Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - wedzmer

Pages: [1] 2

Software / Help about BAD_POOL_HEADER

« on: November 05, 2012, 10:27:46 PM »

[quote name='guestolo' timestamp='1352144061' post='481700']
Did your computer come with Windows 7 preinstalled?
Do you have an ASSIST button on your laptop?

Why not try installing back to Win 7....

[/quote]

i hate my win 7 OS.. it's only Home Basic edition.. that's the reason why i changed it to win 8.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Software / Help about BAD_POOL_HEADER

« on: November 05, 2012, 01:35:49 PM »

[quote name='guestolo' timestamp='1352134836' post='481698']
Did you run bluescreenview?
It could give you some indication of what's happening... What the bluescreens are related too

Try a scan with OTL and let me see the logs please
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and right click on OTL.exe and choose to "Run as Administrator"
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

[/quote]

i couldn't take it anymore. i reformatted my unit already. but after that, i have a new problem...

now, my laptop just turns off, POOOOOF! it restarts after a second of black screen!!!!

this happened twice already. it just restarts, like you switch it off and turn it back on, but this time, BY ITS OWN!!!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Software / Help about BAD_POOL_HEADER

« on: November 05, 2012, 06:39:38 AM »

[quote name='guestolo' timestamp='1352088770' post='481695']
It could be a hardware problem>> Possibly RAM

But since it's Windows 8 your trying out... Did you get all compatible drivers for your laptop?
What is make/model of laptop?

Is all the software your running up to date and Win 8 compatible

Try using bluescreenview.. Let it read some of your dump files and give you some insight
http://www.nirsoft.n...l#DownloadLinks
[/quote]

i'm using a vaio e-series vpcek25eg model.
amd dual core e-450 apu (1.65 ghz)
64-bit with 2gb memory and 320 gb hard disk drive.

this happened when i tried to install freeyoutubedownloader software in the internet... it asked for something to install, i just clicked yes, and then booom..error occur. i checked on my control panel settings to see if the program was installed, but it wasn't. nothing new was added to my laptop.. BUT still the bad_pool_header is there that reboots my laptop.

i tried to reformat my unit last week, and it was okay.. until this freeyoutubedownloader did this to me.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Software / Help about BAD_POOL_HEADER

« on: November 03, 2012, 09:43:20 PM »

I'm having this problem every time I use my laptop.

When I use it for about a few minutes, it turns to blue screen and restarts my PC, it says:

Quote

Your computer encountered a fatal error and needs to restart.

BAD_POOL_HEADER

How do you fix this problem?

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Help please..!

// I'm a Win 8 Pro user - build 9200 //

Tech Clinic / Office PC problem!

« on: January 12, 2010, 09:40:09 AM »

ok man.. here's the export.txt as you asked.

we went on vacation that's why i wasn't able to log back in.

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
"BrowserFlags"=dword:00000022
"ExplorerFlags"=dword:00000021
@="Owned!"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
  65,00,20,00,2f,00,65,00,2c,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,\
  00,25,00,49,00,2c,00,25,00,4c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec]
@="[ExploreFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\application]
@="Folders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\ifexec]
@="[]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\topic]
@="AppProperties"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
"BrowserFlags"=dword:00000010
"ExplorerFlags"=dword:00000012
@="b-b2g"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
  65,00,20,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,00,25,00,49,00,2c,\
  00,25,00,4c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec]
@="[ViewFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\application]
@="Folders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\ifexec]
@="[]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\topic]
@="AppProperties"

[quote name=\'guestolo\' post=\'466838\' date=\'Dec 13 2009, 01:47 PM\']Can you do the following
Go to START>>RUN
In the open field, copy/paste or type exactly the following in bold
include the quotation marks

regedit /e C:\export.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell"

This will run quickly, copy/paste back here the contents of
C:\export.txt[/quote]

Tech Clinic / Office PC problem!

« on: December 10, 2009, 02:52:35 PM »

i have done what you have told me but i think it still didn't eliminate the problem.. i also attached the one you asked me too post along here... please kindly take a look at it.. here's an image as well about what i'm seeing everytime i right click on the mouse.

[quote name='guestolo' date='Nov 25 2009, 07:43 PM' post='466499']
Can you do this step again and post the new log that opens

I had you run SystemLook earlier, can you delete the text file it produced earlier on desktop
SystemLook.txt

Then:

Double click on SystemLook.exe to Run it
Copy the contents of the following codebox into the main textfield:
Code: [Select]
:reg HKEY_CURRENT_USER\Control Panel\International HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run :regfind madforelmo b-b2g samok.vbs
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

[/quote

]

Tech Clinic / Office PC problem!

« on: November 25, 2009, 10:50:01 AM »

i think the only problem is that when i right click it to the file..i still have this "b-b2g" something in the system.. what is that?

i noticed you asked me to remove that before... but still it's there....

thanx for the last procedure by the way...it got rid of that madforelmo thing..

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />

Tech Clinic / Office PC problem!

« on: November 24, 2009, 02:08:06 PM »

here is the OTL log that it produced:

I don't really understand this so i just uploaded it as you asked...

[quote name=\'guestolo\' post=\'465954\' date=\'Oct 26 2009, 01:17 PM\']Let's do the following please
Let's remove all older versions of Sun Java
If you get this computer back online, you will want to visit Java's website and install the latest
Access your Add and Remove programs and remove
Javaâ„¢ 6 Update 13
Javaâ„¢ 6 Update 3

In addition: Uninstall the Entry for Google Toolbar
As your not online, it's not needed and looks corrupt

Run OTL.exe

Under the [color=\"#0000ff\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below
Then click the [color=\"#ff0000\"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, please post the log that OTL produces

Let me know how things are now running[/quote]

Tech Clinic / Office PC problem!

« on: November 17, 2009, 10:17:55 AM »

[quote name=\'guestolo\' post=\'465954\' date=\'Oct 26 2009, 02:17 PM\']Let's do the following please
Let's remove all older versions of Sun Java
If you get this computer back online, you will want to visit Java's website and install the latest
Access your Add and Remove programs and remove
Javaâ„¢ 6 Update 13
Javaâ„¢ 6 Update 3[/quote]

Can I just manually download it right now while I'm using my PC here at home so that i can just do an update manually back at the office?

Tech Clinic / Office PC problem!

