Blue Netsky screen

My husband was downloading music, turned his back on the computer and when he turned back we had the blue screen telling us we had netsky worm. I tried to turn off system restore but that is gone and I get an error message. I went into safe mode and ran the fxnetsky.exe. After it finished it said there was no infection. I went back to my regular screen and it keeps giving me error messages saying I'm infected. I still have no system restore and am still getting error messages constantly telling me of the infection. What do I need to do?

Angelique

Forgot to add we have a dell desktop and use windows xp. I can also post a hijackthis log if it would be helpful.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

OTL Extras logfile created on: 2/18/2010 2:20:26 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.19 Gb Total Space | 74.96 Gb Free Space | 32.85% Space Free | Partition Type: NTFS
Drive D: | 9.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-B0D885443
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8085:TCP" = 8085:TCP:*:Enabled:fio32
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Trend Micro\Internet Security 14\pccmain.exe" = C:\Program Files\Trend Micro\Internet Security 14\pccmain.exe:*:Enabled:Main Console -- (Trend Micro Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe -- (Blizzard Entertainment)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0CA14F11-6F47-4613-8E40-6AC088E464A0}" = Cisco Network Magic
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38D5B0E0-05C8-4495-A109-F13FEF4184BE}" = hallowall02
"{3B1A4366-8DFA-4582-91F6-27F7A4714FCC}" = Pure Networks Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security 14
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"Farm Frenzy" = Farm Frenzy
"Game Cam" = Game Cam 2.4.0.46
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire 5.0.11
"Marine Sharpshooter" = Marine Sharpshooter
"Marine Sharpshooter II: Jungle Warfare" = Marine Sharpshooter II: Jungle Warfare
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"net" = Advertisement Service
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel(R) PRO Network Connections Drivers
"RCA Detective_is1" = RCA Detective 2.0.0.99
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"TmPcc" = Trend Micro PC-cillin Internet Security 14
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Wizard 101 Opponents" = Wizard 101 Opponents
"Wizard 101 Summons" = Wizard 101 Summons
"World of Warcraft" = World of Warcraft
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2010 5:00:46 AM | Computer Name = OWNER-B0D885443 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 2/17/2010 5:00:47 AM | Computer Name = OWNER-B0D885443 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/18/2010 5:00:48 AM | Computer Name = OWNER-B0D885443 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 2/18/2010 5:00:48 AM | Computer Name = OWNER-B0D885443 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/18/2010 5:32:46 AM | Computer Name = OWNER-B0D885443 | Source = Application Error | ID = 1000
Description = Faulting application net.net, version 0.0.0.0, faulting module ws2_32.dll,
version 5.1.2600.2180, fault address 0x00002a6f.

Error - 2/18/2010 10:34:19 AM | Computer Name = OWNER-B0D885443 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/18/2010 12:56:30 PM | Computer Name = OWNER-B0D885443 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/18/2010 1:04:25 PM | Computer Name = OWNER-B0D885443 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/18/2010 1:13:05 PM | Computer Name = OWNER-B0D885443 | Source = Google Update | ID = 20
Description =

Error - 2/18/2010 2:04:04 PM | Computer Name = OWNER-B0D885443 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 2/18/2010 1:03:29 PM | Computer Name = OWNER-B0D885443 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2/18/2010 1:03:29 PM | Computer Name = OWNER-B0D885443 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/18/2010 1:08:29 PM | Computer Name = OWNER-B0D885443 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2/18/2010 1:11:58 PM | Computer Name = OWNER-B0D885443 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 2/18/2010 1:12:47 PM | Computer Name = OWNER-B0D885443 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 2/18/2010 1:13:24 PM | Computer Name = OWNER-B0D885443 | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
3 time(s).

Error - 2/18/2010 2:01:42 PM | Computer Name = OWNER-B0D885443 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.5.101 for the Network Card with network
address 001A70125AFB has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/18/2010 3:24:40 PM | Computer Name = OWNER-B0D885443 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 2/18/2010 4:20:09 PM | Computer Name = OWNER-B0D885443 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 2/18/2010 4:22:10 PM | Computer Name = OWNER-B0D885443 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

OTL logfile created on: 2/18/2010 2:20:26 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.19 Gb Total Space | 74.96 Gb Free Space | 32.85% Space Free | Partition Type: NTFS
Drive D: | 9.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-B0D885443
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/18 13:58:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/02/18 13:22:39 | 000,036,868 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\avp.exe
PRC - [2010/02/18 13:22:38 | 000,036,868 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\win.exe
PRC - [2010/02/18 13:22:38 | 000,036,868 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\mdm.exe
PRC - [2010/02/18 03:31:55 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\smss32.exe
PRC - [2009/12/18 07:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/05/29 13:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/01/19 19:31:34 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/19 19:31:34 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/14 08:29:00 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe
PRC - [2007/06/15 22:30:47 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/21 13:07:42 | 000,583,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PcCmdCom.exe
PRC - [2006/11/21 13:02:24 | 001,807,960 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
PRC - [2006/11/09 15:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe
PRC - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
PRC - [2006/09/25 08:26:26 | 000,345,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
PRC - [2006/09/25 08:26:20 | 000,853,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PccUpdUI.exe
PRC - [2006/08/04 16:15:28 | 000,321,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
PRC - [2006/06/07 15:03:20 | 000,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/03/20 16:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/11/07 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/08 22:31:02 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,093,696 | -HS- | M] () -- C:\WINDOWS\system32\peyumupo.dll
MOD - [2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\system32\yiwigije.dll
MOD - [2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\system32\dofedizi.dll
MOD - [2010/02/18 13:58:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2004/08/10 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/10 05:00:00 | 000,161,792 | ---- | M] () -- C:\WINDOWS\osiwalifipulukel.dll
MOD - [2004/08/10 05:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/18 03:32:06 | 000,194,560 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/05/29 13:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/08 22:02:50 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9d05b86bf973) Google Update Service (gupdate1c9d05b86bf973)
SRV - [2009/05/08 22:01:37 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/19 19:31:34 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2006/11/09 15:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/25 08:26:26 | 000,345,696 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2006/06/07 15:03:20 | 000,409,600 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/03/08 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/02/20 19:19:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/12 17:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/26 17:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 17:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 17:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/11/20 13:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/09 16:04:20 | 000,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2006/11/09 16:04:20 | 000,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/10/08 13:57:14 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/11 10:30:52 | 000,247,808 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/11/18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/25 17:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 18:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 18:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/12/13 15:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 05:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/10 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:08:30 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GcKernel.sys -- (GcKernel)
DRV - [2004/08/03 21:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 11:48:08 | 000,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/03/08 22:31:02 | 000,021,456 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/08 22:31:02 | 000,016,080 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/08 22:31:00 | 000,051,024 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2001/10/24 18:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717


FF - HKLM\software\mozilla\Firefox\extensions\\{0B7C6D1F-4931-4EB3-B104-0A62393D3321}: C:\Documents and Settings\Owner\Local Settings\Application Data\{0B7C6D1F-4931-4EB3-B104-0A62393D3321}\ [2010/02/18 13:09:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 03:55:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/18 14:10:23 | 000,000,000 | ---D | M]

[2009/02/09 14:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/02/09 14:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/18 08:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\extensions
[2009/01/20 16:44:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/17 19:34:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/21 19:25:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/21 19:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2010/01/18 14:09:44 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2010/01/18 14:09:45 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/01/18 14:10:07 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/01/18 14:09:42 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/06/17 12:52:48 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2009/10/09 09:41:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\a78dz.dll) - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\a78dz.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [pedijejone] C:\WINDOWS\System32\yiwigije.dll ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tekejukal] C:\WINDOWS\System32\peyumupo.DLL ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Ymofomagifino] C:\WINDOWS\osiwalifipulukel.DLL ()
O4 - HKCU..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Owner\Local Settings\temp\avp.exe ()
O4 - HKCU..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Remote System Protection] C:\WINDOWS\System32\a78dz.DLL ()
O4 - HKCU..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (dofedizi.dll) - C:\WINDOWS\System32\dofedizi.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\peyumupo.dll) - C:\WINDOWS\system32\peyumupo.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: yawoforiw - {b0ad3e73-ddea-47b8-aaef-46b016b85441} - C:\WINDOWS\system32\peyumupo.dll ()
O22 - SharedTaskScheduler: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - 7whfiudhf8s7f3oifhif7syfdhsof - C:\WINDOWS\system32\a78dz.dll ()
O22 - SharedTaskScheduler: {b0ad3e73-ddea-47b8-aaef-46b016b85441} - tokatiluy - C:\WINDOWS\system32\peyumupo.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 13:58:21 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/18 13:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{0B7C6D1F-4931-4EB3-B104-0A62393D3321}
[2008/11/24 09:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/11/24 09:40:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/24 09:40:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/24 09:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/29 10:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/08/16 13:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/08/16 13:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/08/07 17:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/08/07 17:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/06/13 11:45:55 | 001,254,593 | ---- | C] (Blizzard Entertainment) -- C:\Program Files\WotLK-F&F-enUS-downloader.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,093,696 | -HS- | M] () -- C:\WINDOWS\System32\peyumupo.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\System32\yiwigije.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\System32\tipawaja.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\System32\dofedizi.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\walikahe.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\bulilufu.dll
[2010/02/18 14:22:41 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hdaihl.sys
[2010/02/18 14:02:34 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tafamuji
[2010/02/18 13:58:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/18 13:58:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/18 13:54:38 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/02/18 13:25:23 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/18 13:23:00 | 000,000,238 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/18 13:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/18 13:09:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gcuro.dat
[2010/02/18 13:09:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vpapagelewizute.bin
[2010/02/18 13:09:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/18 12:44:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/02/18 11:44:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/02/18 11:24:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/02/18 11:04:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/02/18 11:04:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\helpers32.dll
[2010/02/18 11:04:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ES15.exe
[2010/02/18 11:03:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/18 11:03:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/18 08:40:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/18 03:32:23 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\a78dz.dll
[2010/02/18 03:32:09 | 000,153,088 | ---- | M] () -- C:\WINDOWS\msa.exe
[2010/02/18 03:32:07 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\mswintmp.dat
[2010/02/18 03:32:06 | 000,194,560 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll
[2010/02/18 03:31:55 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/18 03:31:55 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/02/18 03:31:36 | 000,057,520 | ---- | M] () -- C:\WINDOWS\System32\net.net
[2010/02/17 14:58:49 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/02/17 10:42:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1232728900.job
[2010/02/16 18:29:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/02/16 15:07:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/12 10:20:56 | 000,217,506 | R--- | M] () -- C:\Documents and Settings\Owner\My Documents\image001.jpeg
[2010/02/11 19:14:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
[2010/02/10 03:04:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/07 00:16:45 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2010/01/29 00:45:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/26 14:08:41 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IL-2 Sturmovik 1946.lnk
[2010/01/25 12:54:06 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\scholarshipsfall09Jan_21.doc
[2010/01/24 11:58:10 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1261677408.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,093,696 | -HS- | C] () -- C:\WINDOWS\System32\peyumupo.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | C] () -- C:\WINDOWS\System32\yiwigije.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | C] () -- C:\WINDOWS\System32\tipawaja.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | C] () -- C:\WINDOWS\System32\dofedizi.dll
[2099/01/01 12:00:00 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\walikahe.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bulilufu.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tafamuji
[2010/02/18 13:09:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gcuro.dat
[2010/02/18 13:09:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vpapagelewizute.bin
[2010/02/18 10:22:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/02/18 09:22:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/02/18 08:31:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/02/18 03:32:58 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hdaihl.sys
[2010/02/18 03:32:23 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\a78dz.dll
[2010/02/18 03:32:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/02/18 03:32:14 | 000,153,088 | ---- | C] () -- C:\WINDOWS\msa.exe
[2010/02/18 03:32:14 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/18 03:32:11 | 000,000,238 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/18 03:32:07 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\mswintmp.dat
[2010/02/18 03:32:06 | 000,194,560 | ---- | C] () -- C:\WINDOWS\System32\sshnas21.dll
[2010/02/18 03:31:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\helpers32.dll
[2010/02/18 03:31:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ES15.exe
[2010/02/18 03:31:56 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/18 03:31:56 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/02/18 03:31:36 | 000,057,520 | ---- | C] () -- C:\WINDOWS\System32\net.net
[2010/02/12 10:21:45 | 000,217,506 | R--- | C] () -- C:\Documents and Settings\Owner\My Documents\image001.jpeg
[2010/02/07 00:16:45 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2010/01/29 00:45:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/26 14:08:41 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IL-2 Sturmovik 1946.lnk
[2010/01/25 12:54:05 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\scholarshipsfall09Jan_21.doc
[2010/01/02 15:48:04 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\sysReserve.ini
[2009/11/23 07:45:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/06/01 17:27:57 | 008,673,792 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\atscie.msi
[2009/03/20 21:42:05 | 000,000,515 | -H-- | C] () -- C:\Program Files\hpothb07.tif
[2009/03/20 21:42:05 | 000,000,305 | -H-- | C] () -- C:\Program Files\hpothb07.dat
[2009/01/23 10:29:25 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2009/01/17 17:40:37 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/17 17:31:30 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2009/01/14 15:16:15 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/14 13:22:50 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/08/09 17:33:54 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/05/11 10:30:52 | 000,247,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2005/11/28 18:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 05:00:00 | 000,161,792 | ---- | C] () -- C:\WINDOWS\osiwalifipulukel.dll
[2004/08/10 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/03/08 22:31:04 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
< End of report >

Hello.
This is gonna take some going at.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  PRC - [2010/02/18 13:22:39 | 000,036,868 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\avp.exe
  PRC - [2010/02/18 13:22:38 | 000,036,868 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\win.exe
  PRC - [2010/02/18 13:22:38 | 000,036,868 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\mdm.exe
  PRC - [2010/02/18 03:31:55 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\smss32.exe
  SRV - [2010/02/18 03:32:06 | 000,194,560 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
  O2 - BHO: (C:\WINDOWS\system32\a78dz.dll) - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\a78dz.dll ()
  O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
  O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
  O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net ()
  O4 - HKLM..\Run: [pedijejone] C:\WINDOWS\System32\yiwigije.dll ()
  O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
  O4 - HKLM..\Run: [tekejukal] C:\WINDOWS\System32\peyumupo.DLL ()
  O4 - HKLM..\Run: [UserFaultCheck] File not found
  O4 - HKLM..\Run: [Ymofomagifino] C:\WINDOWS\osiwalifipulukel.DLL ()
  O4 - HKCU..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Owner\Local Settings\temp\avp.exe ()
  O4 - HKCU..\Run: [Remote System Protection] C:\WINDOWS\System32\a78dz.DLL ()
  O4 - HKCU..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
  O20 - AppInit_DLLs: (dofedizi.dll) - C:\WINDOWS\System32\dofedizi.dll ()
  O20 - AppInit_DLLs: (c:\windows\system32\peyumupo.dll) - C:\WINDOWS\system32\peyumupo.dll ()
  O21 - SSODL: yawoforiw - {b0ad3e73-ddea-47b8-aaef-46b016b85441} - C:\WINDOWS\system32\peyumupo.dll ()
  O22 - SharedTaskScheduler: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - 7whfiudhf8s7f3oifhif7syfdhsof - C:\WINDOWS\system32\a78dz.dll ()
  O22 - SharedTaskScheduler: {b0ad3e73-ddea-47b8-aaef-46b016b85441} - tokatiluy - C:\WINDOWS\system32\peyumupo.dll ()
  [2099/01/01 12:00:00 | 000,093,696 | -HS- | M] () -- C:\WINDOWS\System32\peyumupo.dll
  [2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\System32\yiwigije.dll
  [2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\System32\tipawaja.dll
  [2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\System32\dofedizi.dll
  [2099/01/01 12:00:00 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\walikahe.dll
  [2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\bulilufu.dll
  [2010/02/18 14:22:41 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hdaihl.sys
  [2010/02/18 14:02:34 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tafamuji
  [2010/02/18 13:09:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gcuro.dat
  [2010/02/18 13:09:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vpapagelewizute.bin
  [2010/02/18 13:09:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
  [2010/02/18 12:44:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
  [2010/02/18 11:44:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
  [2010/02/18 11:24:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
  [2010/02/18 11:04:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
  [2010/02/18 11:04:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\helpers32.dll
  [2010/02/18 11:04:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ES15.exe
  [2010/02/18 03:32:23 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\a78dz.dll
  [2010/02/18 03:32:09 | 000,153,088 | ---- | M] () -- C:\WINDOWS\msa.exe
  [2010/02/18 03:32:06 | 000,194,560 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll
  [2010/02/18 03:31:55 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
  [2010/02/18 03:31:55 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
  [2010/02/18 03:31:36 | 000,057,520 | ---- | M] () -- C:\WINDOWS\System32\net.net
  [2010/02/18 03:32:11 | 000,000,238 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Ran the OTL and it created a log, but I can't find it. It's not on desktop only the original runs from earlier are there.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I can't get my main console for trend micro to open to turn off the protection against virus and spyware. I did turn off the real time virus protection. Can I still do the combo fix?

