65278   -c--a-w-   c:\windows\system32\dllcache\netflx3.sys
2010-06-26 16:39 . 2008-04-14 04:09   5504   -c--a-w-   c:\windows\system32\dllcache\mstee.sys
2010-06-26 16:39 . 2008-04-14 04:16   49024   -c--a-w-   c:\windows\system32\dllcache\mstape.sys
2010-06-26 16:39 . 2001-08-17 17:48   12416   -c--a-w-   c:\windows\system32\dllcache\msriffwv.sys
2010-06-26 16:39 . 2001-08-17 18:00   2944   -c--a-w-   c:\windows\system32\dllcache\msmpu401.sys
2010-06-26 16:39 . 2008-04-14 04:24   22016   -c--a-w-   c:\windows\system32\dllcache\msircomm.sys
2010-06-26 00:54 . 2010-06-26 00:54   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Help
2010-06-25 20:17 . 2010-06-26 20:01   --------   dc----w-   c:\windows\system32\CatRoot2
2010-06-24 01:22 . 2010-06-24 01:22   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
2010-06-23 22:02 . 2010-04-29 19:39   38224   -c--a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-23 22:02 . 2010-04-29 19:39   20952   -c--a-w-   c:\windows\system32\drivers\mbam.sys
2010-06-23 19:23 . 2010-06-23 19:23   --------   dc----w-   C:\Setup
2010-06-23 19:23 . 2010-06-23 19:23   --------   dc----w-   C:\VSS
2010-06-23 19:22 . 2010-06-23 19:23   --------   dc----w-   C:\VB98
2010-06-23 19:22 . 2010-06-23 19:22   --------   dc----w-   C:\Shared
2010-06-23 19:22 . 2010-06-23 19:22   --------   dc----w-   C:\MSDesign
2010-06-23 19:22 . 2010-06-23 19:22   --------   dc----w-   C:\Common
2010-06-23 19:22 . 2010-06-23 19:22   --------   dc----w-   C:\os
2010-06-23 12:19 . 2010-06-23 12:19   132608   -csha-r-   c:\windows\system32\systemi.dll
2010-06-14 06:18 . 2010-06-14 06:21   --------   dc----w-   c:\documents and settings\All Users\Application Data\Ulead Systems
2010-06-14 06:18 . 2010-06-14 06:18   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Ulead Systems
2010-06-14 06:18 . 2010-06-14 06:18   --------   dc----w-   c:\program files\Ulead Systems
2010-06-14 06:17 . 1999-10-15 16:50   1056768   -c--a-w-   c:\windows\system32\ROBOEX32.DLL
2010-06-14 06:17 . 1999-01-28 19:44   49152   -c--a-w-   c:\windows\system32\INETWH32.dll
2010-06-14 06:17 . 2010-06-14 06:17   --------   dc----w-   c:\windows\Noslip
2010-06-12 21:44 . 2008-05-02 03:05   26112   -c--a-w-   c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 00:54 . 2009-03-29 04:02   --------   dc----w-   c:\program files\IrfanView3.99
2010-06-24 23:31 . 2009-12-09 00:38   --------   dc----w-   c:\program files\Malwarebytes' Anti-Malware
2010-06-24 18:16 . 2009-03-15 20:43   --------   dc----w-   c:\program files\Sonique
2010-06-23 22:03 . 2009-03-16 04:30   --------   dc----w-   c:\documents and settings\Administrator\Application Data\DMCache
2010-06-23 20:13 . 2009-08-28 04:52   --------   dc----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-23 12:50 . 2009-05-30 11:47   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Tracktion 3
2010-06-23 12:50 . 2009-05-11 23:41   --------   dc----w-   c:\documents and settings\All Users\Application Data\Tracktion 3
2010-06-21 09:57 . 2004-01-06 09:32   --------   dc----w-   c:\program files\SUPERAntiSpyware
2010-06-15 00:46 . 2009-03-07 04:53   29336   -c--a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 06:17 . 2009-03-07 02:21   --------   dc-h--w-   c:\program files\InstallShield Installation Information
2010-05-03 21:48 . 2010-05-03 21:48   0   -c-ha-w-   c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-05-03 21:47 . 2010-05-03 21:47   0   -c-ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-03 13:39 . 2010-05-03 13:39   581192   -c--a-w-   c:\windows\system32\WinUSBCoInstaller.dll
2010-05-03 13:39 . 2010-05-03 13:39   1112288   -c--a-w-   c:\windows\system32\WdfCoInstaller01007.dll
2010-04-23 01:12 . 2010-01-24 11:01   16   -c--a-w-   c:\windows\msocreg32.dat
2010-04-22 10:51 . 2010-04-22 10:51   2892   -c--a-w-   c:\windows\system32\audcon.sys
2010-04-18 22:35 . 2010-04-18 22:35   69632   -c--a-w-   c:\windows\system32\com.fxpansion.fxshared.dll
2010-04-18 22:35 . 2010-01-08 03:46   69632   -c--a-w-   c:\windows\system32\FxShared.dll
.