« on: October 26, 2009, 12:48:38 PM »

[quote name=\'guestolo\' post=\'465948\' date=\'Oct 26 2009, 10:07 AM\']Before we proceed, just remind me please
Did you say earlier that this computer has no Online access

Was it just not getting online earlier and can now?
Or is it set up to never be online?[/quote]

yes this computer has no online access because they removed our internet connection in the office... but we had an internet access before.. it's been more than a month or so since it was disconnected.

Tech Clinic / Office PC problem!

« on: October 26, 2009, 09:39:00 AM »

[quote name=\'guestolo\' post=\'465926\' date=\'Oct 25 2009, 12:28 PM\']download [color=\"red\"]SystemLook[/color] from one of the links below and save it to your Desktop.
[color=\"blue\"]Download Mirror #1[/color]
[color=\"blue\"]Download Mirror #2[/color][/b]

Double click on SystemLook.exe to Run it
Copy the contents of the following codebox into the main textfield:
Code: [Select]
:reg HKEY_CURRENT_USER\Control Panel\International HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run :regfind madforelmo b-b2g samok.vbs
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

[/quote]
here's the systemlook log file:

Code: [Select]

[/b]SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:48 on 26/10/2009 by user (Administrator - Elevation successful)

========== reg ==========

[HKEY_CURRENT_USER\Control Panel\International]
"iCalendarType"="1"
"iCountry"="1"
"iCurrDigits"="2"
"iCurrency"="0"
"iDate"="0"
"iDigits"="2"
"iFirstDayOfWeek"="6"
"iFirstWeekOfYear"="0"
"iLZero"="1"
"iMeasure"="1"
"iNegCurr"="0"
"iNegNumber"="1"
"iTime"="0"
"iTimePrefix"="0"
"iTLZero"="0"
"Locale"="00000409"
"NumShape"="1"
"s1159"="b-b2g"
"s2359"="madforelmo"
"sCountry"="United States"
"sCurrency"="$"
"sDate"="/"
"sDecimal"="."
"sGrouping"="3;0"
"sLanguage"="ENU"
"sList"=","
"sLongDate"="dddd, MMMM dd, yyyy"
"sMonDecimalSep"="."
"sMonGrouping"="3;0"
"sMonThousandSep"=","
"sNativeDigits"="0123456789"
"sNegativeSign"="-"
"sPositiveSign"=""
"sShortDate"="M/d/yyyy"
"sThousand"=","
"sTime"=":"
"sTimeFormat"="h:mm:ss tt"

[HKEY_CURRENT_USER\Control Panel\International\Geo]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
"BrowserFlags"= 0x0000000022 (34)
"ExplorerFlags"= 0x0000000021 (33)
@="Owned!"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
"BrowserFlags"= 0x0000000010 (16)
"ExplorerFlags"= 0x0000000012 (18)
@="b-b2g"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon"
"egui"=""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice"
"Malwarebytes Anti-Malware (reboot)"=""C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript"
"Quran_AR"="C:\Program Files\Quran_AR\Quran_AR.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SunJavaUpdateSched"=""C:\Program Files\Java\jre6\bin\jusched.exe""
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe /boot"
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


========== regfind ==========

Searching for "madforelmo"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="F:\Fixing Tools\madforelmo.JPG"
[HKEY_USERS\S-1-5-21-746137067-963894560-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="F:\Fixing Tools\madforelmo.JPG"

Searching for "b-b2g"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
@="b-b2g"

Searching for "samok.vbs"
No data found.

-=End Of File=-
[b]

[/b][quote name=\'guestolo\' post=\'465926\' date=\'Oct 25 2009, 12:28 PM\']Note: The log can also be found on your Desktop entitled SystemLook.txt

Edit>>Can you also do the following
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000ff\"]KillAll::
Driver::
abp470n5

[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
Can I see that log again[/quote]

here's the combofix log:

Code: [Select]

ComboFix 09-10-20.03 - user 10/26/2009 13:52.2.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.663 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Created a new restore point
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_abp470n5


(((((((((((((((((((((((((   Files Created from 2009-09-26 to 2009-10-26  )))))))))))))))))))))))))))))))
.

2009-10-25 16:29 . 2009-10-25 16:29	--------	d-----w-	c:\documents and settings\Admin\Application Data\Genimo
2009-10-22 22:08 . 2006-06-19 20:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll
2009-10-22 22:08 . 2006-05-25 22:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll
2009-10-22 22:08 . 2005-08-26 08:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2009-10-22 22:08 . 2003-02-03 03:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2009-10-22 22:08 . 2002-03-06 08:00	75264	----a-w-	c:\windows\system32\unacev2.dll
2009-10-22 22:08 . 2009-10-22 22:09	--------	d-----w-	c:\program files\Trojan Remover
2009-10-22 22:08 . 2009-10-22 22:08	--------	d-----w-	c:\documents and settings\user\Application Data\Simply Super Software
2009-10-22 22:08 . 2009-10-22 22:08	--------	d-----w-	c:\documents and settings\All Users\Application Data\Simply Super Software
2009-10-22 20:54 . 2009-10-22 20:54	--------	d-----w-	c:\documents and settings\Admin\Application Data\Media Player Classic
2009-10-22 20:44 . 2009-10-22 20:44	--------	d-----w-	c:\documents and settings\Admin\Bluebirds
2009-10-21 17:45 . 2009-10-21 17:45	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Application Data\ESET
2009-10-21 16:59 . 2009-10-21 16:59	--------	d-----w-	c:\documents and settings\Admin\Application Data\DivX
2009-10-21 16:13 . 2009-10-21 16:13	--------	d-----w-	c:\documents and settings\Admin\Application Data\Winamp
2009-10-21 16:03 . 2009-10-21 16:03	71040	----a-w-	c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 14:50 . 2009-10-21 14:50	--------	d-sh--w-	c:\documents and settings\Admin\PrivacIE
2009-10-20 23:19 . 2009-10-20 23:18	737280	----a-w-	c:\windows\iun6002.exe
2009-10-20 23:18 . 2009-10-20 23:18	--------	d-----w-	c:\windows\system32\quran
2009-10-20 23:18 . 2009-10-20 23:19	--------	d-----w-	c:\program files\Quran_AR
2009-10-19 21:28 . 2009-10-19 21:28	--------	d-----w-	c:\documents and settings\user\Application Data\Malwarebytes
2009-10-19 21:28 . 2009-09-10 21:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 21:28 . 2009-10-20 18:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-10-19 21:28 . 2009-10-19 21:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 21:28 . 2009-09-10 21:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-10-05 21:53 . 2009-10-05 21:53	--------	d-----w-	c:\program files\Trend Micro