If I run the combo fix without turning off the antivirus protection will it still fix the problem?

Hello.
Please boot to Safe Mode, Trend Micro wont interfere in Safe Mode.

ComboFix 10-02-19.03 - Owner 02/20/2010 15:01:32.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1494 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\LOCALS~1\Temp\lsass.exe
c:\docume~1\Owner\LOCALS~1\Temp\services.exe
c:\docume~1\Owner\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\Administrator.OWNER-B0D885443\Local Settings\Application Data\{6F958E26-98A2-4D59-B869-ADD5286426CF}
c:\documents and settings\Administrator.OWNER-B0D885443\Local Settings\Application Data\{6F958E26-98A2-4D59-B869-ADD5286426CF}\chrome.manifest
c:\documents and settings\Administrator.OWNER-B0D885443\Local Settings\Application Data\{6F958E26-98A2-4D59-B869-ADD5286426CF}\chrome\content\_cfg.js
c:\documents and settings\Administrator.OWNER-B0D885443\Local Settings\Application Data\{6F958E26-98A2-4D59-B869-ADD5286426CF}\chrome\content\overlay.xul
c:\documents and settings\Administrator.OWNER-B0D885443\Local Settings\Application Data\{6F958E26-98A2-4D59-B869-ADD5286426CF}\install.rdf
c:\documents and settings\All Users.WINDOWS\Application Data\mswintmp.dat
c:\documents and settings\All Users.WINDOWS\Application Data\sysReserve.ini
c:\documents and settings\Owner\Desktop\Security essentials 2010.lnk
c:\documents and settings\Owner\Start Menu\Security essentials 2010.lnk
C:\install.exe
c:\program files\Securityessentials2010
c:\program files\Securityessentials2010\SE2010.exe
c:\windows\msa.exe
c:\windows\osiwalifipulukel.dll
c:\windows\system32\11323.exe
c:\windows\system32\11538.exe
c:\windows\system32\11840.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12859.exe
c:\windows\system32\13290.exe
c:\windows\system32\13931.exe
c:\windows\system32\13977.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\15006.exe
c:\windows\system32\15141.exe
c:\windows\system32\153.exe
c:\windows\system32\15350.exe
c:\windows\system32\15573.exe
c:\windows\system32\15574.exe
c:\windows\system32\15890.exe
c:\windows\system32\16118.exe
c:\windows\system32\16512.exe
c:\windows\system32\16541.exe
c:\windows\system32\16944.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\17673.exe
c:\windows\system32\1842.exe
c:\windows\system32\18636.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19072.exe
c:\windows\system32\19264.exe
c:\windows\system32\19629.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\20037.exe
c:\windows\system32\2082.exe
c:\windows\system32\21538.exe
c:\windows\system32\21726.exe
c:\windows\system32\22190.exe
c:\windows\system32\22355.exe
c:\windows\system32\22386.exe
c:\windows\system32\22648.exe
c:\windows\system32\22704.exe
c:\windows\system32\22929.exe
c:\windows\system32\2306.exe
c:\windows\system32\23281.exe
c:\windows\system32\23655.exe
c:\windows\system32\23805.exe
c:\windows\system32\23811.exe
c:\windows\system32\23986.exe
c:\windows\system32\24370.exe
c:\windows\system32\24393.exe
c:\windows\system32\24626.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26308.exe
c:\windows\system32\26777.exe
c:\windows\system32\26924.exe
c:\windows\system32\27446.exe
c:\windows\system32\27529.exe
c:\windows\system32\27644.exe
c:\windows\system32\28253.exe
c:\windows\system32\28703.exe
c:\windows\system32\28745.exe
c:\windows\system32\288.exe
c:\windows\system32\292.exe
c:\windows\system32\29658.exe
c:\windows\system32\30106.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\31101.exe
c:\windows\system32\31115.exe
c:\windows\system32\31322.exe
c:\windows\system32\31673.exe
c:\windows\system32\32391.exe
c:\windows\system32\32439.exe
c:\windows\system32\32662.exe
c:\windows\system32\32757.exe
c:\windows\system32\3548.exe
c:\windows\system32\3902.exe
c:\windows\system32\4031.exe
c:\windows\system32\41.exe
c:\windows\system32\4639.exe
c:\windows\system32\4664.exe
c:\windows\system32\4827.exe
c:\windows\system32\4833.exe
c:\windows\system32\4966.exe
c:\windows\system32\5021.exe
c:\windows\system32\5097.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5537.exe
c:\windows\system32\5829.exe
c:\windows\system32\5pz8uzjJZP.dll
c:\windows\system32\6270.exe
c:\windows\system32\6729.exe
c:\windows\system32\6868.exe
c:\windows\system32\7376.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\8723.exe
c:\windows\system32\8942.exe
c:\windows\system32\9040.exe
c:\windows\system32\9161.exe
c:\windows\system32\9741.exe
c:\windows\system32\9894.exe
c:\windows\system32\9930.exe
c:\windows\system32\a78dz.dll
c:\windows\system32\dojapode.dll
c:\windows\system32\drivers\hdaihl.sys
c:\windows\system32\helpers32.dll
c:\windows\system32\net.net
c:\windows\system32\rizibuki.dll
c:\windows\system32\semajosu.dll
c:\windows\system32\smss32.exe
c:\windows\system32\spool\prtprocs\w32x86\00000044.tmp
c:\windows\system32\spool\prtprocs\w32x86\0000646e.tmp
c:\windows\system32\sshnas21.dll
c:\windows\system32\togobanu.dll
c:\windows\system32\winlogon32.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\Tasks\kftjusvc.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Legacy__VOIDd.sys
-------\Service__VOIDd.sys
-------\Service_SSHNAS
-------\Legacy_hdaihl
-------\Service_hdaihl


((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 )))))))))))))))))))))))))))))))
.

2010-02-19 01:36 . 2010-02-19 01:36 -------- d-----w- C:\_OTL
2010-02-18 19:09 . 2010-02-20 21:00 120 ----a-w- c:\windows\Gcuro.dat
2010-02-18 19:09 . 2010-02-20 14:49 0 ----a-w- c:\windows\Vpapagelewizute.bin
2010-02-18 19:09 . 2010-02-18 19:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{0B7C6D1F-4931-4EB3-B104-0A62393D3321}
2010-02-18 18:03 . 2010-02-18 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-01-29 06:45 . 2010-01-29 06:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-27 00:02 . 2010-01-27 00:02 -------- d-----w- c:\documents and settings\Brady.OWNER-B0D885443\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 00:46 . 2009-05-09 04:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-02-10 09:01 . 2009-01-14 21:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-02-03 21:38 . 2009-01-27 22:18 -------- d-----w- c:\program files\World of Warcraft
2010-01-24 05:02 . 2009-10-14 01:41 -------- d-----w- c:\program files\World of Warcraft Public Test
2010-01-24 05:02 . 2007-10-09 11:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-10 04:44 . 2009-02-09 20:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-01-10 00:35 . 2009-01-17 20:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-01-05 10:00 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2004-08-10 11:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 18:21 . 2009-01-18 13:01 -------- d-----w- c:\documents and settings\Troy.OWNER-B0D885443\Application Data\Apple Computer
2009-12-25 14:14 . 2009-01-18 00:57 -------- d-----w- c:\documents and settings\Brady.OWNER-B0D885443\Application Data\Apple Computer
2009-12-25 13:52 . 2009-01-17 20:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-12-25 02:29 . 2009-12-24 18:07 0 ---ha-w- c:\documents and settings\Owner\hpothb07.dat
2009-12-24 18:59 . 2009-12-24 18:07 5924 ---ha-w- C:\hpothb07.dat
2009-12-24 17:48 . 2009-12-24 17:36 20454 ----a-w- c:\windows\hpoins01.dat
2009-12-16 12:58 . 2009-01-14 19:07 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:35 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:11 . 2005-03-30 01:21 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:35 . 2005-03-30 01:01 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-10 11:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-10 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-10 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2004-08-10 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-03-21 03:42 . 2009-03-21 03:42 305 ---ha-w- c:\program files\hpothb07.dat
2009-03-21 03:42 . 2009-03-21 03:42 515 ---ha-w- c:\program files\hpothb07.tif
2008-08-09 23:33 . 2008-08-09 23:33 0 ----a-w- c:\program files\temp01
2008-06-16 01:27 . 2008-06-13 17:45 1254593 ----a-w- c:\program files\WotLK-F&F-enUS-downloader.exe
2010-01-18 20:09 . 2010-01-18 20:09 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-01-18 20:09 . 2010-01-18 20:09 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-18 20:10 . 2010-01-18 20:10 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\bulilufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\busekuja.dll
1601-01-01 00:03 . 1601-01-01 00:03 93696 --sha-w- c:\windows\system32\difebebu.dll
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\dofedizi.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 70656 --sha-w- c:\windows\system32\lasozodi.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\logafulo.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\nitalopo.dll
1601-01-01 00:03 . 1601-01-01 00:03 93696 --sha-w- c:\windows\system32\peyumupo.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\porahebo.dll
1601-01-01 00:03 . 1601-01-01 00:03 53760 --sha-w- c:\windows\system32\remowoka.dll
1601-01-01 00:03 . 1601-01-01 00:03 53760 --sha-w- c:\windows\system32\savohofu.dll
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\tipawaja.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 23552 --sha-w- c:\windows\system32\vasidifu.exe
1601-01-01 00:03 . 1601-01-01 00:03 45568 --sha-w- c:\windows\system32\walikahe.dll
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\yiwigije.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3fee9ef3-c33e-455e-8672-88d8b456c9cd}]
1601-01-01 00:03 53760 --sha-w- c:\windows\system32\savohofu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli acmobdr1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\pccmain.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [9/25/2006 8:26 AM 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/25/2006 8:26 AM 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/11/2006 5:11 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [9/25/2006 8:26 AM 566872]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [5/16/2009 8:28 AM 36224]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [8/29/2006 2:54 PM 280392]
S2 gupdate1c9d05b86bf973;Google Update Service (gupdate1c9d05b86bf973);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 10:02 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-20 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8232728900.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2009-06-06 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8236365442.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-02-20 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8255979293.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-01-24 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8261677408.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 04:01]

2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 04:02]

2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 04:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.att.net/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
TCP: {5A7F0247-10D4-4583-8BDF-F9B1A5709094} = 83.149.115.157,4.2.2.1,192.168.1.254
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: XULRunner: {0B7C6D1F-4931-4EB3-B104-0A62393D3321} - c:\documents and settings\Owner\Local Settings\Application Data\{0B7C6D1F-4931-4EB3-B104-0A62393D3321}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BA40A2-74F0-42BD-F434-00B15A2C8953} - c:\windows\system32\a78dz.dll
HKCU-Run-smss32.exe - c:\windows\system32\smss32.exe
HKCU-Run-Remote System Protection - c:\windows\system32\a78dz.dll
HKCU-Run-Security essentials 2010 - c:\program files\Securityessentials2010\SE2010.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-Ymofomagifino - c:\windows\osiwalifipulukel.dll
HKLM-Run-tekejukal - c:\windows\system32\togobanu.dll
HKLM-Run-pedijejone - semajosu.dll
SharedTaskScheduler-{A3BA40A2-74F0-42BD-F434-00B15A2C8953} - c:\windows\system32\a78dz.dll
SharedTaskScheduler-{c78f857a-41a1-4681-a305-4b1750100009} - c:\windows\system32\togobanu.dll
SSODL-lutiroyad-{c78f857a-41a1-4681-a305-4b1750100009} - c:\windows\system32\togobanu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 15:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\tmp14.tmp 10240 bytes

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89F8381A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecfc3
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\iaStor -> iaStor.sys @ 0xba546f78
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Linksys LNE100TX(v5) Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xba437af9
PacketIndicateHandler -> NDIS.sys @ 0xba442b21
SendHandler -> NDIS.sys @ 0xba437938
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\WININET.dll
c:\windows\acmobdr1.dll

- - - - - - - > 'explorer.exe'(3600)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\acmobdr1.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\TRENDM~1\INTERN~1\PccGuide.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system32\msiexec.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-02-20 15:31:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-20 21:31
ComboFix2.txt 2009-10-09 15:46

Pre-Run: 80,780,390,400 bytes free
Post-Run: 82,543,546,368 bytes free

- - End Of File - - 44465E52E110469B659A18F40AB9C523

Hello.
Damn, this is worse than I thought. I have no idea why is machine is still working, the state it's in, it should of stopped booting long ago.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   File::
   c:\windows\system32\bulilufu.dll
   c:\windows\system32\busekuja.dll
   c:\windows\system32\difebebu.dll
   c:\windows\system32\dofedizi.dll.tmp
   c:\windows\system32\lasozodi.dll
   c:\windows\system32\logafulo.dll
   c:\windows\system32\nitalopo.dll
   c:\windows\system32\peyumupo.dll
   c:\windows\system32\porahebo.dll
   c:\windows\system32\remowoka.dll
   c:\windows\system32\savohofu.dll
   c:\windows\system32\tipawaja.dll.tmp
   c:\windows\system32\vasidifu.exe
   c:\windows\system32\walikahe.dll
   c:\windows\system32\yiwigije.dll.tmp
   c:\windows\acmobdr1.dll
   
   Registry::
   [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3fee9ef3-c33e-455e-8672-88d8b456c9cd}]
   [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
   "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
   