------- Sigcheck -------

[-] 2008-05-02 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-05-02 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-05-02 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

[-] 2008-05-02 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2008-05-02 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\asyncmac.sys
[-] 2008-05-02 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2008-05-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2008-05-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-05-02 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-05-02 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-05-02 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ndis.sys
[-] 2008-05-02 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-05-02 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ntfs.sys
[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2008-05-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2008-05-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-05-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-05-02 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-05-02 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\tcpip.sys

[-] 2008-05-02 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-05-02 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\browser.dll
[-] 2008-05-02 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2008-05-02 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-05-02 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\lsass.exe
[-] 2008-05-02 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2008-05-02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-05-02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\netman.dll
[-] 2008-05-02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-05-02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-05-02 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2008-05-02 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\qmgr.dll
[-] 2008-05-02 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-05-02 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-05-02 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-05-02 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-05-02 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-05-02 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\services.exe

[-] 2008-05-02 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-05-02 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\spoolsv.exe
[-] 2008-05-02 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-05-02 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-05-02 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-05-02 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\winlogon.exe
[-] 2008-05-02 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-05-02 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-05-02 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\comctl32.dll
[-] 2008-05-02 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-05-02 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-05-02 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-05-02 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\cryptsvc.dll
[-] 2008-05-02 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-05-02 03:05 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-05-02 03:05 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\es.dll

[-] 2008-05-02 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2008-05-02 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\imm32.dll
[-] 2008-05-02 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-05-02 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-05-02 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\kernel32.dll

[-] 2008-05-02 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-05-02 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\linkinfo.dll
[-] 2008-05-02 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2008-05-02 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2008-05-02 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\lpk.dll
[-] 2008-05-02 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3gdr\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3qfe\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\system32\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-05-02 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie7\mshtml.dll
[-] 2008-05-02 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll

[-] 2008-05-02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-05-02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\msvcrt.dll
[-] 2008-05-02 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-05-02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-05-02 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-05-02 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\mswsock.dll

[-] 2008-05-02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2008-05-02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\netlogon.dll
[-] 2008-05-02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-05-02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-05-02 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ntoskrnl.exe

[-] 2008-05-02 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-05-02 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\powrprof.dll
[-] 2008-05-02 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-05-02 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-05-02 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-05-02 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\scecli.dll
[-] 2008-05-02 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-05-02 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-05-02 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-05-02 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\sfc.dll
[-] 2008-05-02 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2008-05-02 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-05-02 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\svchost.exe
[-] 2008-05-02 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-05-02 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-05-02 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-05-02 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\tapisrv.dll
[-] 2008-05-02 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-05-02 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-05-02 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-05-02 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\user32.dll
[-] 2008-05-02 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-05-02 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-05-02 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2008-05-02 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\userinit.exe
[-] 2008-05-02 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-05-02 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3qfe\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3gdr\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\system32\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-05-02 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie7\wininet.dll
[-] 2008-05-02 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll

[-] 2008-05-02 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-05-02 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ws2_32.dll
[-] 2008-05-02 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-05-02 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-05-02 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ws2help.dll
[-] 2008-05-02 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-05-02 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

[-] 2008-05-02 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-05-02 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-05-02 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\explorer.exe

[-] 2008-05-02 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-05-02 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\srsvc.dll
[-] 2008-05-02 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-05-02 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-05-02 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-05-02 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\wscntfy.exe
[-] 2008-05-02 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-05-02 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-05-02 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-05-02 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\xmlprov.dll
[-] 2008-05-02 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-05-02 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-05-02 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-05-02 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\eventlog.dll
[-] 2008-05-02 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2008-05-02 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2008-05-02 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\sfcfiles.dll
[-] 2008-05-02 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-05-02 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-05-02 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ctfmon.exe
[-] 2008-05-02 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-05-02 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-05-02 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\shsvcs.dll
[-] 2008-05-02 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-05-02 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-05-02 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-05-02 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\regsvc.dll
[-] 2008-05-02 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-05-02 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-05-02 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-05-02 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\schedsvc.dll
[-] 2008-05-02 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-05-02 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-05-02 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-05-02 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ssdpsrv.dll
[-] 2008-05-02 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-05-02 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-05-02 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-05-02 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\termsrv.dll
[-] 2008-05-02 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-05-02 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-05-02 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
[-] 2008-05-02 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\appmgmts.dll
[-] 2008-05-02 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2008-05-02 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2008-05-02 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\aec.sys
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-05-02 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-05-02 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ip6fw.sys
[-] 2008-05-02 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-05-02 03:05 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-05-02 03:05 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\mfc40u.dll
[-] 2008-05-02 03:05 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

[-] 2008-05-02 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2008-05-02 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\msgsvc.dll
[-] 2008-05-02 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-05-02 03:05 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-05-02 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ntkrnlpa.exe