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 22:21 . 2009-08-26 22:03	71040	----a-w-	c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 22:50 . 2009-10-20 22:50	--------	d-----w-	c:\documents and settings\Admin\Application Data\Windows Desktop Search
2009-10-20 22:50 . 2009-10-20 22:50	--------	d-----w-	c:\documents and settings\Admin\Application Data\Malwarebytes
2009-10-20 18:39 . 2009-09-23 17:02	--------	d-----w-	c:\program files\Globe Broadband
2009-10-20 18:19 . 2009-07-20 20:41	--------	d-----w-	c:\program files\Windows Media Connect 2
2009-10-20 18:19 . 2009-07-20 20:38	--------	d-----w-	c:\program files\Windows Desktop Search
2009-10-20 17:18 . 2009-07-20 21:52	--------	d-----w-	c:\program files\Google
2009-10-20 16:51 . 2009-07-20 21:54	--------	d-----w-	c:\program files\Blinque
2009-09-24 19:39 . 2009-09-02 23:32	10	----a-w-	c:\windows\popcinfo.dat
2009-09-23 19:57 . 2009-09-23 19:57	--------	d-----w-	c:\documents and settings\user\Application Data\Windows Search
2009-09-22 22:47 . 2009-07-20 21:52	--------	d-----w-	c:\documents and settings\user\Application Data\Winamp
2009-09-22 21:57 . 2009-07-20 21:55	--------	d-----w-	c:\program files\Common Files\Adobe
2009-09-08 19:53 . 2009-07-20 22:17	--------	d-----w-	c:\documents and settings\user\Application Data\Ahead
2009-09-02 22:44 . 2009-09-02 22:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\Genimo
2009-09-02 22:37 . 2009-09-02 22:37	--------	d-----w-	c:\documents and settings\user\Application Data\Genimo
2009-08-28 21:06 . 2009-08-28 21:06	--------	d-----w-	c:\documents and settings\user\Application Data\Media Player Classic
2009-08-28 00:19 . 2009-08-28 00:19	--------	d--h--w-	c:\documents and settings\All Users\Application Data\CanonIJEGV
2009-08-27 23:54 . 2009-08-27 23:51	--------	d-----w-	c:\program files\Canon
2009-08-27 23:53 . 2009-08-27 23:53	--------	d--h--w-	c:\documents and settings\All Users\Application Data\CanonBJ
2009-08-27 23:52 . 2009-08-27 23:52	--------	d--h--w-	c:\program files\CanonBJ
2009-08-27 21:11 . 2009-07-20 21:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-26 20:16 . 2009-08-26 20:16	0	----a-w-	c:\windows\nsreg.dat
.

------- Sigcheck -------

[-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot@2009-10-22_22.25.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-26 20:56 . 2009-10-26 20:56	16384			  c:\windows\temp\Perflib_Perfdata_7b4.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\documents and settings\user\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-20 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe" [2007-11-09 1274600]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe" [2007-11-09 884696]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Quran_AR"="c:\program files\Quran_AR\Quran_AR.exe" [2009-07-08 327680]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-7-20 128000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 b-b2g 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 11:08 b-b2g 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [4/14/2008 8:00 b-b2g 3584]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5z0nd9br.default\
FF - prefs.js: browser.search.selectedEngine - Searchme
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 13:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2400)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\combofix\CF23559.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-26 13:58 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-26 20:58
ComboFix2.txt  2009-10-22 22:27

Pre-Run: 10,953,187,328 bytes free
Post-Run: 10,845,507,584 bytes free

- - End Of File - - E4FC4496EF4AF7258619DB314CF5D9BE

[quote name=\'guestolo\' post=\'465926\' date=\'Oct 25 2009, 12:28 PM\']NOTE: You appear to be using a Cracked version of Nod32, why would you go that route?[/quote]

I don't know anything about that crack versions.... when they issued me the pc.. the NOD32 was already installed there... what do you suggest?

Tech Clinic / Multiple PC Issues

« on: October 25, 2009, 11:59:52 PM »

[quote name=\'guestolo\' post=\'465927\' date=\'Oct 25 2009, 01:28 PM\']Since I'm getting confused with both computers you have logs for
Can I have you do the following
Keep in mind, anything to do with the Work PC, keep all responses to that topic
Anything to do with this home Pc
Keep responses here

You should have a copy of ComboFix on your desktop of this home computer
Delete it
ReDownload ComboFix from one of these locations:

[color=\"#0000ff\"]Link 1[/color]
[color=\"#0000ff\"]Link 2[/color]
[color=\"#ff0000\"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color=\"#2e8b57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please[/quote]

Yes sir, I do separately treat and post the problems of my Home PC and Office PC and I post logs specifically in each post. Thanks for the reminder.

After I just download the combofix again, the computer shut down with the blue screen appearing, and still, not more than two seconds appearing then restarting my computer. Though after how many times this happened, I could only notice one part of the error message, there was something like "physical memory error", I may got it wrong though but that's what I have only catch up on because the error happens so fast.

And I wish you could also take a quick view about this link I'll send you, windows just prompted me with this awhile ago before my PC restarted again. http://wer.microsoft.com/responses/Respons...11-2b73b9eb1011

Here's the combofix log it produced.