   DDS::
   TCP: {5A7F0247-10D4-4583-8BDF-F9B1A5709094} = 83.149.115.157,4.2.2.1,192.168.1.254
   
   Domains::
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-02-19.03 - Owner 02/20/2010 18:20:47.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1803 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

FILE ::
"c:\windows\acmobdr1.dll"
"c:\windows\system32\bulilufu.dll"
"c:\windows\system32\busekuja.dll"
"c:\windows\system32\difebebu.dll"
"c:\windows\system32\dofedizi.dll.tmp"
"c:\windows\system32\lasozodi.dll"
"c:\windows\system32\logafulo.dll"
"c:\windows\system32\nitalopo.dll"
"c:\windows\system32\peyumupo.dll"
"c:\windows\system32\porahebo.dll"
"c:\windows\system32\remowoka.dll"
"c:\windows\system32\savohofu.dll"
"c:\windows\system32\tipawaja.dll.tmp"
"c:\windows\system32\vasidifu.exe"
"c:\windows\system32\walikahe.dll"
"c:\windows\system32\yiwigije.dll.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\acmobdr1.dll
c:\windows\system32\bulilufu.dll
c:\windows\system32\busekuja.dll
c:\windows\system32\difebebu.dll
c:\windows\system32\dofedizi.dll.tmp
c:\windows\system32\lasozodi.dll
c:\windows\system32\logafulo.dll
c:\windows\system32\nitalopo.dll
c:\windows\system32\peyumupo.dll
c:\windows\system32\porahebo.dll
c:\windows\system32\remowoka.dll
c:\windows\system32\savohofu.dll
c:\windows\system32\tipawaja.dll.tmp
c:\windows\system32\vasidifu.exe
c:\windows\system32\walikahe.dll
c:\windows\system32\yiwigije.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-19 01:36 . 2010-02-19 01:36 -------- d-----w- C:\_OTL
2010-02-18 19:09 . 2010-02-20 21:00 120 ----a-w- c:\windows\Gcuro.dat
2010-02-18 19:09 . 2010-02-20 14:49 0 ----a-w- c:\windows\Vpapagelewizute.bin
2010-02-18 19:09 . 2010-02-18 19:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{0B7C6D1F-4931-4EB3-B104-0A62393D3321}
2010-02-18 18:03 . 2010-02-18 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-01-29 06:45 . 2010-01-29 06:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-27 00:02 . 2010-01-27 00:02 -------- d-----w- c:\documents and settings\Brady.OWNER-B0D885443\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 21:26 . 2009-11-25 14:20 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-19 00:46 . 2009-05-09 04:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-02-10 09:01 . 2009-01-14 21:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-02-03 21:38 . 2009-01-27 22:18 -------- d-----w- c:\program files\World of Warcraft
2010-01-24 05:02 . 2009-10-14 01:41 -------- d-----w- c:\program files\World of Warcraft Public Test
2010-01-24 05:02 . 2007-10-09 11:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-23 15:23 . 2009-11-25 16:39 79488 ----a-w- c:\documents and settings\Brady.OWNER-B0D885443\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-23 12:32 . 2009-11-25 09:45 79488 ----a-w- c:\documents and settings\Troy.OWNER-B0D885443\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-10 04:44 . 2009-02-09 20:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-01-10 00:35 . 2009-01-17 20:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-01-05 10:00 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2004-08-10 11:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 18:21 . 2009-01-18 13:01 -------- d-----w- c:\documents and settings\Troy.OWNER-B0D885443\Application Data\Apple Computer
2009-12-25 14:14 . 2009-01-18 00:57 -------- d-----w- c:\documents and settings\Brady.OWNER-B0D885443\Application Data\Apple Computer
2009-12-25 13:52 . 2009-01-17 20:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-12-25 02:29 . 2009-12-24 18:07 0 ---ha-w- c:\documents and settings\Owner\hpothb07.dat
2009-12-24 18:59 . 2009-12-24 18:07 5924 ---ha-w- C:\hpothb07.dat
2009-12-24 17:48 . 2009-12-24 17:36 20454 ----a-w- c:\windows\hpoins01.dat
2009-12-20 15:02 . 2009-12-20 15:02 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-16 12:58 . 2009-01-14 19:07 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:35 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:11 . 2005-03-30 01:21 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:35 . 2005-03-30 01:01 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-10 11:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-10 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-10 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2004-08-10 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-03-21 03:42 . 2009-03-21 03:42 305 ---ha-w- c:\program files\hpothb07.dat
2009-03-21 03:42 . 2009-03-21 03:42 515 ---ha-w- c:\program files\hpothb07.tif
2008-08-09 23:33 . 2008-08-09 23:33 0 ----a-w- c:\program files\temp01
2008-06-16 01:27 . 2008-06-13 17:45 1254593 ----a-w- c:\program files\WotLK-F&F-enUS-downloader.exe
2010-01-18 20:09 . 2010-01-18 20:09 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-01-18 20:09 . 2010-01-18 20:09 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-18 20:10 . 2010-01-18 20:10 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-09_15.42.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-07 04:51 . 2007-11-07 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-07 04:51 . 2007-11-07 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2010-02-21 00:33 . 2010-02-21 00:33 16384 c:\windows\temp\Perflib_Perfdata_19c.dat
+ 2008-10-16 20:09 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
+ 2009-01-14 19:09 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
+ 2009-01-14 19:09 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
+ 2008-10-22 09:47 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2008-10-22 09:47 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2004-08-10 11:00 . 2004-08-10 11:00 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-10 11:00 . 2009-10-21 06:00 75776 c:\windows\system32\strmfilt.dll
+ 2009-10-20 23:24 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-20 23:24 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2004-08-10 11:00 . 2004-08-10 11:00 69632 c:\windows\system32\raschap.dll
+ 2004-08-10 11:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
- 2006-03-04 03:33 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-10 11:00 . 2009-12-10 09:22 60662 c:\windows\system32\perfc009.dat
- 2004-08-10 11:00 . 2009-08-28 01:33 60662 c:\windows\system32\perfc009.dat
- 2007-08-14 00:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 00:54 . 2010-01-05 10:00 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 11:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
+ 2009-09-30 09:25 . 2009-11-10 19:34 60932 c:\windows\system32\mlfcache.dat
- 2009-01-18 01:13 . 2009-03-16 01:36 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-18 01:13 . 2009-11-25 14:15 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-10 11:00 . 2010-01-05 10:00 27648 c:\windows\system32\jsproxy.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
- 2007-08-14 00:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-14 00:39 . 2009-12-31 15:33 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-10 11:00 . 2010-01-05 10:00 44544 c:\windows\system32\iernonce.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
+ 2004-08-10 11:00 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-10 11:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-14 00:36 . 2010-01-05 10:00 63488 c:\windows\system32\icardie.dll
- 2007-08-14 00:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2004-08-10 11:00 . 2009-10-21 06:00 25088 c:\windows\system32\httpapi.dll
+ 2009-12-24 17:36 . 2003-03-09 04:31 81920 c:\windows\system32\hpovst08.dll
- 2003-03-09 04:31 . 2003-03-09 04:31 81920 c:\windows\system32\hpovst08.dll
- 2004-08-10 11:00 . 2009-06-16 14:55 82432 c:\windows\system32\fontsub.dll
+ 2004-08-10 11:00 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
+ 2009-09-30 09:02 . 2009-08-29 00:42 40448 c:\windows\system32\drivers\usbaapl.sys
+ 2004-08-10 11:00 . 2009-11-13 22:57 62592 c:\windows\system32\drivers\cdrom.sys
+ 2009-01-14 19:09 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-01-14 19:09 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
- 2004-08-10 11:00 . 2004-08-10 11:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-10 11:00 . 2009-10-21 06:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-10 11:00 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
- 2004-08-10 11:00 . 2004-08-10 11:00 69632 c:\windows\system32\dllcache\raschap.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-03-04 03:33 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-10 11:00 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2004-08-10 11:00 . 2004-08-10 11:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-10 11:00 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-01-16 15:33 . 2010-01-05 10:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-01-16 15:33 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-10 11:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2009-01-16 15:33 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-01-16 15:33 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-10 11:00 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-10 11:00 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-10 11:00 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-16 15:33 . 2010-01-05 10:00 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-01-16 15:33 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-10 11:00 . 2009-10-21 06:00 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2004-08-10 11:00 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll
- 2004-08-10 11:00 . 2009-06-16 14:55 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-10 11:00 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-11-13 22:57 . 2009-11-13 22:57 62592 c:\windows\system32\dllcache\cdrom.sys
+ 2004-08-10 11:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-10 11:00 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-10 11:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-01-14 19:15 . 2010-02-20 16:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-14 19:15 . 2009-10-05 07:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-14 19:15 . 2009-10-05 07:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-14 19:15 . 2010-02-20 16:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-10 11:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll
+ 2003-02-21 01:09 . 2003-02-21 01:09 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5628\_PerfCounter.dll
+ 2003-02-21 01:09 . 2003-02-21 01:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5628\_mscorsn.dll
+ 2003-02-21 01:09 . 2003-02-21 01:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5628\_CORPerfMonExt.dll
+ 2007-01-15 22:11 . 2009-06-24 17:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2007-01-15 22:11 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2009-01-14 19:08 . 2009-06-24 03:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2009-01-14 19:08 . 2007-01-02 22:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2009-01-14 19:08 . 2009-06-24 03:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2009-01-14 19:08 . 2007-01-02 22:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2009-01-14 19:08 . 2007-01-02 22:34 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2009-01-14 19:08 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2009-01-14 19:08 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2009-01-14 19:08 . 2002-06-21 23:31 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2009-10-31 14:08 . 2009-10-31 14:08 22528 c:\windows\Installer\c8fcb1e.msi
+ 2009-11-25 09:00 . 2009-11-25 09:00 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-12-21 03:17 . 2009-12-21 03:17 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
- 2009-01-14 21:26 . 2009-09-30 08:03 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-14 21:26 . 2010-02-10 09:01 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-14 21:26 . 2010-02-10 09:01 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-14 21:26 . 2009-09-30 08:03 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-14 21:26 . 2009-09-30 08:03 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-14 21:26 . 2010-02-10 09:01 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-12-04 06:16 . 2009-12-04 06:16 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-02-07 06:16 . 2010-02-07 06:16 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-02-07 06:16 . 2010-02-07 06:16 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-07 06:16 . 2010-02-07 06:16 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-02-07 06:16 . 2010-02-07 06:16 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-02-07 06:16 . 2010-02-07 06:16 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-07 06:16 . 2010-02-07 06:16 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-07 06:16 . 2010-02-07 06:16 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ARPPRODUCTICON.exe
+ 2006-10-27 04:58 . 2006-10-27 04:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2010-01-23 09:00 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-01-23 09:00 . 2009-10-28 14:36 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-01-23 09:00 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-01-23 09:00 . 2009-10-28 14:36 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-01-23 09:00 . 2009-10-29 07:46 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB976325-IE7\pngfilt.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 52224 c:\windows\ie7updates\KB976325-IE7\msfeedsbs.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 27648 c:\windows\ie7updates\KB976325-IE7\jsproxy.dll
+ 2009-12-10 09:03 . 2009-08-28 10:28 13824 c:\windows\ie7updates\KB976325-IE7\ieudinit.exe
+ 2009-12-10 09:03 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB976325-IE7\iernonce.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 78336 c:\windows\ie7updates\KB976325-IE7\ieencode.dll
+ 2009-12-10 09:03 . 2009-08-28 10:28 70656 c:\windows\ie7updates\KB976325-IE7\ie4uinit.exe
+ 2009-12-10 09:03 . 2009-08-29 07:36 63488 c:\windows\ie7updates\KB976325-IE7\icardie.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 17408 c:\windows\ie7updates\KB976325-IE7\corpol.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-10-14 08:04 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-10-14 08:04 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-10-14 08:04 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-10-14 08:04 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
- 2009-03-06 17:37 . 2003-04-05 11:24 16618 c:\windows\hpomdl01.dat
+ 2009-12-24 17:36 . 2003-04-05 11:24 16618 c:\windows\hpomdl01.dat
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2009-10-14 08:01 . 2009-10-14 08:01 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_3be88547\System.Drawing.Design.dll
+ 2009-10-14 08:01 . 2009-10-14 08:01 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_90177ea3\CustomMarshalers.dll
+ 2009-11-25 09:01 . 2009-07-14 11:03 46080 c:\windows\$NtUninstallKB976098-v2$\tzchange.exe
+ 2009-11-25 09:01 . 2009-10-29 02:03 16896 c:\windows\$NtUninstallKB976098-v2$\spuninst\tzchange.dll
+ 2009-10-14 08:03 . 2004-08-10 11:00 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll
+ 2009-12-10 09:04 . 2004-08-10 11:00 69632 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2010-01-13 09:02 . 2009-06-16 14:55 82432 c:\windows\$NtUninstallKB972270$\fontsub.dll