[-] 2008-05-02 03:05 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-05-02 03:05 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ntmssvc.dll
[-] 2008-05-02 03:05 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-05-02 03:05 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-05-02 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-05-02 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\upnphost.dll
[-] 2008-05-02 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-05-02 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2008-05-02 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll
[-] 2008-05-02 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\dsound.dll
[-] 2008-05-02 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2008-05-02 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\d3d9.dll
[-] 2008-05-02 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[-] 2008-05-02 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ddraw.dll
[-] 2008-05-02 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2008-05-02 03:05 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\olepro32.dll
[-] 2008-05-02 03:05 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2008-05-02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\perfctrs.dll
[-] 2008-05-02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-05-02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-06-26_17.15.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-26 20:11 . 2010-06-26 20:11   16384 c:\windows\temp\Perflib_Perfdata_6a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-21 2403568]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-23 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 303104]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 643592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   -c--a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42   72208   -c--a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10   35696   -c--a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22   1004544   -c--a-w-   c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-05-02 03:05   27648   -c--a-w-   c:\windows\system32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-05-02 03:05   15360   -c----w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40   687560   -c--a-w-   c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-MU USB Audio Control Panel]
2007-11-26 19:03   274432   -c----w-   c:\program files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-08-03 14:33   1626112   -c--a-w-   c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22   3739648   -c--a-w-   c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2008-12-05 01:23   2745776   -c--a-w-   c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06   1840424   -c--a-w-   c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 08:12   76304   -c--a-w-   c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 19:39   437584   -c--a-w-   c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-05-01 19:35   185640   -c--a-w-   c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50   4363504   -c--a-w-   c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2009-03-05 04:44   1074352   -c--a-w-   c:\program files\My Lockbox\mylbx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 13:31   2221352   -c--a-w-   c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 13:53   570664   -c--a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01   13529088   -c--a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01   86016   -c--a-w-   c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01   1630208   -c--a-w-   c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-16 12:56   236016   -c--a-w-   c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
2009-03-15 20:43   44832   -c--a-w-   c:\program files\Sonique\SQStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Tracktion 3\\Tracktion.exe"=

R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2007-11-26 20992]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [2007-11-26 163352]
R3 SliceDisk5;SliceDisk5;c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys

R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-08 721904]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2006-12-09 16384]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-08-04 40560]
S1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\DRIVERS\NetBurn.sys [2008-06-07 84752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-06-21 67656]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2009-04-03 1680704]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2008-10-23 73344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 NetBurnerService;Net Burner iSCSI Service;c:\program files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe [2008-06-07 223248]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-10 33792]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2009-11-09 158600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 RDID1009;EDIROL UM-1;c:\windows\system32\Drivers\rdwm1009.sys [2005-06-03 65794]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-28 127496]

.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1292428093-1801674531-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 19:19]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1292428093-1801674531-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 16:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
.
**************************************************************************
.
Completion time: 2010-06-26 16:25:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-26 20:25
ComboFix2.txt 2010-06-26 19:56
ComboFix3.txt 2010-06-26 17:21
ComboFix4.txt 2010-06-25 21:12
ComboFix5.txt 2010-06-26 20:02

Pre-Run: 111,560,761,344 bytes free
Post-Run: 111,601,106,944 bytes free

- - End Of File - - E207D48FA665EFD0477C1E33C0DCD026

SuperDave · « **Reply #12 on:** June 26, 2010, 05:26:21 PM »

Quote

I can't drag/drop or copy paste

Not to worry. It worked.

I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

goodie2010 · « **Reply #13 on:** June 26, 2010, 05:40:41 PM »

i'm running scan now, is my computer almost clean? Are you gonna be online for a while? The scan is 13% done, if I recall correctly last time I ran this scan it took well over an hour........will this finally fix my problems? sorry for the questions, I really appreciate your help, just very frustrated, i've spent the better part of the past 4 days on this computer issue. I still can't copy, paste, can't run mbam, no sound, etc.... Thanks Super Dave!

SuperDave · « **Reply #14 on:** June 26, 2010, 06:15:32 PM »

Quote from: goodie2010 on June 26, 2010, 05:40:41 PM

i'm running scan now, is my computer almost clean? Are you gonna be online for a while? The scan is 13% done, if I recall correctly last time I ran this scan it took well over an hour........will this finally fix my problems? sorry for the questions, I really appreciate your help, just very frustrated, i've spent the better part of the past 4 days on this computer issue. I still can't copy, paste, can't run mbam, no sound, etc.... Thanks Super Dave!

I will know more once the scan is completed. The copy and paste and the no sound problems look like another different problem. As for MBAM, go to Program Files/ malwarebytes anti-malware folder and change the name of mbam.exe to somethingelse.exe. Now try to see if it will run. I won't be on-line very much longer this evening. Back tomorrow afternoon.

Computer Hope Forum

News:

Author Topic: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba (Read 17082 times)

goodie2010

Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

SuperDave

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

goodie2010

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

SuperDave

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

goodie2010

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

SuperDave

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

goodie2010

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

SuperDave

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

goodie2010

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

SuperDave

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

goodie2010

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

goodie2010

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

SuperDave

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

goodie2010

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba

SuperDave

Re: Sas log, missing taskbar, start menu, no sound, can't copy, etc.. error 372, vba