Quote

ComboFix 09-10-25.02 - omayr 10/26/2009 12:52.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.118 [GMT -7:00]
Running from: c:\documents and settings\omayr.KUSINFAMILY\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-23 06:55 . 2009-10-23 06:55 -------- d-sh--w- c:\documents and settings\omayr.KUSINFAMILY\PrivacIE
2009-10-22 07:55 . 2009-10-22 16:23 -------- d-----w- c:\program files\Trojan Remover
2009-10-22 07:55 . 2009-10-22 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-10-18 07:53 . 2009-10-18 11:48 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-17 10:52 . 2009-10-17 10:52 -------- d-sh--w- c:\documents and settings\omayr.KUSINFAMILY\IETldCache
2009-10-17 09:04 . 2009-10-17 09:04 -------- d-----w- c:\windows\ie8updates
2009-10-17 08:55 . 2009-10-17 09:01 -------- dc-h--w- c:\windows\ie8
2009-10-17 08:48 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-17 08:48 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-17 08:48 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-17 08:48 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-17 08:48 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-17 08:48 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-17 08:46 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-16 19:30 . 2009-10-16 19:30 -------- d-----w- C:\332088486b0d351317d803b6
2009-10-13 05:56 . 2009-10-13 05:56 -------- d-----w- C:\rsit
2009-10-10 05:59 . 2009-10-10 05:59 -------- d-----w- c:\documents and settings\omayr.KUSINFAMILY\Application Data\Malwarebytes
2009-10-10 05:58 . 2009-10-10 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-10 05:37 . 2009-10-10 05:37 -------- d-----w- C:\_OTL
2009-10-09 22:37 . 2009-10-12 15:45 -------- d-----w- c:\program files\InterActual
2009-10-06 04:55 . 2009-10-06 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2009-10-01 07:05 . 2009-10-01 07:05 -------- d-----w- c:\program files\CleanUp!
2009-09-30 10:02 . 2009-09-30 10:02 -------- d-----w- c:\windows\ServicePackFiles
2009-09-30 09:56 . 2009-09-30 09:56 -------- d-----w- c:\program files\Trend Micro
2009-09-30 06:43 . 2009-09-30 06:43 -------- d-----w- c:\documents and settings\omayr.KUSINFAMILY\Application Data\ESET
2009-09-30 06:43 . 2009-09-30 06:43 -------- d-----w- c:\documents and settings\omayr.KUSINFAMILY\Local Settings\Application Data\ESET
2009-09-30 06:42 . 2009-09-30 06:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-30 06:36 . 2009-09-30 06:36 -------- d-----w- c:\program files\ESET
2009-09-28 07:27 . 2009-09-28 07:27 67645 ----a-w- c:\windows\system32\drivers\pshook11.sys
2009-09-28 07:25 . 2009-09-28 09:38 -------- d-----w- c:\program files\INAC
2009-09-27 06:34 . 2009-09-27 09:08 -------- d-----w- c:\documents and settings\omayr.KUSINFAMILY\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 12:24 . 2009-09-09 23:29 -------- d-----w- c:\documents and settings\omayr.KUSINFAMILY\Application Data\Skype
2009-10-26 09:57 . 2009-07-11 15:15 -------- d-----w- c:\documents and settings\omayr.KUSINFAMILY\Application Data\skypePM
2009-10-25 02:39 . 2009-06-07 08:22 -------- d-----w- c:\documents and settings\omayr.KUSINFAMILY\Application Data\BitTorrent
2009-10-18 11:48 . 2009-04-22 14:53 -------- d-----w- c:\documents and settings\omayr.KUSINFAMILY\Application Data\Yahoo!
2009-10-18 07:56 . 2009-04-21 21:31 -------- d-----w- c:\program files\Yahoo!
2009-10-18 07:55 . 2009-07-30 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-30 06:36 . 2009-08-30 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-30 02:53 . 2009-05-15 06:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-30 02:43 . 2009-04-21 19:39 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-26 00:32 . 2009-04-21 01:21 18632 -c--a-w- c:\documents and settings\omayr.KUSINFAMILY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-26 00:28 . 2009-09-26 00:28 -------- d-----w- c:\program files\MSBuild
2009-09-26 00:28 . 2009-09-26 00:28 -------- d-----w- c:\program files\Reference Assemblies
2009-09-26 00:24 . 2009-09-26 00:24 -------- d-----w- c:\program files\MSXML 6.0
2009-09-25 07:09 . 2009-04-21 22:13 2320128 ----a-w- c:\windows\system32\TUKernel.exe
2009-09-19 21:49 . 2009-09-16 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-16 07:51 . 2009-09-16 04:17 -------- d-----w- c:\documents and settings\omayr.KUSINFAMILY\Application Data\Apple Computer
2009-09-16 04:42 . 2009-05-15 06:22 -------- d-----w- c:\program files\Bonjour
2009-09-16 04:13 . 2009-09-16 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 23:11 . 2009-06-07 08:21 -------- d-----w- c:\program files\BitTorrent
2009-09-09 23:29 . 2009-09-09 23:29 -------- d-----w- c:\program files\Common Files\Skype
2009-09-09 23:29 . 2009-09-09 23:29 -------- d-----r- c:\program files\Skype
2009-09-09 23:29 . 2009-07-11 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-08 21:44 . 2009-04-21 01:28 -------- d-----w- c:\program files\Google
2009-09-07 11:33 . 2009-07-09 00:34 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-09-04 20:45 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 02:24 . 2009-04-20 19:11 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2009-04-20 19:11 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2009-04-20 19:11 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2008-10-16 21:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2009-04-20 19:11 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2009-04-20 19:11 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2009-04-20 19:11 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 13:45 . 2009-07-30 07:39 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2004-08-04 12:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-03 22:59 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