+ 2009-12-10 09:04 . 2004-08-10 11:00 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll
+ 2009-12-10 09:04 . 2004-08-10 11:00 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll
+ 2009-10-14 08:01 . 2007-01-15 22:11 57344 c:\windows\$NtUninstallKB953295$\togac.exe
+ 2009-10-14 08:01 . 2007-01-15 22:11 57344 c:\windows\$NtUninstallKB953295$\setregni.exe
+ 2009-10-14 08:01 . 2007-01-02 22:29 86016 c:\windows\$NtUninstallKB953295$\mscorld.dll
+ 2009-10-14 08:01 . 2007-01-02 22:29 73728 c:\windows\$NtUninstallKB953295$\mscorie.dll
+ 2009-10-14 08:01 . 2007-01-02 22:34 32768 c:\windows\$NtUninstallKB953295$\aspnet_wp.exe
+ 2009-10-14 08:01 . 2002-06-21 23:31 32768 c:\windows\$NtUninstallKB953295$\aspnet_state.exe
+ 2010-01-14 16:24 . 2004-08-10 11:00 49536 c:\windows\$NtUninstallKB952011$\cdrom.sys
+ 2009-11-04 09:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976749-IE7\update\spcustom.dll
+ 2009-11-04 09:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976749-IE7\spmsg.dll
+ 2009-12-10 09:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE7\update\spcustom.dll
+ 2009-12-10 09:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976325-IE7\spmsg.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\pngfilt.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 52224 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeedsbs.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 27648 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\jsproxy.dll
+ 2009-10-28 14:05 . 2009-10-28 14:05 13824 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieudinit.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iernonce.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 78336 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieencode.dll
+ 2009-10-28 14:05 . 2009-10-28 14:05 70656 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ie4uinit.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 63488 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\icardie.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 17408 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\corpol.dll
+ 2009-10-14 08:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
+ 2009-10-14 08:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975467\spmsg.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll
+ 2009-10-14 08:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
+ 2009-10-14 08:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll
+ 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\$hf_mig$\KB974571\SP3GDR\msasn1.dll
+ 2009-09-04 20:36 . 2009-09-04 20:36 58880 c:\windows\$hf_mig$\KB974571\SP2QFE\msasn1.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974455-IE7\update\spcustom.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974455-IE7\spmsg.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 44544 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\pngfilt.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 52224 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msfeedsbs.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 27648 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\jsproxy.dll
+ 2009-08-28 10:01 . 2009-08-28 10:01 13824 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieudinit.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 44544 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iernonce.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 78336 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieencode.dll
+ 2009-08-28 10:01 . 2009-08-28 10:01 70656 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ie4uinit.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 63488 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\icardie.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 17408 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\corpol.dll
+ 2009-12-10 09:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2009-12-10 09:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2009-12-10 09:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2009-12-10 09:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:28 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\$hf_mig$\KB974318\SP3GDR\raschap.dll
+ 2009-10-12 13:41 . 2009-10-12 13:41 69632 c:\windows\$hf_mig$\KB974318\SP2QFE\raschap.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll
+ 2009-12-10 09:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2009-12-10 09:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2009-11-25 09:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll
+ 2009-11-25 09:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973687\spmsg.dll
+ 2009-10-14 08:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll
+ 2009-10-14 08:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll
+ 2010-01-13 09:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972270\update\spcustom.dll
+ 2010-01-13 09:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972270\spmsg.dll
+ 2010-01-13 03:34 . 2009-10-15 16:39 81920 c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll
+ 2010-01-13 03:34 . 2009-10-15 16:28 81920 c:\windows\$hf_mig$\KB972270\SP3GDR\fontsub.dll
+ 2010-01-13 03:34 . 2009-10-15 16:56 81920 c:\windows\$hf_mig$\KB972270\SP2QFE\fontsub.dll
+ 2009-12-10 09:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971737\update\spcustom.dll
+ 2009-12-10 09:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971737\spmsg.dll
+ 2009-10-14 08:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll
+ 2009-10-14 08:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971486\spmsg.dll
+ 2009-12-10 09:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2009-12-10 09:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\$hf_mig$\KB970430\SP3GDR\strmfilt.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\$hf_mig$\KB970430\SP3GDR\httpapi.dll
+ 2009-10-21 05:50 . 2009-10-21 05:50 75776 c:\windows\$hf_mig$\KB970430\SP2QFE\strmfilt.dll
+ 2009-10-21 05:50 . 2009-10-21 05:50 25088 c:\windows\$hf_mig$\KB970430\SP2QFE\httpapi.dll
+ 2009-11-11 09:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll
+ 2009-11-11 09:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969947\spmsg.dll
+ 2009-10-14 08:04 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
+ 2009-10-14 08:04 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll
+ 2010-01-13 09:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-01-13 09:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB955759\spmsg.dll
+ 2010-01-12 23:07 . 2009-03-25 05:54 39424 c:\windows\$hf_mig$\KB955759\SP2QFE\acadproc.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll
- 2009-01-14 19:08 . 2007-01-02 22:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2009-01-14 19:08 . 2009-06-29 16:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2009-10-14 08:01 . 2007-01-02 22:29 8192 c:\windows\$NtUninstallKB953295$\ieexec.exe
+ 2007-11-07 07:19 . 2007-11-07 07:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 02:23 . 2007-11-07 02:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2009-07-12 07:12 . 2009-07-12 07:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 07:09 . 2009-07-12 07:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 07:08 . 2009-07-12 07:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-01-14 19:09 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll
+ 2009-01-14 19:09 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll
+ 2009-01-14 19:09 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-10 11:00 . 2009-04-10 06:01 530280 c:\windows\system32\wmspdmod.dll
+ 2004-08-10 11:00 . 2009-08-25 09:47 352256 c:\windows\system32\winhttp.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 233472 c:\windows\system32\webcheck.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 105984 c:\windows\system32\url.dll
- 2004-08-10 11:00 . 2009-06-16 14:55 119808 c:\windows\system32\t2embed.dll
+ 2004-08-10 11:00 . 2009-10-16 04:51 119808 c:\windows\system32\t2embed.dll
+ 2004-08-10 11:00 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
- 2004-08-10 11:00 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
- 2006-03-04 03:33 . 2008-10-16 10:37 474112 c:\windows\system32\shlwapi.dll
+ 2006-03-04 03:33 . 2009-12-08 09:13 474112 c:\windows\system32\shlwapi.dll
- 2004-08-10 11:00 . 2004-08-10 11:00 112128 c:\windows\system32\rastls.dll
+ 2004-08-10 11:00 . 2009-10-12 13:54 112128 c:\windows\system32\rastls.dll
+ 2004-08-10 11:00 . 2009-12-10 09:22 404298 c:\windows\system32\perfh009.dat
- 2004-08-10 11:00 . 2009-08-28 01:33 404298 c:\windows\system32\perfh009.dat
+ 2004-08-10 11:00 . 2010-01-05 10:00 102912 c:\windows\system32\occache.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
- 2004-08-10 11:00 . 2004-08-10 11:00 266752 c:\windows\system32\oakley.dll
+ 2004-08-10 11:00 . 2009-10-13 10:53 266752 c:\windows\system32\oakley.dll
+ 2009-06-02 02:06 . 2009-08-07 00:23 215920 c:\windows\system32\muweb.dll
+ 2009-06-02 02:06 . 2009-08-07 00:23 274288 c:\windows\system32\mucltui.dll
- 2004-08-10 11:00 . 2009-06-25 08:17 136192 c:\windows\system32\msv1_0.dll
+ 2004-08-10 11:00 . 2009-09-11 14:03 136192 c:\windows\system32\msv1_0.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 671232 c:\windows\system32\mstime.dll
- 2006-03-04 03:33 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 193024 c:\windows\system32\msrating.dll
- 2006-03-04 03:33 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2006-03-04 03:33 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 477696 c:\windows\system32\mshtmled.dll
- 2007-08-14 00:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-14 00:54 . 2010-01-05 10:00 459264 c:\windows\system32\msfeeds.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-11-13 22:57 . 2009-11-13 22:57 922112 c:\windows\system32\imapi2fs.dll
+ 2009-11-13 22:57 . 2009-11-13 22:57 426496 c:\windows\system32\imapi2.dll
- 2007-08-14 00:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2007-08-14 00:34 . 2010-01-05 10:00 268288 c:\windows\system32\iertutil.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 192512 c:\windows\system32\iepeers.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 18:27 . 2010-01-05 10:00 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 18:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 11:00 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
- 2004-08-10 11:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 230400 c:\windows\system32\ieaksie.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 153088 c:\windows\system32\ieakeng.dll
- 2003-02-28 16:10 . 2003-03-09 04:31 274432 c:\windows\system32\hpgwiamd.dll
+ 2003-02-28 16:10 . 2003-02-28 16:10 274432 c:\windows\system32\hpgwiamd.dll
+ 2009-01-14 13:01 . 2009-11-11 10:02 283720 c:\windows\system32\FNTCACHE.DAT
- 2006-03-04 03:33 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 133120 c:\windows\system32\extmgr.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 214528 c:\windows\system32\dxtrans.dll
- 2006-03-04 03:33 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-10 11:00 . 2009-10-20 14:58 263552 c:\windows\system32\drivers\http.sys
+ 2009-01-14 19:09 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-01-14 19:09 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-01-14 19:09 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-10 11:00 . 2009-04-10 06:01 530280 c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-10 11:00 . 2009-08-25 09:47 352256 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-10 11:00 . 2009-10-16 04:51 119808 c:\windows\system32\dllcache\t2embed.dll
- 2004-08-10 11:00 . 2009-06-16 14:55 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-10 11:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
- 2004-08-10 11:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-10 11:00 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
+ 2006-03-04 03:33 . 2009-12-08 09:13 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2006-03-04 03:33 . 2008-10-16 10:37 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-10 11:00 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll
- 2004-08-10 11:00 . 2004-08-10 11:00 112128 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-10 11:00 . 2004-08-10 11:00 266752 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-10 11:00 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-10 11:00 . 2009-09-11 14:03 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2004-08-10 11:00 . 2009-06-25 08:17 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2006-03-04 03:33 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-03-04 03:33 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-01-14 19:07 . 2009-12-16 12:58 343040 c:\windows\system32\dllcache\mspaint.exe
- 2009-01-14 19:07 . 2004-08-10 11:00 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2006-03-04 03:33 . 2010-01-05 10:00 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-03-04 03:33 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2009-01-16 15:33 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-01-16 15:33 . 2010-01-05 10:00 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-01-15 22:53 . 2009-12-04 14:41 453760 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-11-13 22:57 . 2009-11-13 22:57 922112 c:\windows\system32\dllcache\imapi2fs.dll
+ 2009-11-13 22:57 . 2009-11-13 22:57 426496 c:\windows\system32\dllcache\imapi2.dll
+ 2005-08-16 10:40 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe
- 2009-01-16 15:33 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-01-16 15:33 . 2010-01-05 10:00 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-01-16 15:33 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-01-16 15:33 . 2010-01-05 10:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-10 11:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-10 11:00 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\system32\dllcache\http.sys
- 2006-03-04 03:33 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-03-04 03:33 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-03-04 03:33 . 2010-01-05 10:00 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 11:00 . 2009-11-21 16:36 470528 c:\windows\system32\dllcache\aclayers.dll
- 2004-08-10 11:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2004-08-10 11:00 . 2010-01-05 10:00 124928 c:\windows\system32\advpack.dll
+ 2003-02-21 10:42 . 2003-02-21 10:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5628\_msvcr71.dll
+ 2003-02-21 01:06 . 2003-02-21 01:06 311296 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5628\_mscorjit.dll
+ 2003-02-21 01:06 . 2003-02-21 01:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5628\_fusion.dll
+ 2003-02-21 01:19 . 2003-02-21 01:19 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5628\_aspnet_isapi.dll
+ 2009-01-14 19:08 . 2009-06-24 02:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2009-01-14 19:08 . 2004-07-20 00:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2009-01-14 19:08 . 2009-06-24 03:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2009-01-14 19:08 . 2007-01-02 22:34 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2009-11-25 09:00 . 2009-11-25 09:00 429568 c:\windows\Installer\47e0b321.msi
+ 2009-12-20 15:09 . 2009-12-20 15:09 796672 c:\windows\Installer\34c0d253.msi
+ 2009-11-02 09:00 . 2009-11-02 09:00 195584 c:\windows\Installer\217998f.msi
+ 2009-11-01 23:08 . 2009-11-01 23:08 228352 c:\windows\Installer\13a816fb.msi

+ 2009-12-20 15:18 . 2009-12-20 15:18 102400 c:\windows\Installer\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}\iTunesIco.exe
+ 2009-01-14 21:26 . 2010-02-10 09:01 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-14 21:26 . 2009-09-30 08:03 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-14 21:26 . 2009-09-30 08:03 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-14 21:26 . 2010-02-10 09:01 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-14 21:26 . 2010-02-10 09:01 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-14 21:26 . 2009-09-30 08:03 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-14 21:26 . 2010-02-10 09:01 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-14 21:26 . 2009-09-30 08:03 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-01-14 21:26 . 2010-02-10 09:01 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-14 21:26 . 2009-09-30 08:03 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-23 09:00 . 2009-10-29 07:46 832512 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-01-23 09:00 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-01-23 09:00 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-01-23 09:00 . 2009-10-29 07:46 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-01-23 09:00 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-01-23 09:00 . 2009-10-29 07:46 268288 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-01-23 09:00 . 2007-08-14 00:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 385024 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 380928 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-01-23 09:00 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2009-11-04 09:00 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-11-04 09:00 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2009-12-10 09:03 . 2009-08-29 07:36 832512 c:\windows\ie7updates\KB976325-IE7\wininet.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 233472 c:\windows\ie7updates\KB976325-IE7\webcheck.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 105984 c:\windows\ie7updates\KB976325-IE7\url.dll
+ 2009-12-10 09:03 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976325-IE7\spuninst\updspapi.dll
+ 2009-12-10 09:03 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976325-IE7\spuninst\spuninst.exe
+ 2009-12-10 09:03 . 2009-08-29 07:36 102912 c:\windows\ie7updates\KB976325-IE7\occache.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 671232 c:\windows\ie7updates\KB976325-IE7\mstime.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 193024 c:\windows\ie7updates\KB976325-IE7\msrating.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 477696 c:\windows\ie7updates\KB976325-IE7\mshtmled.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 459264 c:\windows\ie7updates\KB976325-IE7\msfeeds.dll
+ 2009-12-10 09:03 . 2009-08-27 05:18 634648 c:\windows\ie7updates\KB976325-IE7\iexplore.exe
+ 2009-12-10 09:03 . 2009-08-29 07:36 268288 c:\windows\ie7updates\KB976325-IE7\iertutil.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 385024 c:\windows\ie7updates\KB976325-IE7\iedkcs32.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 380928 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dll
+ 2009-12-10 09:03 . 2009-08-27 05:18 161792 c:\windows\ie7updates\KB976325-IE7\ieakui.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 230400 c:\windows\ie7updates\KB976325-IE7\ieaksie.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 153088 c:\windows\ie7updates\KB976325-IE7\ieakeng.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 133120 c:\windows\ie7updates\KB976325-IE7\extmgr.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 214528 c:\windows\ie7updates\KB976325-IE7\dxtrans.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 347136 c:\windows\ie7updates\KB976325-IE7\dxtmsft.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 124928 c:\windows\ie7updates\KB976325-IE7\advpack.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-10-14 08:04 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-10-14 08:04 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-10-14 08:04 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-10-14 08:04 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2009-01-15 22:53 . 2009-12-04 14:41 453760 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\Driver Cache\i386\http.sys
+ 2009-10-14 08:01 . 2009-10-14 08:01 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_47f867e9\System.Drawing.dll
+ 2004-08-10 11:00 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll
+ 2009-11-25 09:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB976098-v2$\spuninst\updspapi.dll
+ 2009-11-25 09:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB976098-v2$\spuninst\spuninst.exe
+ 2009-10-14 08:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975467$\spuninst\updspapi.dll
+ 2009-10-14 08:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe
+ 2009-10-14 08:00 . 2009-06-25 08:17 136192 c:\windows\$NtUninstallKB975467$\msv1_0.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975025$\spuninst\updspapi.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe
+ 2009-10-14 08:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974571$\spuninst\updspapi.dll
+ 2009-10-14 08:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe
+ 2009-12-10 09:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2009-12-10 09:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2009-12-10 09:02 . 2004-08-10 11:00 266752 c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2009-12-10 09:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2009-12-10 09:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2009-12-10 09:04 . 2004-08-10 11:00 112128 c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2009-10-14 08:04 . 2008-10-03 10:15 247326 c:\windows\$NtUninstallKB974112$\strmdll.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974112$\spuninst\updspapi.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe
+ 2009-12-10 09:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2009-12-10 09:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2009-11-25 09:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll
+ 2009-11-25 09:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2009-10-14 08:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973525$\spuninst\updspapi.dll
+ 2009-10-14 08:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe
+ 2010-01-13 09:02 . 2009-06-16 14:55 119808 c:\windows\$NtUninstallKB972270$\t2embed.dll
+ 2010-01-13 09:02 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll
+ 2010-01-13 09:02 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2009-12-10 09:02 . 2008-12-16 12:47 351232 c:\windows\$NtUninstallKB971737$\winhttp.dll
+ 2009-12-10 09:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971737$\spuninst\updspapi.dll
+ 2009-12-10 09:02 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2009-10-14 08:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971486$\spuninst\updspapi.dll
+ 2009-10-14 08:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe
+ 2009-12-10 09:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970430$\spuninst\updspapi.dll
+ 2009-12-10 09:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2009-12-10 09:04 . 2004-08-10 11:00 263040 c:\windows\$NtUninstallKB970430$\http.sys
+ 2009-11-11 09:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
+ 2009-11-11 09:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe
+ 2009-10-14 08:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969059$\spuninst\updspapi.dll
+ 2009-10-14 08:04 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe
+ 2009-10-14 08:06 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB958869$\spuninst\updspapi.dll
+ 2009-10-14 08:06 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe
+ 2010-01-13 09:02 . 2009-05-26 23:10 382840 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-01-13 09:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-01-13 09:02 . 2004-08-10 11:00 450048 c:\windows\$NtUninstallKB955759$\aclayers.dll
+ 2009-10-14 08:06 . 2004-08-10 11:00 523776 c:\windows\$NtUninstallKB954155_WM9$\wmspdmod.dll
+ 2009-10-14 08:06 . 2007-07-27 15:41 382840 c:\windows\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll
+ 2009-10-14 08:06 . 2007-07-27 15:41 231288 c:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe
+ 2009-10-14 08:01 . 2009-04-13 18:42 371424 c:\windows\$NtUninstallKB953295$\spuninst\updspapi.dll
+ 2009-10-14 08:01 . 2009-04-13 18:42 213216 c:\windows\$NtUninstallKB953295$\spuninst\spuninst.exe
+ 2009-10-14 08:01 . 2004-07-20 00:54 303104 c:\windows\$NtUninstallKB953295$\mscorjit.dll
+ 2009-10-14 08:01 . 2007-01-02 22:34 200704 c:\windows\$NtUninstallKB953295$\aspnet_isapi.dll
+ 2010-01-14 16:24 . 2009-11-13 22:57 379184 c:\windows\$NtUninstallKB952011$\spuninst\updspapi.dll
+ 2010-01-14 16:24 . 2009-11-13 22:57 221488 c:\windows\$NtUninstallKB952011$\spuninst\spuninst.exe
+ 2009-11-04 09:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976749-IE7\update\updspapi.dll
+ 2009-11-04 09:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976749-IE7\update\update.exe
+ 2009-11-04 09:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976749-IE7\spuninst.exe
+ 2009-12-10 09:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976325-IE7\update\updspapi.dll
+ 2009-12-10 09:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976325-IE7\update\update.exe
+ 2009-12-10 09:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976325-IE7\spuninst.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 841216 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 233472 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\webcheck.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 105984 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\url.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 102912 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\occache.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 671232 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mstime.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 193024 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msrating.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 477696 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtmled.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 459264 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeeds.dll
+ 2009-10-28 06:54 . 2009-10-28 06:54 634632 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 268288 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iertutil.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 388608 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iedkcs32.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 380928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dll
+ 2009-10-28 06:52 . 2009-10-28 06:52 161792 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakui.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 230400 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieaksie.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 153088 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakeng.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 132608 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\extmgr.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 214528 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtrans.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 347136 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtmsft.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 124928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\advpack.dll
+ 2009-10-14 08:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975467\update\updspapi.dll
+ 2009-10-14 08:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975467\update\update.exe
+ 2009-10-14 08:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975467\spuninst.exe
+ 2009-09-11 14:13 . 2009-09-11 14:13 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll
+ 2009-09-11 14:18 . 2009-09-11 14:18 136192 c:\windows\$hf_mig$\KB975467\SP3GDR\msv1_0.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2009-10-14 08:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2009-10-14 08:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2009-10-14 08:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2009-10-14 08:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2009-10-14 08:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974455-IE7\update\updspapi.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974455-IE7\update\update.exe
+ 2009-10-14 08:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974455-IE7\spuninst.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 840704 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 233472 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\webcheck.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 105984 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\url.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 102912 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\occache.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 671232 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mstime.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 193024 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msrating.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 477696 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtmled.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 459264 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msfeeds.dll
+ 2009-08-27 05:18 . 2009-08-27 05:18 634648 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 268288 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iertutil.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 388608 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iedkcs32.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 380928 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dll
+ 2009-08-27 05:18 . 2009-08-27 05:18 161792 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieakui.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 230400 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieaksie.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 153088 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieakeng.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 132608 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\extmgr.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 214528 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\dxtrans.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 347136 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\dxtmsft.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 124928 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\advpack.dll
+ 2009-12-10 09:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2009-12-10 09:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2009-12-10 09:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:38 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\$hf_mig$\KB974392\SP3GDR\oakley.dll
+ 2009-10-13 10:45 . 2009-10-13 10:45 270336 c:\windows\$hf_mig$\KB974392\SP2QFE\oakley.dll
+ 2009-12-10 09:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2009-12-10 09:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2009-12-10 09:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:28 . 2009-10-12 13:28 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\$hf_mig$\KB974318\SP3GDR\rastls.dll
+ 2009-10-12 13:41 . 2009-10-12 13:41 113664 c:\windows\$hf_mig$\KB974318\SP2QFE\rastls.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2009-10-14 08:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2009-08-26 08:03 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
+ 2009-08-26 08:00 . 2009-08-26 08:00 247326 c:\windows\$hf_mig$\KB974112\SP3GDR\strmdll.dll
+ 2009-08-26 07:58 . 2009-08-26 07:58 247326 c:\windows\$hf_mig$\KB974112\SP2QFE\strmdll.dll
+ 2009-12-10 09:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2009-12-10 09:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2009-12-10 09:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2009-12-09 20:27 . 2009-07-29 14:01 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2009-11-25 09:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2009-11-25 09:01 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2009-11-25 09:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2009-10-14 08:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973525\update\updspapi.dll
+ 2009-10-14 08:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973525\update\update.exe
+ 2009-10-14 08:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973525\spuninst.exe
+ 2010-01-13 09:02 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB972270\update\updspapi.dll
+ 2010-01-13 09:02 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB972270\update\update.exe
+ 2010-01-13 09:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB972270\spuninst.exe
+ 2010-01-13 03:34 . 2009-10-15 16:39 119808 c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll
+ 2010-01-13 03:34 . 2009-10-15 16:28 119808 c:\windows\$hf_mig$\KB972270\SP3GDR\t2embed.dll
+ 2010-01-13 03:34 . 2009-10-15 16:56 119808 c:\windows\$hf_mig$\KB972270\SP2QFE\t2embed.dll
+ 2009-12-10 09:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971737\update\updspapi.dll
+ 2009-12-10 09:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971737\update\update.exe
+ 2009-12-10 09:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971737\spuninst.exe
+ 2009-08-25 09:27 . 2009-08-25 09:27 354816 c:\windows\$hf_mig$\KB971737\SP3QFE\winhttp.dll
+ 2009-08-25 09:17 . 2009-08-25 09:17 354816 c:\windows\$hf_mig$\KB971737\SP3GDR\winhttp.dll
+ 2009-08-25 09:32 . 2009-08-25 09:32 354816 c:\windows\$hf_mig$\KB971737\SP2QFE\winhttp.dll
+ 2009-10-14 08:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971486\update\updspapi.dll
+ 2009-10-14 08:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971486\update\update.exe
+ 2009-10-14 08:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971486\spuninst.exe
+ 2009-12-10 09:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2009-12-10 09:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2009-12-10 09:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\$hf_mig$\KB970430\SP3GDR\http.sys
+ 2009-10-20 14:41 . 2009-10-20 14:41 265728 c:\windows\$hf_mig$\KB970430\SP2QFE\http.sys
+ 2009-11-11 09:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
+ 2009-11-11 09:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969947\update\update.exe
+ 2009-11-11 09:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969947\spuninst.exe
+ 2009-10-14 08:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
+ 2009-10-14 08:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2009-10-14 08:04 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2010-01-13 09:02 . 2009-05-26 23:10 382840 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-01-13 09:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-01-13 09:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-01-12 23:07 . 2009-11-21 15:40 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2010-01-12 23:07 . 2009-11-21 15:51 471552 c:\windows\$hf_mig$\KB955759\SP3GDR\aclayers.dll
+ 2010-01-12 23:07 . 2009-11-21 16:24 470528 c:\windows\$hf_mig$\KB955759\SP2QFE\aclayers.dll
+ 2009-10-14 05:48 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-01-14 19:09 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-10 11:00 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys
+ 2009-09-30 09:02 . 2009-08-29 00:42 2065696 c:\windows\system32\usbaaplrc.dll
+ 2006-03-18 11:09 . 2010-01-05 10:00 1168384 c:\windows\system32\urlmon.dll
- 2004-08-10 11:00 . 2004-08-10 11:00 1435648 c:\windows\system32\query.dll
+ 2004-08-10 11:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-10 11:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2006-03-23 17:32 . 2010-01-05 10:00 3599360 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-14 00:54 . 2010-01-05 10:00 6067200 c:\windows\system32\ieframe.dll
- 2007-08-14 00:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2009-08-18 04:33 . 2009-08-18 04:33 1193832 c:\windows\system32\FM20.DLL
+ 2009-01-14 19:09 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-10 11:00 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2006-03-18 11:09 . 2010-01-05 10:00 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-10 11:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