------- Sigcheck -------

[-] 2009-04-21 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-10_07.45.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 03:54 . 2009-07-12 03:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 08:07 . 2009-07-12 08:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 08:19 . 2009-07-12 08:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-12 02:41 . 2009-07-12 02:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-04-21 20:18 . 2009-01-08 01:21 26144 c:\windows\system32\spupdsvc.exe
+ 2009-08-11 17:09 . 2009-01-08 01:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 46592 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-10-16 22:50 67510 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-09-26 00:48 67510 c:\windows\system32\perfc009.dat
+ 2009-01-08 01:20 . 2009-01-08 01:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 11:31 . 2009-03-08 11:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 11:31 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2009-03-08 11:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-04 12:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 11:32 . 2009-03-08 11:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2009-03-08 11:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 11:31 . 2009-03-08 11:31 59904 c:\windows\system32\icardie.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-04 12:00 . 2009-03-08 11:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-04-20 19:10 . 2009-03-08 11:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2004-08-04 12:00 . 2009-03-08 11:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 12:00 . 2009-03-08 11:33 18944 c:\windows\system32\corpol.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 72704 c:\windows\system32\admparse.dll
+ 2009-10-17 09:06 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-10-17 09:06 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-10-17 09:06 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 37888 c:\windows\ie8\url.dll
+ 2009-10-17 08:57 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 39424 c:\windows\ie8\pngfilt.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 96256 c:\windows\ie8\occache.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 56832 c:\windows\ie8\mshtmler.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 29184 c:\windows\ie8\mshta.exe
+ 2009-10-17 08:55 . 2004-08-04 12:00 22016 c:\windows\ie8\licmgr10.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 16384 c:\windows\ie8\jsproxy.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 96256 c:\windows\ie8\inseng.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 35840 c:\windows\ie8\imgutil.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 93184 c:\windows\ie8\iexplore.exe
+ 2009-10-17 08:55 . 2004-08-04 12:00 62976 c:\windows\ie8\iesetup.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 48640 c:\windows\ie8\iernonce.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 81920 c:\windows\ie8\ieencode.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 34304 c:\windows\ie8\ie4uinit.exe
+ 2009-10-17 08:55 . 2004-08-04 12:00 38912 c:\windows\ie8\hmmapi.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 35328 c:\windows\ie8\corpol.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 99840 c:\windows\ie8\advpack.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 61440 c:\windows\ie8\admparse.dll
+ 2009-10-17 01:31 . 2009-10-17 01:31 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-17 11:14 . 2009-10-17 11:14 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-17 11:14 . 2009-10-17 11:14 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-17 09:04 . 2009-10-17 09:04 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-17 09:04 . 2009-10-17 09:04 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-16 23:08 . 2009-10-16 23:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-16 23:07 . 2009-10-16 23:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-17 08:42 . 2009-10-17 08:42 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-17 08:41 . 2009-10-17 08:41 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-17 08:38 . 2009-10-17 08:38 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-17 05:04 . 2009-10-17 05:04 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-17 09:04 . 2009-03-08 11:35 2048 c:\windows\ie8updates\KB973874-IE8\iecompat.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 08:12 . 2009-07-12 08:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 08:09 . 2009-07-12 08:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 08:08 . 2009-07-12 08:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-01-08 01:21 . 2009-01-08 01:21 121856 c:\windows\system32\xmllite.dll
+ 2004-08-04 12:00 . 2009-04-02 06:02 604160 c:\windows\system32\wmspdmod.dll
+ 2009-03-08 11:34 . 2009-03-08 11:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-04 12:00 . 2009-03-08 11:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2009-03-08 11:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-04 12:00 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2009-09-26 00:48 432594 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-10-16 22:50 432594 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-03-08 11:34 193536 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2009-03-08 11:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 11:32 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-04 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 11:22 . 2009-03-08 11:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-04 12:00 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 11:11 . 2009-03-08 11:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2009-03-08 11:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2009-03-08 11:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-03-08 11:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 348160 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-04-02 06:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-04 12:00 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-03-08 11:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-04-20 19:11 . 2009-03-08 11:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2004-08-04 12:00 . 2009-03-08 11:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
- 2004-08-04 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2004-08-04 12:00 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll
- 2004-08-04 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-03-08 11:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2009-03-08 11:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2004-08-04 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-04-20 19:10 . 2009-03-08 21:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 12:00 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2009-03-08 11:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2009-03-08 11:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-03-08 11:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2009-03-08 11:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2009-03-08 11:32 128512 c:\windows\system32\advpack.dll
+ 2009-08-08 06:51 . 2009-08-08 06:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2009-10-18 07:53 . 2009-10-18 07:53 424960 c:\windows\Installer\79821.msi
+ 2009-10-17 09:06 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-10-17 09:06 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-10-17 09:06 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-10-17 09:06 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-10-17 09:06 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-10-17 09:06 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-10-17 09:06 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-10-17 09:06 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-10-17 09:06 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-10-17 09:04 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB973874-IE8\spuninst\updspapi.dll
+ 2009-10-17 09:04 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB973874-IE8\spuninst\spuninst.exe
+ 2009-10-17 17:24 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-10-17 17:24 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-10-17 17:24 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 659456 c:\windows\ie8\wininet.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 276480 c:\windows\ie8\webcheck.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 848384 c:\windows\ie8\vgx.dll
+ 2009-10-17 08:55 . 2007-12-18 14:40 417792 c:\windows\ie8\vbscript.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 616448 c:\windows\ie8\urlmon.dll
+ 2009-10-17 08:57 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-10-17 08:57 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-10-17 08:55 . 2009-06-26 16:18 532480 c:\windows\ie8\mstime.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 146432 c:\windows\ie8\msrating.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 146432 c:\windows\ie8\msls31.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 449024 c:\windows\ie8\mshtmled.dll
+ 2009-10-17 08:55 . 2009-08-21 09:46 450560 c:\windows\ie8\jscript.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 251392 c:\windows\ie8\iepeers.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 323584 c:\windows\ie8\iedkcs32.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 216576 c:\windows\ie8\ieaksie.dll
+ 2009-10-17 08:55 . 2004-08-04 12:00 139264 c:\windows\ie8\ieakeng.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 205312 c:\windows\ie8\dxtrans.dll
+ 2009-10-17 08:55 . 2009-06-26 16:18 357888 c:\windows\ie8\dxtmsft.dll
+ 2009-09-26 00:48 . 2009-09-26 00:48 303104 c:\windows\assembly\temp\S2AJS09IQZ\SystemWebsite removed for spammingntime.Remoting.dll
+ 2009-10-17 08:40 . 2009-10-17 08:40 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-17 01:31 . 2009-10-17 01:31 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-17 01:31 . 2009-10-17 01:31 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-17 01:30 . 2009-10-17 01:30 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-17 11:15 . 2009-10-17 11:15 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-17 11:14 . 2009-10-17 11:14 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-17 11:14 . 2009-10-17 11:14 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-17 11:14 . 2009-10-17 11:14 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-17 11:14 . 2009-10-17 11:14 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-17 11:14 . 2009-10-17 11:14 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-17 11:14 . 2009-10-17 11:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-17 11:14 . 2009-10-17 11:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-17 08:41 . 2009-10-17 08:41 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\SystemWebsite removed for spammingntime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\SystemWebsite removed for spammingntime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-17 05:05 . 2009-10-17 05:05 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-17 05:05 . 2009-10-17 05:05 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-17 01:30 . 2009-10-17 01:30 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-17 09:05 . 2009-10-17 09:05 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-17 08:41 . 2009-10-17 08:41 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-17 11:13 . 2009-10-17 11:13 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-17 09:04 . 2009-10-17 09:04 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-17 08:40 . 2009-10-17 08:40 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-17 08:40 . 2009-10-17 08:40 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-17 08:40 . 2009-10-17 08:40 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-17 01:27 . 2009-10-17 01:27 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-17 01:27 . 2009-10-17 01:27 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-17 01:27 . 2009-10-17 01:27 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-17 01:27 . 2009-10-17 01:27 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-17 08:40 . 2009-10-17 08:40 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-17 08:39 . 2009-10-17 08:39 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-17 08:42 . 2009-10-17 08:42 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-17 08:42 . 2009-10-17 08:42 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-17 08:42 . 2009-10-17 08:42 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-17 08:42 . 2009-10-17 08:42 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-17 08:41 . 2009-10-17 08:41 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-17 08:38 . 2009-10-17 08:38 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-17 05:04 . 2009-10-17 05:04 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 131072 c:\windows\assembly\GAC_MSIL\SystemWebsite removed for spammingntime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SystemWebsite removed for spammingntime.Serialization.Formatters.Soap.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 131072 c:\windows\assembly\GAC_MSIL\SystemWebsite removed for spammingntime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SystemWebsite removed for spammingntime.Serialization.Formatters.Soap.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 303104 c:\windows\assembly\GAC_MSIL\SystemWebsite removed for spammingntime.Remoting\2.0.0.0__b77a5c561934e089\SystemWebsite removed for spammingntime.Remoting.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 303104 c:\windows\assembly\GAC_MSIL\SystemWebsite removed for spammingntime.Remoting\2.0.0.0__b77a5c561934e089\SystemWebsite removed for spammingntime.Remoting.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-16 22:49 . 2009-10-16 22:49 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-09-26 00:48 . 2009-09-26 00:48 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-16 22:50 . 2009-10-16 22:50 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-16 18:17 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-12 03:46 . 2009-07-12 03:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 03:46 . 2009-07-12 03:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2004-08-04 12:00 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 1435648 c:\windows\system32\query.dll
+ 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
+ 2004-08-04 12:00 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
+ 2009-03-08 11:32 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2009-02-07 04:07 . 2009-02-07 04:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 12:00 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-05-07 20:05 . 2009-08-04 14:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-05-07 20:05 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-05-07 20:05 . 2009-08-04 13:13 2015744 c:

Tech Clinic / Office PC problem!

« on: October 25, 2009, 10:49:49 AM »

[quote name=\'guestolo\' post=\'465869\' date=\'Oct 21 2009, 11:33 PM\']What last procedure?[/quote]

the combofix.. but i still have that "madforelmo" written/showing beside the clock in my taskbar.. and if i hide my clock.. it hide's with along with it...

anyway, i have some logs which i will upload here.. the ones i run in my Office PC.. hope you check it out for me...

OTL logfile created on: 10/22/2009 3:32:21 madforelmo - Run 3
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.23 Mb Total Physical Memory | 632.30 Mb Available Physical Memory | 62.34% Memory free
2.38 Gb Paging File | 2.16 Gb Available in Paging File | 90.57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 10.25 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive D: | 57.12 Gb Total Space | 53.78 Gb Free Space | 94.16% Space Free | Partition Type: NTFS
Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.84 Gb Total Space | 3.46 Gb Free Space | 90.23% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-BBE8C8A7C
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2007/11/09 00:53:50 | 00,423,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/09/09 03:39:24 | 16,851,968 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/02/20 11:06:58 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/11/09 00:52:22 | 01,274,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
PRC - [2007/11/09 00:55:04 | 00,884,696 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
PRC - [2008/03/03 18:06:00 | 01,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2008/07/03 07:38:24 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/10/09 22:34:14 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2007/11/09 00:53:50 | 00,423,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - [2008/07/25 08:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 08:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/02/20 11:14:52 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008/07/29 18:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/20 14:52:10 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 08:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 16:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/20 13:49:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [2006/11/10 19:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 16:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/14 08:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 15:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2008/02/20 11:01:30 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2008/02/20 11:02:22 | 00,029,704 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys -- (easdrv [System | Running])
DRV - [2008/02/20 11:11:16 | 00,033,800 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])
DRV - [2008/04/14 08:00:00 | 00,144,384 | ---- | M] (Windows Â® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/09/26 18:01:00 | 00,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
DRV - [2007/04/16 14:16:26 | 05,760,096 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2008/09/09 03:07:36 | 04,813,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/04/14 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/04/14 08:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/07/20 15:06:43 | 00,129,248 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman [Boot | Running])
DRV - [2009/07/20 15:06:47 | 00,043,008 | ---- | M] (Acronis) -- C:\WINDOWS\System32\DRIVERS\tifsfilt.sys -- (tifsfilter [Auto | Running])
DRV - [2009/07/20 15:06:47 | 00,454,688 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter [Boot | Running])
DRV - [2007/09/20 01:22:00 | 00,265,856 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Searchme"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/20 13:46:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/20 13:49:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/26 13:16:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/20 15:00:32 | 00,000,000 | ---D | M]

[2009/08/26 13:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions
[2009/08/26 13:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/26 13:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\5z0nd9br.default\extensions
[2009/07/20 14:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/20 14:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/28 13:21:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/04/23 21:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 21:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 21:38:33 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/10/22 23:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/04/23 17:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 17:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 17:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 17:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 17:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/13 02:39:56 | 00,002,494 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchme.xml
[2009/04/23 17:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 17:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Quran_AR] C:\Program Files\Quran_AR\Quran_AR.exe (Search Truth Technologies)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [bluebirds] C:\Documents and Settings\user\Bluebirds\BlueBirds.exe (LG Electronics)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/20 13:43:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 02:02:01 | 00,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0e82e442-7531-11de-b0c3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0e82e442-7531-11de-b0c3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e82e442-7531-11de-b0c3-806d6172696f}\Shell\AutoRun\command - "" = E:\BlueBirds.exe -- [2009/04/29 02:02:01 | 00,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[2009/10/19 14:28:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/22 15:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/10/21 15:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2009/10/19 14:28:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2009/10/22 15:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Simply Super Software
[2009/09/23 12:57:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Windows Search
[2009/09/23 10:02:49 | 00,000,000 | ---D | C] -- C:\Program Files\Globe Broadband
[2009/10/19 14:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/20 16:18:40 | 00,000,000 | ---D | C] -- C:\Program Files\Quran_AR
[2009/10/05 14:53:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/22 15:08:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009/10/22 15:32:09 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/22 15:27:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/22 15:23:01 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/22 15:22:39 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/22 15:22:39 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/22 15:22:39 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/22 15:22:39 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/22 15:22:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/22 15:22:35 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/22 15:22:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/22 15:21:57 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/10/22 15:08:50 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/10/22 15:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Simply Super Software
[2009/10/20 16:19:06 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/10/20 16:18:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\quran
[2009/10/19 14:28:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/19 14:28:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/19 14:26:41 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\user\Desktop\ATF-Cleaner.exe
[2009/09/29 14:39:41 | 00,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\wedzmer files
[2009/09/23 10:04:17 | 00,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/09/23 10:04:17 | 00,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/09/23 10:03:25 | 00,621,056 | R--- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2009/09/23 10:03:25 | 00,113,664 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2009/09/23 10:03:25 | 00,101,376 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2009/09/23 10:03:25 | 00,024,448 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[2009/10/22 15:27:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/22 15:25:58 | 00,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/22 15:23:04 | 00,000,281 | RHS- | M] () -- C:\boot. ini
[2009/10/22 15:13:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/22 15:13:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/22 15:08:51 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2009/10/21 23:56:56 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/10/21 23:46:52 | 03,351,153 | R--- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2009/10/21 15:24:56 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Tank.lnk
[2009/10/21 15:24:49 | 00,000,741 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Butterfly Escape.lnk
[2009/10/21 15:21:20 | 00,071,040 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/21 15:01:11 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Word 2003.lnk
[2009/10/21 09:03:10 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/10/21 07:48:39 | 00,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/20 16:18:40 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/10/20 15:20:23 | 00,000,594 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/20 15:20:23 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/19 08:54:47 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Excel 2003.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/10 00:28:16 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\user\Desktop\ATF-Cleaner.exe
[2009/10/09 22:34:14 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/09 13:39:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/09 09:24:58 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/05 11:01:49 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office PowerPoint 2003.lnk
[2009/10/05 09:58:47 | 04,811,124 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2009/09/24 12:39:56 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/09/23 10:03:43 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk

[color=\"#E56717\"]========== Files - No Company Name ==========[/color]
[2009/10/22 15:23:04 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/22 15:23:01 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/22 15:22:39 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/22 15:22:39 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/22 15:22:39 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/22 15:22:39 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/22 15:21:31 | 03,351,153 | R--- | C] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2009/10/22 15:08:51 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2009/10/22 15:08:50 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/22 15:08:50 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/10/22 15:08:50 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/22 15:08:50 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/21 15:24:56 | 00,000,594 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Tank.lnk
[2009/10/21 15:24:49 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Butterfly Escape.lnk
[2009/10/20 15:20:20 | 00,000,877 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/09/23 10:03:43 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2009/08/28 14:16:03 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/08/26 15:03:26 | 00,071,040 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/26 13:22:58 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 12:56:34 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/20 15:01:21 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/20 14:59:54 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/20 14:59:52 | 02,045,459 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/07/20 14:59:52 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/20 14:59:52 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/20 14:59:51 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/20 14:59:50 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/20 14:59:50 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/20 14:29:17 | 04,811,124 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2009/07/20 14:19:16 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2009/07/20 14:05:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\user\Application Data\desktop.ini
[2009/07/20 13:38:05 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2009/07/20 13:38:04 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2009/07/20 13:38:04 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2009/07/20 06:28:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/04/14 08:00:00 | 00,000,594 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 08:00:00 | 00,000,264 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/02/20 11:11:16 | 00,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

ComboFix 09-10-20.03 - user 10/22/2009 15:23.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.656 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\samok.vbs

.
((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-22 22:08 . 2006-06-19 20:01   69632   ----a-w-   c:\windows\system32\ztvcabinet.dll
2009-10-22 22:08 . 2006-05-25 22:52   162304   ----a-w-   c:\windows\system32\ztvunrar36.dll
2009-10-22 22:08 . 2005-08-26 08:50   77312   ----a-w-   c:\windows\system32\ztvunace26.dll
2009-10-22 22:08 . 2003-02-03 03:06   153088   ----a-w-   c:\windows\system32\UNRAR3.dll
2009-10-22 22:08 . 2002-03-06 08:00   75264   ----a-w-   c:\windows\system32\unacev2.dll
2009-10-22 22:08 . 2009-10-22 22:09   --------   d-----w-   c:\program files\Trojan Remover
2009-10-22 22:08 . 2009-10-22 22:08   --------   d-----w-   c:\documents and settings\user\Application Data\Simply Super Software
2009-10-22 22:08 . 2009-10-22 22:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Simply Super Software
2009-10-22 20:54 . 2009-10-22 20:54   --------   d-----w-   c:\documents and settings\Admin\Application Data\Media Player Classic
2009-10-22 20:44 . 2009-10-22 20:44   --------   d-----w-   c:\documents and settings\Admin\Bluebirds
2009-10-21 17:45 . 2009-10-21 17:45   --------   d-----w-   c:\documents and settings\Admin\Local Settings\Application Data\ESET
2009-10-21 16:59 . 2009-10-21 16:59   --------   d-----w-   c:\documents and settings\Admin\Application Data\DivX
2009-10-21 16:13 . 2009-10-21 16:13   --------   d-----w-   c:\documents and settings\Admin\Application Data\Winamp
2009-10-21 16:03 . 2009-10-21 16:03   71040   ----a-w-   c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 14:50 . 2009-10-21 14:50   --------   d-sh--w-   c:\documents and settings\Admin\PrivacIE
2009-10-20 23:19 . 2009-10-20 23:18   737280   ----a-w-   c:\windows\iun6002.exe
2009-10-20 23:18 . 2009-10-20 23:18   --------   d-----w-   c:\windows\system32\quran
2009-10-20 23:18 . 2009-10-20 23:19   --------   d-----w-   c:\program files\Quran_AR
2009-10-19 21:28 . 2009-10-19 21:28   --------   d-----w-   c:\documents and settings\user\Application Data\Malwarebytes
2009-10-19 21:28 . 2009-09-10 21:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 21:28 . 2009-10-20 18:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-19 21:28 . 2009-10-19 21:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 21:28 . 2009-09-10 21:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-05 21:53 . 2009-10-05 21:53   --------   d-----w-   c:\program files\Trend Micro
2009-09-23 20:27 . 2009-09-23 20:27   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-23 19:57 . 2009-09-23 19:57   --------   d-----w-   c:\documents and settings\user\Application Data\Windows Search
2009-09-23 17:04 . 2008-04-22 23:09   32384   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2009-09-23 17:04 . 2008-04-22 23:09   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2009-09-23 17:03 . 2008-09-27 01:01   621056   ----a-r-   c:\windows\system32\drivers\mod7700.sys
2009-09-23 17:03 . 2008-09-27 01:01   113664   ----a-r-   c:\windows\system32\drivers\ewusbnet.sys
2009-09-23 17:03 . 2008-09-27 01:01   101376   ----a-r-   c:\windows\system32\drivers\ewusbmdm.sys
2009-09-23 17:03 . 2008-09-27 01:00   24448   ----a-r-   c:\windows\system32\drivers\ewdcsc.sys
2009-09-23 17:02 . 2009-10-20 18:39   --------   d-----w-   c:\program files\Globe Broadband