- 2004-08-10 11:00 . 2004-08-10 11:00 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-10 11:00 . 2009-11-27 17:33 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-15 23:02 . 2009-12-08 18:14 2185984 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-01-15 23:02 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-15 23:02 . 2009-12-08 17:35 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-15 23:02 . 2009-12-08 17:35 2063104 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-01-15 23:02 . 2009-12-08 18:11 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-01-15 23:02 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-10 11:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-03-23 17:32 . 2010-01-05 10:00 3599360 c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 15:33 . 2010-01-05 10:00 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2009-01-16 15:33 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2003-02-21 01:08 . 2003-02-21 01:08 2482176 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5628\_mscorwks.dll
+ 2003-02-21 01:07 . 2003-02-21 01:07 2494464 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5628\_mscorsvr.dll
+ 2003-02-21 13:26 . 2003-02-21 13:26 2088960 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5628\_mscorlib.dll
+ 2009-01-14 19:08 . 2009-06-29 16:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2009-01-14 19:08 . 2007-01-02 22:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2009-01-14 19:08 . 2007-01-02 22:28 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2009-01-14 19:08 . 2009-06-24 03:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2009-01-14 19:08 . 2007-01-02 22:28 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2009-01-14 19:08 . 2009-06-24 03:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2009-01-14 19:08 . 2007-01-02 22:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2009-01-14 19:08 . 2009-06-29 16:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2009-08-05 12:49 . 2009-08-05 12:49 3457024 c:\windows\Installer\9204f87.msp
+ 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\9204f72.msp
+ 2009-09-18 14:30 . 2009-09-18 14:30 5016576 c:\windows\Installer\9204f5f.msp
+ 2009-08-18 18:08 . 2009-08-18 18:08 1373696 c:\windows\Installer\9204f4c.msp
+ 2009-12-24 17:40 . 2009-12-24 17:40 2030592 c:\windows\Installer\4bdc1.msi
+ 2009-12-24 17:39 . 2009-12-24 17:39 2399744 c:\windows\Installer\4bd65.msi
+ 2010-01-15 03:26 . 2010-01-15 03:26 5027840 c:\windows\Installer\4afdafdf.msp
+ 2009-10-16 13:03 . 2009-10-16 13:03 5003776 c:\windows\Installer\3c0a4db.msp
+ 2009-08-18 18:58 . 2009-08-18 18:58 8301056 c:\windows\Installer\3c0a4c8.msp
+ 2009-08-18 18:57 . 2009-08-18 18:57 9122304 c:\windows\Installer\3c0a4b5.msp
+ 2010-02-07 06:16 . 2010-02-07 06:16 1262080 c:\windows\Installer\3af31275.msi
+ 2009-12-03 20:15 . 2009-12-03 20:15 5004288 c:\windows\Installer\35e548c4.msp
+ 2009-12-20 15:18 . 2009-12-20 15:18 4454912 c:\windows\Installer\34c0dc81.msi
+ 2009-12-20 15:12 . 2009-12-20 15:12 9473024 c:\windows\Installer\34c0d4e6.msi
+ 2009-12-24 17:57 . 2009-12-24 17:57 1195008 c:\windows\Installer\2ba92.msi
+ 2009-10-28 20:41 . 2009-10-28 20:41 1545216 c:\windows\Installer\298780ed.msi
+ 2009-11-21 05:36 . 2009-11-21 05:36 5002752 c:\windows\Installer\224b3296.msp
+ 2009-10-16 13:09 . 2009-10-16 13:09 2518016 c:\windows\Installer\224b3283.msp
+ 2009-01-14 21:26 . 2010-02-10 09:01 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-14 21:26 . 2009-09-30 08:03 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-14 21:26 . 2010-02-10 09:01 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-14 21:26 . 2009-09-30 08:03 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-21 08:12 . 2008-11-21 08:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\VVIEWER.DLL
+ 2008-10-25 14:35 . 2008-10-25 14:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
+ 2009-02-05 16:36 . 2009-02-05 16:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OGL.DLL
+ 2009-03-06 09:26 . 2009-03-06 09:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2008-11-21 04:06 . 2008-11-21 04:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2010-01-23 09:00 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-01-23 09:00 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2009-11-04 09:00 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 1168384 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2009-12-10 09:03 . 2009-10-21 04:08 3598336 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2009-12-10 09:03 . 2009-08-29 07:36 6067200 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
+ 2009-10-14 08:04 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-14 08:04 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-14 08:04 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2009-01-14 19:11 . 2009-12-08 18:14 2185984 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-14 19:11 . 2009-12-08 17:35 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-01-14 19:11 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-01-14 19:11 . 2009-12-08 17:35 2063104 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-01-14 19:11 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-01-14 19:11 . 2009-12-08 18:11 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-14 08:01 . 2009-10-14 08:01 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_3fc2ab16\System.dll
+ 2009-10-14 08:02 . 2009-10-14 08:02 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_43188096\System.Xml.dll
+ 2009-10-14 08:01 . 2009-10-14 08:01 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_fc4016a0\System.Windows.Forms.dll
+ 2009-10-14 08:01 . 2009-10-14 08:01 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_14a9b295\System.Design.dll
+ 2009-10-14 08:01 . 2009-10-14 08:01 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_6bb4dcac\mscorlib.dll
+ 2009-10-14 08:01 . 2009-10-14 08:01 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-01-16 09:01 . 2009-01-16 09:01 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-11-25 09:01 . 2008-09-04 16:42 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2009-10-14 08:02 . 2009-02-06 10:29 2142720 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
+ 2009-10-14 08:02 . 2009-02-06 09:49 2020864 c:\windows\$NtUninstallKB971486$\ntkrpamp.exe
+ 2009-10-14 08:02 . 2009-02-06 09:49 2020864 c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
+ 2009-10-14 08:02 . 2009-02-06 10:29 2142720 c:\windows\$NtUninstallKB971486$\ntkrnlmp.exe
+ 2009-11-11 09:00 . 2009-04-17 09:58 1846656 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2009-10-14 08:04 . 2004-08-10 11:00 1435648 c:\windows\$NtUninstallKB969059$\query.dll
+ 2009-10-14 08:01 . 2007-01-02 22:40 1200128 c:\windows\$NtUninstallKB953295$\system.web.dll
+ 2009-10-14 08:01 . 2007-01-02 22:28 2281472 c:\windows\$NtUninstallKB953295$\mscorwks.dll
+ 2009-10-14 08:01 . 2007-01-02 22:28 2273280 c:\windows\$NtUninstallKB953295$\mscorsvr.dll
+ 2009-10-14 08:01 . 2007-01-02 22:21 1998848 c:\windows\$NtUninstallKB953295$\mscorlib.dll
+ 2009-10-21 03:59 . 2009-10-21 03:59 3602432 c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 1170944 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\urlmon.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 3602432 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 6070784 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieframe.dll
+ 2009-12-09 20:45 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dat
+ 2009-08-29 07:31 . 2009-08-29 07:31 1170944 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\urlmon.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 3600384 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 6070784 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieframe.dll
+ 2009-10-14 05:48 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dat
+ 2009-11-25 06:28 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2009-11-25 06:28 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2009-07-31 16:05 . 2009-07-31 16:05 1372672 c:\windows\$hf_mig$\KB973687\SP3GDR\msxml6.dll
+ 2009-11-25 06:28 . 2009-07-31 04:35 1172480 c:\windows\$hf_mig$\KB973687\SP3GDR\msxml3.dll
+ 2009-11-25 06:28 . 2009-07-31 04:36 1172480 c:\windows\$hf_mig$\KB973687\SP2QFE\msxml3.dll
+ 2009-10-14 05:46 . 2009-08-04 13:56 2189312 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
+ 2009-10-14 05:46 . 2009-08-04 13:17 2023936 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe
+ 2009-08-04 23:47 . 2009-08-04 23:47 2066176 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
+ 2009-10-14 05:46 . 2009-08-04 13:54 2145280 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe
+ 2009-08-05 01:44 . 2009-08-05 01:44 2189184 c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
+ 2009-10-14 05:46 . 2009-08-04 14:20 2023936 c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrpamp.exe
+ 2009-10-14 05:46 . 2009-08-04 14:20 2066048 c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
+ 2009-10-14 05:46 . 2009-08-04 15:13 2145280 c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlmp.exe
+ 2009-08-14 12:19 . 2009-08-14 12:19 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2009-08-14 13:21 . 2009-08-14 13:21 1850624 c:\windows\$hf_mig$\KB969947\SP3GDR\win32k.sys
+ 2009-08-14 11:22 . 2009-08-14 11:22 1859328 c:\windows\$hf_mig$\KB969947\SP2QFE\win32k.sys
+ 2009-07-17 16:01 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\$hf_mig$\KB969059\SP3GDR\query.dll
+ 2009-07-17 16:10 . 2009-07-17 16:10 1435648 c:\windows\$hf_mig$\KB969059\SP2QFE\query.dll
+ 2009-12-13 09:00 . 2009-12-13 09:00 19210240 c:\windows\Installer\f655478.msp
+ 2009-11-07 09:01 . 2009-11-07 09:01 19210240 c:\windows\Installer\f640217.msp
+ 2010-01-26 09:01 . 2010-01-26 09:01 19210240 c:\windows\Installer\f620da9.msp
+ 2009-11-28 09:00 . 2009-11-28 09:00 19210240 c:\windows\Installer\f61e716.msp
+ 2010-02-13 09:00 . 2010-02-13 09:00 19210240 c:\windows\Installer\f6064db.msp
+ 2010-01-16 09:00 . 2010-01-16 09:00 19210240 c:\windows\Installer\f5e2859.msp
+ 2009-10-29 08:00 . 2009-10-29 08:00 19210240 c:\windows\Installer\f3ec36.msp
+ 2009-11-14 09:00 . 2009-11-14 09:00 19210240 c:\windows\Installer\f3ce8fe.msp
+ 2009-12-03 16:56 . 2009-12-03 16:56 19210240 c:\windows\Installer\e6f0839.msp
+ 2009-12-23 09:00 . 2009-12-23 09:00 19210240 c:\windows\Installer\e1707f6.msp
+ 2009-12-06 09:00 . 2009-12-06 09:00 19210240 c:\windows\Installer\db1aa32.msp
+ 2010-01-29 09:00 . 2010-01-29 09:00 19210240 c:\windows\Installer\d3103bf.msp
+ 2009-10-23 08:03 . 2009-10-23 08:03 19210240 c:\windows\Installer\d107e1f.msp
+ 2010-01-21 09:00 . 2010-01-21 09:00 19210240 c:\windows\Installer\cefe064.msp
+ 2009-12-03 09:00 . 2009-12-03 09:00 19210240 c:\windows\Installer\cbdc686.msp
+ 2009-12-27 09:00 . 2009-12-27 09:00 19210240 c:\windows\Installer\cb099e8.msp
+ 2010-01-05 09:00 . 2010-01-05 09:00 19210240 c:\windows\Installer\caeccd8.msp
+ 2009-10-12 08:00 . 2009-10-12 08:00 19210240 c:\windows\Installer\c2139ce.msp
+ 2009-10-17 08:00 . 2009-10-17 08:00 19210240 c:\windows\Installer\bc7407a.msp
+ 2009-10-31 08:01 . 2009-10-31 08:01 19210240 c:\windows\Installer\b40425f.msp
+ 2009-11-06 09:00 . 2009-11-06 09:00 19210240 c:\windows\Installer\a3ebce6.msp
+ 2010-01-25 09:00 . 2010-01-25 09:00 19210240 c:\windows\Installer\a3ddb7e.msp
+ 2010-02-12 09:00 . 2010-02-12 09:00 19210240 c:\windows\Installer\a3dbcbb.msp
+ 2009-11-27 09:00 . 2009-11-27 09:00 19210240 c:\windows\Installer\a3d4682.msp
+ 2009-12-12 09:00 . 2009-12-12 09:00 19210240 c:\windows\Installer\a3c01dc.msp
+ 2010-01-15 09:00 . 2010-01-15 09:00 19210240 c:\windows\Installer\a3b7dd8.msp
+ 2009-11-13 09:00 . 2009-11-13 09:00 19210240 c:\windows\Installer\a12b6e1.msp
+ 2009-10-14 08:02 . 2009-10-14 08:02 19210240 c:\windows\Installer\9204f36.msp
+ 2009-08-18 17:50 . 2009-08-18 17:50 12022272 c:\windows\Installer\9204f34.msp
+ 2009-12-22 09:00 . 2009-12-22 09:00 19210240 c:\windows\Installer\8f0a2af.msp
+ 2009-12-05 09:00 . 2009-12-05 09:00 19210240 c:\windows\Installer\88a65e5.msp
+ 2010-01-28 09:00 . 2010-01-28 09:00 19210240 c:\windows\Installer\80a9eb6.msp
+ 2009-10-22 08:00 . 2009-10-22 08:00 19210240 c:\windows\Installer\7e93251.msp
+ 2010-01-20 09:00 . 2010-01-20 09:00 19210240 c:\windows\Installer\7c7b0fc.msp
+ 2009-10-09 23:20 . 2009-10-09 23:20 19210240 c:\windows\Installer\7b4c7.msp
+ 2009-12-02 09:00 . 2009-12-02 09:00 19210240 c:\windows\Installer\7957696.msp
+ 2010-01-04 09:00 . 2010-01-04 09:00 19210240 c:\windows\Installer\789f9da.msp
+ 2009-12-26 09:00 . 2009-12-26 09:00 19210240 c:\windows\Installer\7884e2d.msp
+ 2009-10-11 08:00 . 2009-10-11 08:00 19210240 c:\windows\Installer\6fadc47.msp
+ 2009-10-16 08:00 . 2009-10-16 08:00 19210240 c:\windows\Installer\6a0df5a.msp
+ 2009-12-03 17:06 . 2009-12-03 17:06 19210240 c:\windows\Installer\6924f.msp
+ 2009-11-04 09:00 . 2009-11-04 09:00 19210240 c:\windows\Installer\6637abd.msp
+ 2009-10-30 08:00 . 2009-10-30 08:00 19210240 c:\windows\Installer\61a47aa.msp
+ 2009-10-20 18:52 . 2009-10-20 18:52 19210240 c:\windows\Installer\51b5c63.msp
+ 2009-11-05 09:00 . 2009-11-05 09:00 19210240 c:\windows\Installer\5174525.msp
+ 2009-11-26 09:00 . 2009-11-26 09:00 19210240 c:\windows\Installer\516c9da.msp
+ 2010-01-24 09:00 . 2010-01-24 09:00 19210240 c:\windows\Installer\515ca3d.msp
+ 2010-02-11 09:00 . 2010-02-11 09:00 19210240 c:\windows\Installer\51569be.msp
+ 2009-12-11 09:00 . 2009-12-11 09:00 19210240 c:\windows\Installer\513cb12.msp
+ 2010-01-14 09:00 . 2010-01-14 09:00 19210240 c:\windows\Installer\51339fd.msp
+ 2009-11-12 09:00 . 2009-11-12 09:00 19210240 c:\windows\Installer\4ee5029.msp
+ 2010-02-10 09:00 . 2010-02-10 09:00 19210240 c:\windows\Installer\4afdafc9.msp
+ 2009-11-25 09:00 . 2009-11-25 09:00 19210240 c:\windows\Installer\47e0b322.msp
+ 2010-02-09 09:00 . 2010-02-09 09:00 19210240 c:\windows\Installer\45d707fb.msp
+ 2009-11-24 09:00 . 2009-11-24 09:00 19210240 c:\windows\Installer\42ba88e8.msp
+ 2010-02-08 09:00 . 2010-02-08 09:00 19210240 c:\windows\Installer\40b084ad.msp
+ 2009-10-13 08:00 . 2009-10-13 08:00 19210240 c:\windows\Installer\3f9dd5d.msp
+ 2009-11-23 09:00 . 2009-11-23 09:00 19210240 c:\windows\Installer\3d94a39e.msp
+ 2009-12-21 09:00 . 2009-12-21 09:00 19210240 c:\windows\Installer\3ca5d06.msp
+ 2009-11-11 09:00 . 2009-11-11 09:00 19210240 c:\windows\Installer\3c0a49f.msp
+ 2010-02-07 09:00 . 2010-02-07 09:00 19210240 c:\windows\Installer\3b8a2a52.msp
+ 2010-01-02 09:00 . 2010-01-02 09:00 19210240 c:\windows\Installer\3b4ae2e.msp
+ 2010-02-20 21:22 . 2010-02-20 21:22 19210240 c:\windows\Installer\38703.msp
+ 2009-11-22 09:00 . 2009-11-22 09:00 19210240 c:\windows\Installer\386e407a.msp
+ 2010-02-06 09:00 . 2010-02-06 09:00 19210240 c:\windows\Installer\3663d75b.msp
+ 2009-12-04 09:00 . 2009-12-04 09:00 19210240 c:\windows\Installer\3641176.msp
+ 2010-01-13 09:00 . 2010-01-13 09:00 19210240 c:\windows\Installer\35e548ac.msp
+ 2009-12-20 09:00 . 2009-12-20 09:00 19210240 c:\windows\Installer\33702411.msp
+ 2009-11-21 09:00 . 2009-11-21 09:00 19210240 c:\windows\Installer\33477ce6.msp
+ 2010-02-05 09:00 . 2010-02-05 09:00 19210240 c:\windows\Installer\313d81b4.msp
+ 2010-01-12 09:00 . 2010-01-12 09:00 19210240 c:\windows\Installer\30bef632.msp
+ 2009-12-19 09:00 . 2009-12-19 09:00 19210240 c:\windows\Installer\2e49cb1e.msp
+ 2010-01-27 09:00 . 2010-01-27 09:00 19210240 c:\windows\Installer\2e43aa8.msp
+ 2009-11-20 09:00 . 2009-11-20 09:00 19210240 c:\windows\Installer\2e210c74.msp
+ 2009-10-20 08:00 . 2009-10-20 08:00 19210240 c:\windows\Installer\2c6277f.msp
+ 2009-10-21 08:00 . 2009-10-21 08:00 19210240 c:\windows\Installer\2c1da2e.msp
+ 2010-02-04 09:00 . 2010-02-04 09:00 19210240 c:\windows\Installer\2c172769.msp
+ 2010-01-11 09:00 . 2010-01-11 09:00 19210240 c:\windows\Installer\2b989437.msp
+ 2010-01-19 09:00 . 2010-01-19 09:00 19210240 c:\windows\Installer\2a14ea3.msp
+ 2009-12-18 09:00 . 2009-12-18 09:00 19210240 c:\windows\Installer\29232004.msp
+ 2010-02-18 09:00 . 2010-02-18 09:00 19210240 c:\windows\Installer\29228cfb.msp
+ 2009-11-19 09:00 . 2009-11-19 09:00 19210240 c:\windows\Installer\28facab3.msp
+ 2010-02-03 09:00 . 2010-02-03 09:00 19210240 c:\windows\Installer\26f0c07d.msp
+ 2009-12-01 09:00 . 2009-12-01 09:00 19210240 c:\windows\Installer\26dd69c.msp
+ 2009-10-28 08:00 . 2009-10-28 08:00 19210240 c:\windows\Installer\26cec787.msp
+ 2010-01-10 09:00 . 2010-01-10 09:00 19210240 c:\windows\Installer\26723019.msp
+ 2010-01-01 09:00 . 2010-01-01 09:00 19210240 c:\windows\Installer\266eef65.msp
+ 2010-01-03 09:00 . 2010-01-03 09:00 19210240 c:\windows\Installer\2636db2.msp
+ 2009-12-25 09:00 . 2009-12-25 09:00 19210240 c:\windows\Installer\261f114.msp
+ 2010-02-17 09:00 . 2010-02-17 09:00 19210240 c:\windows\Installer\23fc2cb6.msp
+ 2009-12-17 09:00 . 2009-12-17 09:00 19210240 c:\windows\Installer\23fb687b.msp
+ 2009-11-18 09:00 . 2009-11-18 09:00 19210240 c:\windows\Installer\23d47ba3.msp
+ 2009-11-10 10:40 . 2009-11-10 10:40 19210240 c:\windows\Installer\228fa.msp
+ 2009-12-10 09:02 . 2009-12-10 09:02 19210240 c:\windows\Installer\224b326d.msp
+ 2010-02-02 09:00 . 2010-02-02 09:00 19210240 c:\windows\Installer\21ca5f5c.msp
+ 2009-10-27 08:00 . 2009-10-27 08:00 19210240 c:\windows\Installer\21a89304.msp
+ 2009-11-02 09:00 . 2009-11-02 09:00 19210240 c:\windows\Installer\2179986.msp
+ 2010-01-09 09:00 . 2010-01-09 09:00 19210240 c:\windows\Installer\214bd85e.msp
+ 2009-12-31 09:00 . 2009-12-31 09:00 19210240 c:\windows\Installer\21487dd9.msp
+ 2009-12-16 09:00 . 2009-12-16 09:00 19210240 c:\windows\Installer\1ed868b6.msp
+ 2010-02-16 09:00 . 2010-02-16 09:00 19210240 c:\windows\Installer\1ed55a9b.msp
+ 2009-11-17 09:00 . 2009-11-17 09:00 19210240 c:\windows\Installer\1eadf6fd.msp
+ 2009-10-10 08:00 . 2009-10-10 08:00 19210240 c:\windows\Installer\1d4824b.msp
+ 2009-12-09 09:00 . 2009-12-09 09:00 19210240 c:\windows\Installer\1d26e22b.msp
+ 2010-02-01 09:00 . 2010-02-01 09:00 19210240 c:\windows\Installer\1ca4065a.msp
+ 2009-10-26 08:00 . 2009-10-26 08:00 19210240 c:\windows\Installer\1c81f9cc.msp
+ 2010-01-08 09:00 . 2010-01-08 09:00 19210240 c:\windows\Installer\1c257bc2.msp
+ 2009-12-30 09:00 . 2009-12-30 09:00 19210240 c:\windows\Installer\1c22313b.msp
+ 2009-11-30 19:17 . 2009-11-30 19:17 19210240 c:\windows\Installer\1be442bd.msp
+ 2009-11-30 09:00 . 2009-11-30 09:00 19210240 c:\windows\Installer\19b23feb.msp
+ 2009-12-15 09:00 . 2009-12-15 09:00 19210240 c:\windows\Installer\19b2114a.msp
+ 2009-11-09 09:00 . 2009-11-09 09:00 19210240 c:\windows\Installer\19b0dc06.msp
+ 2010-02-15 09:00 . 2010-02-15 09:00 19210240 c:\windows\Installer\19ae9274.msp
+ 2010-01-18 09:00 . 2010-01-18 09:00 19210240 c:\windows\Installer\19ac7c94.msp
+ 2009-11-16 09:00 . 2009-11-16 09:00 19210240 c:\windows\Installer\1988007d.msp
+ 2009-12-08 09:00 . 2009-12-08 09:00 19210240 c:\windows\Installer\18009723.msp
+ 2009-10-15 08:00 . 2009-10-15 08:00 19210240 c:\windows\Installer\17a8984.msp
+ 2010-01-31 09:00 . 2010-01-31 09:00 19210240 c:\windows\Installer\177dc1f9.msp
+ 2009-10-25 08:00 . 2009-10-25 08:00 19210240 c:\windows\Installer\175b6855.msp
+ 2010-01-23 09:01 . 2010-01-23 09:01 19210240 c:\windows\Installer\173c7339.msp
+ 2010-01-07 09:00 . 2010-01-07 09:00 19210240 c:\windows\Installer\16ff2408.msp
+ 2009-12-29 09:00 . 2009-12-29 09:00 19210240 c:\windows\Installer\16f9a991.msp
+ 2009-10-19 08:00 . 2009-10-19 08:00 19210240 c:\windows\Installer\16136042.msp
+ 2009-12-14 09:00 . 2009-12-14 09:00 19210240 c:\windows\Installer\148bb181.msp
+ 2009-11-08 09:00 . 2009-11-08 09:00 19210240 c:\windows\Installer\148af49a.msp
+ 2009-11-29 09:00 . 2009-11-29 09:00 19210240 c:\windows\Installer\148a53a7.msp
+ 2010-02-14 09:00 . 2010-02-14 09:00 19210240 c:\windows\Installer\14897e46.msp
+ 2010-01-17 09:00 . 2010-01-17 09:00 19210240 c:\windows\Installer\1487a2df.msp
+ 2009-11-15 09:00 . 2009-11-15 09:00 19210240 c:\windows\Installer\14606353.msp
+ 2009-11-03 09:00 . 2009-11-03 09:00 19210240 c:\windows\Installer\13d2600.msp
+ 2009-12-24 09:00 . 2009-12-24 09:00 19210240 c:\windows\Installer\133d682c.msp
+ 2009-12-07 09:00 . 2009-12-07 09:00 19210240 c:\windows\Installer\12d80c9a.msp
+ 2010-01-30 09:00 . 2010-01-30 09:00 19210240 c:\windows\Installer\1257631a.msp
+ 2009-10-24 08:00 . 2009-10-24 08:00 19210240 c:\windows\Installer\1235b21a.msp
+ 2010-01-22 09:01 . 2010-01-22 09:01 19210240 c:\windows\Installer\121380ce.msp
+ 2009-12-28 09:00 . 2009-12-28 09:00 19210240 c:\windows\Installer\11d6eba7.msp
+ 2010-01-06 09:00 . 2010-01-06 09:00 19210240 c:\windows\Installer\11d4d365.msp
+ 2009-10-18 08:00 . 2009-10-18 08:00 19210240 c:\windows\Installer\10ee9988.msp
+ 2009-11-01 09:00 . 2009-11-01 09:00 19210240 c:\windows\Installer\109ef067.msp
+ 2009-11-01 08:00 . 2009-11-01 08:00 19210240 c:\windows\Installer\1067ee4f.msp
+ 2010-01-01 15:42 . 2010-01-01 15:42 19210240 c:\windows\Installer\1015cc.msp
+ 2010-01-26 20:08 . 2010-01-26 20:09 104817664 c:\windows\Installer\cf8b2.msi

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\pccmain.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [9/25/2006 8:26 AM 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/25/2006 8:26 AM 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/11/2006 5:11 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [9/25/2006 8:26 AM 566872]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [5/16/2009 8:28 AM 36224]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [8/29/2006 2:54 PM 280392]
S2 gupdate1c9d05b86bf973;Google Update Service (gupdate1c9d05b86bf973);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 10:02 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-20 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8232728900.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2009-06-06 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8236365442.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-02-20 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8255979293.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-01-24 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8261677408.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 04:01]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 04:02]

2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 04:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.att.net/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: XULRunner: {0B7C6D1F-4931-4EB3-B104-0A62393D3321} - c:\documents and settings\Owner\Local Settings\Application Data\{0B7C6D1F-4931-4EB3-B104-0A62393D3321}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

BHO-{3fee9ef3-c33e-455e-8672-88d8b456c9cd} - savohofu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 18:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A32081A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecfc3
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\iaStor -> iaStor.sys @ 0xba674f78
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Linksys LNE100TX(v5) Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xba553af9
PacketIndicateHandler -> NDIS.sys @ 0xba55eb21
SendHandler -> NDIS.sys @ 0xba553938
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3652)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-02-20 18:48:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-21 00:48
ComboFix2.txt 2009-10-09 15:46

Pre-Run: 82,584,997,888 bytes free
Post-Run: 82,551,975,936 bytes free

- - End Of File - - 7742B6C77542A4FCFDB290886176A140

Hello.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
atapi.sys
iastor.sys

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  

---

Please post both logs.

Because I can't turn off the antivirus protection, do I need to do this in safe mode too?

Whichever, Combofix is a special one off tool because many of it's component are flagged by many antivirus companies, but they are just a warning.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:19 on 20/02/2010 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\i386\atapi.sys --a--- 95360 bytes [23:03 15/01/2007] [04:59 04/08/2004]

GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:21 on 20/02/2010 (Owner)
Firefox version 3.0.17 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{0B7C6D1F-4931-4EB3-B104-0A62393D3321} -> Success!
Deleting C:\Documents and Settings\Owner\Local Settings\Application Data\{0B7C6D1F-4931-4EB3-B104-0A62393D3321} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
real-networks@partners.mozilla.com [01:25 22/11/2007]
{3112ca9c-de6d-4884-a869-9855de68056c} [01:25 22/11/2007]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:25 22/11/2007]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [01:32 20/01/2009]

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\extensions\
{3112ca9c-de6d-4884-a869-9855de68056c} [00:44 01/12/2009]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [01:32 20/01/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:31 20/01/2009]

-=E.O.F=-

Hello.
Good work on Gooredfix, but I don't think that's the full SystemLook log.

That's all it showed, should I run it again?

Yes please.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:53 on 20/02/2010 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\i386\atapi.sys --a--- 95360 bytes [23:03 15/01/2007] [04:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [21:29 20/02/2010] [11:00 10/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys --a--- 96512 bytes [01:04 16/01/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [11:00 10/08/2004] [11:00 10/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

Searching for "iastor.sys"
C:\dell\drivers\R158601\iastor.sys --a--- 304920 bytes [21:07 14/01/2009] [18:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16
C:\drivers\storage\R130118\iastor.sys --a--- 246784 bytes [14:51 04/01/2007] [19:03 10/10/2006] 019CF5F31C67030841233C545A0E217A
C:\i386\iaStor.sys --a--- 246784 bytes [23:03 15/01/2007] [12:59 06/07/2006] 019CF5F31C67030841233C545A0E217A
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys --a--- 484864 bytes [15:11 04/01/2007] [13:01 06/07/2006] 6A3C354BFC163B81F6EF2FC421280DB5
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys --a--- 246784 bytes [15:11 04/01/2007] [12:59 06/07/2006] 019CF5F31C67030841233C545A0E217A
C:\WINDOWS\dell\iastor\iastor.sys --a--- 247808 bytes [16:30 11/05/2006] [16:30 11/05/2006] 294110966CEDD127629C5BE48367C8CF
C:\WINDOWS\system32\drivers\iaStor.sys ------ 247808 bytes [16:30 11/05/2006] [16:30 11/05/2006] (Unable to calculate MD5)

-=End Of File=-

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ask Toolbar
Java(TM) 6 Update 11
LimeWire 5.0.11

Next,

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   KILLALL::
   
   File::
   c:\windows\Gcuro.dat
   c:\windows\Vpapagelewizute.bin
   
   FCopy::
   C:\drivers\storage\R130118\iastor.sys | C:\WINDOWS\system32\drivers\iaStor.sys
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-02-19.03 - Owner 02/20/2010 20:10:05.4.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1803 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

FILE ::
"c:\windows\Gcuro.dat"
"c:\windows\Vpapagelewizute.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Gcuro.dat
c:\windows\Vpapagelewizute.bin

.
--------------- FCopy ---------------

.
((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-19 01:36 . 2010-02-19 01:36 -------- d-----w- C:\_OTL
2010-02-18 18:03 . 2010-02-18 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-01-29 06:45 . 2010-01-29 06:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-27 00:02 . 2010-01-27 00:02 -------- d-----w- c:\documents and settings\Brady.OWNER-B0D885443\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 02:01 . 2007-10-11 00:28 -------- d-----w- c:\program files\LimeWire
2010-02-21 00:46 . 2009-11-25 14:20 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-19 00:46 . 2009-05-09 04:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-02-10 09:01 . 2009-01-14 21:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-02-03 21:38 . 2009-01-27 22:18 -------- d-----w- c:\program files\World of Warcraft
2010-01-24 05:02 . 2009-10-14 01:41 -------- d-----w- c:\program files\World of Warcraft Public Test
2010-01-24 05:02 . 2007-10-09 11:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-23 15:23 . 2009-11-25 16:39 79488 ----a-w- c:\documents and settings\Brady.OWNER-B0D885443\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-23 12:32 . 2009-11-25 09:45 79488 ----a-w- c:\documents and settings\Troy.OWNER-B0D885443\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-10 04:44 . 2009-02-09 20:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-01-10 00:35 . 2009-01-17 20:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-01-05 10:00 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2004-08-10 11:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 18:21 . 2009-01-18 13:01 -------- d-----w- c:\documents and settings\Troy.OWNER-B0D885443\Application Data\Apple Computer
2009-12-25 14:14 . 2009-01-18 00:57 -------- d-----w- c:\documents and settings\Brady.OWNER-B0D885443\Application Data\Apple Computer
2009-12-25 13:52 . 2009-01-17 20:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-12-25 02:29 . 2009-12-24 18:07 0 ---ha-w- c:\documents and settings\Owner\hpothb07.dat
2009-12-24 18:59 . 2009-12-24 18:07 5924 ---ha-w- C:\hpothb07.dat
2009-12-24 17:48 . 2009-12-24 17:36 20454 ----a-w- c:\windows\hpoins01.dat
2009-12-20 15:02 . 2009-12-20 15:02 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-16 12:58 . 2009-01-14 19:07 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:35 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:11 . 2005-03-30 01:21 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:35 . 2005-03-30 01:01 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-10 11:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-10 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-10 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2004-08-10 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-03-21 03:42 . 2009-03-21 03:42 305 ---ha-w- c:\program files\hpothb07.dat
2009-03-21 03:42 . 2009-03-21 03:42 515 ---ha-w- c:\program files\hpothb07.tif
2008-08-09 23:33 . 2008-08-09 23:33 0 ----a-w- c:\program files\temp01
2008-06-16 01:27 . 2008-06-13 17:45 1254593 ----a-w- c:\program files\WotLK-F&F-enUS-downloader.exe
2010-01-18 20:09 . 2010-01-18 20:09 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-01-18 20:09 . 2010-01-18 20:09 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-18 20:10 . 2010-01-18 20:10 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-21_00.41.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-21 02:00 . 2010-02-21 02:00 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\pccmain.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [9/25/2006 8:26 AM 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/25/2006 8:26 AM 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/11/2006 5:11 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [9/25/2006 8:26 AM 566872]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [5/16/2009 8:28 AM 36224]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [8/29/2006 2:54 PM 280392]
S2 gupdate1c9d05b86bf973;Google Update Service (gupdate1c9d05b86bf973);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 10:02 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-20 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8232728900.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2009-06-06 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8236365442.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-02-20 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8255979293.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-01-24 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8261677408.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 04:01]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 04:02]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 04:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.att.net/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 20:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A31881A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecfc3
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\iaStor -> iaStor.sys @ 0xba674f78
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Linksys LNE100TX(v5) Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xba553af9
PacketIndicateHandler -> NDIS.sys @ 0xba55eb21
SendHandler -> NDIS.sys @ 0xba553938
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1668)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\TRENDM~1\INTERN~1\PccGuide.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2010-02-20 20:33:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-21 02:33
ComboFix2.txt 2010-02-21 00:48
ComboFix3.txt 2009-10-09 15:46

Pre-Run: 82,645,127,168 bytes free
Post-Run: 82,597,912,576 bytes free

- - End Of File - - D0A813D173DF9A5DA2F4670379C05449

Hello.
Did you copy my entire script? Combofix sees the FCopy command, but didn't copy the file I wanted it to.

I did it last night so I'm not absoƖute positive, but I did copy and paste everything that was in the box above. Should I do it again?

Yes, make sure you get everything inside my quote box.

ComboFix 10-02-19.03 - Owner 02/21/2010 12:08:09.5.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1787 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

FILE ::
"c:\windows\Gcuro.dat"
"c:\windows\Vpapagelewizute.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\drivers\storage\R130118\iastor.sys --> c:\windows\system32\drivers\iaStor.sys
.
((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-19 01:36 . 2010-02-19 01:36 -------- d-----w- C:\_OTL
2010-02-18 18:03 . 2010-02-18 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-01-29 06:45 . 2010-01-29 06:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-27 00:02 . 2010-01-27 00:02 -------- d-----w- c:\documents and settings\Brady.OWNER-B0D885443\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 02:50 . 2009-05-09 04:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-02-21 02:01 . 2007-10-11 00:28 -------- d-----w- c:\program files\LimeWire
2010-02-10 09:01 . 2009-01-14 21:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-02-03 21:38 . 2009-01-27 22:18 -------- d-----w- c:\program files\World of Warcraft
2010-01-24 05:02 . 2009-10-14 01:41 -------- d-----w- c:\program files\World of Warcraft Public Test
2010-01-24 05:02 . 2007-10-09 11:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-10 04:44 . 2009-02-09 20:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-01-10 00:35 . 2009-01-17 20:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-01-05 10:00 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2004-08-10 11:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 18:21 . 2009-01-18 13:01 -------- d-----w- c:\documents and settings\Troy.OWNER-B0D885443\Application Data\Apple Computer
2009-12-25 14:14 . 2009-01-18 00:57 -------- d-----w- c:\documents and settings\Brady.OWNER-B0D885443\Application Data\Apple Computer
2009-12-25 13:52 . 2009-01-17 20:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-12-25 02:29 . 2009-12-24 18:07 0 ---ha-w- c:\documents and settings\Owner\hpothb07.dat
2009-12-24 18:59 . 2009-12-24 18:07 5924 ---ha-w- C:\hpothb07.dat
2009-12-24 17:48 . 2009-12-24 17:36 20454 ----a-w- c:\windows\hpoins01.dat
2009-12-16 12:58 . 2009-01-14 19:07 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:35 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:11 . 2005-03-30 01:21 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:35 . 2005-03-30 01:01 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-10 11:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-10 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-10 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2004-08-10 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-03-21 03:42 . 2009-03-21 03:42 305 ---ha-w- c:\program files\hpothb07.dat
2009-03-21 03:42 . 2009-03-21 03:42 515 ---ha-w- c:\program files\hpothb07.tif
2008-08-09 23:33 . 2008-08-09 23:33 0 ----a-w- c:\program files\temp01
2008-06-16 01:27 . 2008-06-13 17:45 1254593 ----a-w- c:\program files\WotLK-F&F-enUS-downloader.exe
2010-01-18 20:09 . 2010-01-18 20:09 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-01-18 20:09 . 2010-01-18 20:09 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-18 20:10 . 2010-01-18 20:10 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-21_00.41.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-21 02:00 . 2010-02-21 02:00 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2010-02-21 09:00 . 2010-02-21 09:00 19210240 c:\windows\Installer\16d14a1.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\pccmain.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [9/25/2006 8:26 AM 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/25/2006 8:26 AM 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/11/2006 5:11 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [9/25/2006 8:26 AM 566872]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [5/16/2009 8:28 AM 36224]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [8/29/2006 2:54 PM 280392]
S2 gupdate1c9d05b86bf973;Google Update Service (gupdate1c9d05b86bf973);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 10:02 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-21 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8232728900.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2009-06-06 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8236365442.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-02-20 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8255979293.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-01-24 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8261677408.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 04:01]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 04:02]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 04:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.att.net/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9j828ih8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 12:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-21 12:26:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-21 18:26
ComboFix2.txt 2010-02-21 02:33
ComboFix3.txt 2010-02-21 00:48
ComboFix4.txt 2009-10-09 15:46

Pre-Run: 82,517,815,296 bytes free
Post-Run: 82,538,840,064 bytes free

- - End Of File - - 584ED0B12DA6BBCCC24D1B70CE945BC8

Hello.
It worked that time, okay, last few things to clean up.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java(TM) 6 Update 11
LimeWire 5.0.11

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=78176bbcb20acf4d93f7993dc888b00f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-02-21 10:01:47
# local_time=2010-02-21 04:01:47 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777195 100 0 36977092 36977092 0 0
# compatibility_mode=1026 16777214 0 2 38326878 38326878 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=167068
# found=58
# cleaned=58
# scan_time=3602
C:\Documents and Settings\Angelique\My Documents\My Downloads\snowwhitesnemesis4.exe multiple threats (deleted - quarantined) 2919BE3EC2E45FBD1583C2678A5260FF C
C:\Documents and Settings\Angelique\My Documents\My Music\LimeWire\cool sources human abstract 192kb.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 877A8EFFDC193DC9B8F00D08EFB9F298 C
C:\Documents and Settings\Angelique\My Documents\My Themes\blackexperience.exe multiple threats (deleted - quarantined) F428150A7557582F7B73B52B063033AD C
C:\Documents and Settings\Angelique\My Documents\My Walpaper\wmoonnight.exe Win32/Adware.OneStep application (deleted - quarantined) FFB99C7A54444B574219DDD9D77A48DB C
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\sargasso sea.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) A0E8FF9CEAAE51F4A499BC3861A6EDE0 C
C:\Documents and Settings\Troy.OWNER-B0D885443\Desktop\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AE application (cleaned by deleting - quarantined) BE22F445A15857E83EE2C68AB58642FF C
C:\Program Files\Trend Micro\Internet Security 14\BRfD_de4.VIR a variant of Win32/Olmarik.SV trojan (cleaned by deleting - quarantined) A1A52BAD4C5467777395DEF74843CEA5 C
C:\Program Files\Trend Micro\Internet Security 14\e002102318801r0409J0b000601R0143fdeeX951a1291Yde4ba96eZ03f017300[1] a variant of Win32/Olmarik.SV trojan (cleaned by deleting - quarantined) A1A52BAD4C5467777395DEF74843CEA5 C
C:\Program Files\Trend Micro\Internet Security 14\e002102318801r0409J0b000601X951a154eYde4ba96eZ03f017300[1] a variant of Win32/Olmarik.SV trojan (cleaned by deleting - quarantined) A1A52BAD4C5467777395DEF74843CEA5 C
C:\Program Files\Trend Micro\Internet Security 14\e002102801r0409J0b000601X951a1571Yde4ba96eZ03f0173030dP000000090[1] a variant of Win32/Olmarik.SV trojan (cleaned by deleting - quarantined) A1A52BAD4C5467777395DEF74843CEA5 C
C:\Program Files\Trend Micro\Internet Security 14\eH8c829754V03f01630002R0143fdee102Tc7bc8747Q000002fd901801F0020000aJ0b000601l04093180[1] a variant of Win32/Olmarik.SV trojan (cleaned by deleting - quarantined) 086E95B797E95140808336B819FDCD49 C
C:\Program Files\Trend Micro\Internet Security 14\H8SRTc499.tmp Win32/Adware.CoreguardAntivirus application (cleaned by deleting - quarantined) B52C2ABA109F76371FB16F873BAD3BAB C
C:\Program Files\Trend Micro\Internet Security 14\HHUE_de4.VIR a variant of Win32/Olmarik.SV trojan (cleaned by deleting - quarantined) A1A52BAD4C5467777395DEF74843CEA5 C
C:\Program Files\Trend Micro\Internet Security 14\jaws theme song.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 1AE778C955B8558233E66CFCE206202A C
C:\Program Files\Trend Micro\Internet Security 14\ksim_e70.VIR a variant of Win32/Olmarik.SV trojan (cleaned by deleting - quarantined) 086E95B797E95140808336B819FDCD49 C
C:\Program Files\Trend Micro\Internet Security 14\mrkgrn.dll_a94.VIR Win32/TrojanDownloader.FakeAlert.UA trojan (cleaned by deleting - quarantined) 06101E5CF00E63E27404AE8123A098B2 C
C:\Program Files\Trend Micro\Internet Security 14\Ooos_28c.VIR a variant of Win32/Olmarik.SV trojan (cleaned by deleting - quarantined) DB4374BBEF7025605CD53CDFBBD4B9D3 C
C:\Program Files\Trend Micro\Internet Security 14\pzpsp23511834.exe_abc.VIR Win32/TrojanDownloader.FakeAlert.UA trojan (cleaned by deleting - quarantined) 7B5007C3B4819E72DF56799C4513343C C
C:\Program Files\Trend Micro\Internet Security 14\T-5188466-kayleigh [very good quality]_ab4.VIR a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) D4B4854EEF571808FA73A1F4D99F07C0 C
C:\Program Files\Trend Micro\Internet Security 14\xbuS_dd8.VIR a variant of Win32/Olmarik.SV trojan (cleaned by deleting - quarantined) A1A52BAD4C5467777395DEF74843CEA5 C
C:\Program Files\Trend Micro\Internet Security 14\z002102318801r0409J0b000601R0143fdeeXd11cd988Y9a4faa64Z03f017300[1] a variant of Win32/Olmarik.SV trojan (cleaned by deleting - quarantined) DB4374BBEF7025605CD53CDFBBD4B9D3 C
C:\Program Files\Trend Micro\Internet Security 14\_VOIDd.sys a variant of Win32/Olmarik.SR trojan (cleaned by deleting - quarantined) 42D1D9D16D4744C485000E499CE8C295 C
C:\Qoobox\Quarantine\C\Program Files\Gamevance\gamevancelib32.dll.vir a variant of Win32/Adware.Gamevance.AA application (cleaned by deleting - quarantined) C9417323BAEEAF0038108416BAE7ECC8 C
C:\Qoobox\Quarantine\C\Program Files\Gamevance\gvtl.dll.vir a variant of Win32/Adware.Gamevance.AB application (cleaned by deleting - quarantined) CB21462ACBADFAE66F4AEE696E6C29E7 C
C:\Qoobox\Quarantine\C\Program Files\Securityessentials2010\SE2010.exe.vir Win32/Adware.AdvancedVirusRemover.B application (cleaned by deleting - quarantined) 9C5D9358A02D8A80B85D54A92EDC10ED C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hdaihl.sys.vir Win32/SpamTool.Agent.NDR trojan (cleaned by deleting - quarantined) 4C7A681B8F87924370E98AB01412A968 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\00000044.tmp.vir Win32/Olmarik.TN trojan (cleaned by deleting - quarantined) E4EDC2505D7FF83825358C739B0038FA C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\0000646e.tmp.vir Win32/Olmarik.TN trojan (cleaned by deleting - quarantined) E4EDC2505D7FF83825358C739B0038FA C
C:\Qoobox\Quarantine\C\WINDOWS\system32\23281.exe.vir a variant of Win32/Kryptik.CIZ trojan (cleaned by deleting - quarantined) 6EF341EAE123C60D094F7B73BE7D6434 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\a78dz.dll.vir probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 3F12906AE4B6A15BF9B118151C95B2CA C
C:\Qoobox\Quarantine\C\WINDOWS\system32\dojapode.dll.vir a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) FF8A48F063ADD740DE4CCC9ED60B5081 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\helpers32.dll.vir Win32/TrojanDownloader.FakeAlert.AUL trojan (cleaned by deleting - quarantined) 340E56E893582E56DC327458619F4C71 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\net.net.vir a variant of Win32/TrojanClicker.Punad.AA trojan (cleaned by deleting - quarantined) FEE204FF50931BE9287EB2EA890F8E2A C
C:\Qoobox\Quarantine\C\WINDOWS\system32\semajosu.dll.vir a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) FF8A48F063ADD740DE4CCC9ED60B5081 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\smss32.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) DCEB3622D1325817CD55EE92F1B1EEA9 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\sshnas21.dll.vir a variant of Win32/Kryptik.CLW trojan (cleaned by deleting - quarantined) 5898A25738A35CE000C3A822DCD835D4 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\togobanu.dll.vir a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) 3BBD3B7C8C33B5FD0EE6A205F9B95EB9 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon32.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) DCEB3622D1325817CD55EE92F1B1EEA9 C
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir a variant of Win32/Kryptik.CLW trojan (cleaned by deleting - quarantined) 15D2D092ACF3A3983B6AC1C5A52CFD9F C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP715\A0141691.dll Win32/TrojanDownloader.FakeAlert.UA trojan (cleaned by deleting - quarantined) 06101E5CF00E63E27404AE8123A098B2 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP715\A0142726.dll Win32/TrojanDownloader.FakeAlert.UA trojan (cleaned by deleting - quarantined) 06101E5CF00E63E27404AE8123A098B2 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP724\A0151758.dll Win32/TrojanDownloader.FakeAlert.UA trojan (cleaned by deleting - quarantined) 06101E5CF00E63E27404AE8123A098B2 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP724\A0151759.exe Win32/TrojanDownloader.FakeAlert.UA trojan (cleaned by deleting - quarantined) 7B5007C3B4819E72DF56799C4513343C C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP0\A0000024.dll a variant of Win32/Kryptik.CLA trojan (cleaned by deleting - quarantined) 96893165BB2CA2341E6DBB5A20DF8760 C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP0\A0000025.dll a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) 52AEFC12895819344283F70827C62FE9 C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP0\A0000026.dll a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) 6F20912603999EFDF7543F8BDB8FB606 C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP0\A0000027.dll a variant of Win32/Kryptik.CMN trojan (cleaned by deleting - quarantined) 2E3DD34D262274048817484EDE1D8FEA C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP0\A0000028.dll a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) A7532F6F1052CBC28E25C09C4663FE4F C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP0\A0000029.dll a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) 52AEFC12895819344283F70827C62FE9 C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP0\A0000030.dll a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) 47005ABE765816D52E2F3F523D99C324 C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP0\A0000031.dll a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) 0289243625A2E4A1620503D4131E5BF3 C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP0\A0000032.dll a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) FF8A48F063ADD740DE4CCC9ED60B5081 C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP0\A0000033.dll a variant of Win32/Kryptik.CIQ trojan (cleaned by deleting - quarantined) FF8A48F063ADD740DE4CCC9ED60B5081 C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP2\A0000776.exe multiple threats (deleted - quarantined) 2919BE3EC2E45FBD1583C2678A5260FF C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP2\A0000777.exe multiple threats (deleted - quarantined) F428150A7557582F7B73B52B063033AD C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP2\A0000778.exe Win32/Adware.OneStep application (deleted - quarantined) FFB99C7A54444B574219DDD9D77A48DB C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP2\A0000779.exe a variant of Win32/Adware.Gamevance.AE application (cleaned by deleting - quarantined) BE22F445A15857E83EE2C68AB58642FF C
C:\System Volume Information\_restore{905D8BD0-D34A-48CC-B796-FD60BD96415A}\RP2\A0000780.sys a variant of Win32/Olmarik.SR trojan (cleaned by deleting - quarantined) 42D1D9D16D4744C485000E499CE8C295 C

BTW I did remove Limewire, Java, and Ask Toolbar last night. I did it normal mode and not safe. When I checked both normal and safe mode today its not showing up in the add/remove programs box.

Hello.

Looks like this infection came from Limewire, ESET found these:

C:\Documents and Settings\Angelique\My Documents\My Downloads\snowwhitesnemesis4.exe
C:\Documents and Settings\Angelique\My Documents\My Music\LimeWire\cool sources human abstract 192kb.mp3
C:\Documents and Settings\Angelique\My Documents\My Themes\blackexperience.exe
C:\Documents and Settings\Angelique\My Documents\My Walpaper\wmoonnight.exe
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\sargasso sea.mp3

Guessing they all came through Limewire?

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Those are old files downloaded a long time ago. He was downloading from just a generic site when the infection happened. It's running fine, after the first scan the fake virus pop up stopped. It was still trying to open new tabs everytime I got on the internet. But I've been in safe mode for the last few scans of stuff so I don't know what its doing.

Should I remove goored, systemlook and OTL also?

Yes. Boot to normal mode please, let me know what's happening, the logs look good now

Everything seems to be running fine no pop ups and when I'm on firefox it's not trying to open more tabs on its own.

To remove those programs use add/uninstall programs?

No, just delete them, Gooredfix and what not don't install, they just run when needed like.

Thanks so much for all your help.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.