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 22:21 . 2009-08-26 22:03   71040   ----a-w-   c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 22:50 . 2009-10-20 22:50   --------   d-----w-   c:\documents and settings\Admin\Application Data\Windows Desktop Search
2009-10-20 22:50 . 2009-10-20 22:50   --------   d-----w-   c:\documents and settings\Admin\Application Data\Malwarebytes
2009-10-20 18:19 . 2009-07-20 20:41   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-10-20 18:19 . 2009-07-20 20:38   --------   d-----w-   c:\program files\Windows Desktop Search
2009-10-20 17:18 . 2009-07-20 21:52   --------   d-----w-   c:\program files\Google
2009-10-20 16:51 . 2009-07-20 21:54   --------   d-----w-   c:\program files\Blinque
2009-09-24 19:39 . 2009-09-02 23:32   10   ----a-w-   c:\windows\popcinfo.dat
2009-09-22 22:47 . 2009-07-20 21:52   --------   d-----w-   c:\documents and settings\user\Application Data\Winamp
2009-09-22 21:57 . 2009-07-20 21:55   --------   d-----w-   c:\program files\Common Files\Adobe
2009-09-08 19:53 . 2009-07-20 22:17   --------   d-----w-   c:\documents and settings\user\Application Data\Ahead
2009-09-02 22:44 . 2009-09-02 22:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\Genimo
2009-09-02 22:37 . 2009-09-02 22:37   --------   d-----w-   c:\documents and settings\user\Application Data\Genimo
2009-08-28 21:06 . 2009-08-28 21:06   --------   d-----w-   c:\documents and settings\user\Application Data\Media Player Classic
2009-08-28 00:19 . 2009-08-28 00:19   --------   d--h--w-   c:\documents and settings\All Users\Application Data\CanonIJEGV
2009-08-27 23:54 . 2009-08-27 23:51   --------   d-----w-   c:\program files\Canon
2009-08-27 23:53 . 2009-08-27 23:53   --------   d--h--w-   c:\documents and settings\All Users\Application Data\CanonBJ
2009-08-27 23:52 . 2009-08-27 23:52   --------   d--h--w-   c:\program files\CanonBJ
2009-08-27 21:11 . 2009-07-20 21:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-26 20:16 . 2009-08-26 20:16   0   ----a-w-   c:\windows\nsreg.dat
.

------- Sigcheck -------

[-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\documents and settings\user\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-20 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe" [2007-11-09 1274600]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe" [2007-11-09 884696]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Quran_AR"="c:\program files\Quran_AR\Quran_AR.exe" [2009-07-08 327680]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-7-20 128000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 b-b2g 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 11:08 b-b2g 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [4/14/2008 8:00 b-b2g 3584]
S3 abp470n5;abp470n5;

.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5z0nd9br.default\
FF - prefs.js: browser.search.selectedEngine - Searchme
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 15:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-10-22 15:27
ComboFix-quarantined-files.txt 2009-10-22 22:27

Pre-Run: 11,099,721,728 bytes free
Post-Run: 10,985,598,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FF3F0AA0A7D8D13E33F44E4684300291

Tech Clinic / Multiple PC Issues

« on: October 25, 2009, 10:36:08 AM »

[quote name=\'guestolo\' post=\'465868\' date=\'Oct 21 2009, 11:29 PM\']Yes, but if you set Windows to not Automatically restart, it won't restart and freeze on the Blue Screen so you may be able to take note of an error message[/quote]

I already did that.. but still, i'm experiencing the same problem..

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

how do i actually use that recovery console you asked me to install?

Tech Clinic / Office PC problem!

« on: October 21, 2009, 10:57:06 AM »

[quote name=\'guestolo\' post=\'465663\' date=\'Oct 12 2009, 11:28 AM\']If you right click on "MyComputer" and select Properties
The info you need should be under the General tab

Don't forget to transfer all files/tools to the Desktop of the computer
Leave your Flash drive plugged into the computer at work when doing your scan with ComboFix[/quote]

I'll do this as soon as I go to work...

But your last procedure actually fixed the missing folder options and run button in the start menu..

But there is still this thing i see below (in) the task bar.. in the right corner you can see the clock and the time right? but there's this
"madforelmo" written after it.. As if it's some sort of malware or virus or whatever it is...

Tech Clinic / Multiple PC Issues

« on: October 21, 2009, 10:40:39 AM »

[quote name=\'guestolo\' post=\'465762\' date=\'Oct 17 2009, 02:12 PM\']Yes, what is the Exact Make/model of your laptop

Sometimes, not always, registry cleaners can do more harm than good[/quote]

The one below the monitor of my laptop says that it's Acer TravelMate 2450 but the sticker says Acer TravelMate 2451WLMi
I hope the two answers I gave you wouldn't make much difference.

[quote name=\'guestolo\' post=\'465762\' date=\'Oct 17 2009, 02:12 PM\']Are all the vents on the sides and bottom of laptop clear of dust and debris
Just trying to eliminate a Heat issue[/quote]

I just opened my laptop this morning..lol
Damn it was so dusty.. I just hope it would somehow sooth up the process....

[quote name=\'guestolo\' post=\'465762\' date=\'Oct 17 2009, 02:12 PM\']Can you also do the following,
Right click on MyComputer>>Left click Properties
Open the ADVANCED tab>>click on Settings under "Startup and Recovery"
Untick "Automatically Restart" under 'system failure'
OK out of there[/quote]

Done doing that...

[quote name=\'guestolo\' post=\'465762\' date=\'Oct 17 2009, 02:12 PM\']Maybe next time, instead of the computer restarting it may Blue Screen
and you can take note of the Exact error message and post it back here[/quote]

It happens so fast.. not about 2 seconds longer.

[quote name=\'guestolo\' post=\'465762\' date=\'Oct 17 2009, 02:12 PM\']In addition, can you open OTL.txt again
Ensure that "Use Safelist" is checked under EXTRA REGISTRY
Then run a Scan again and post the logs back here[/quote]

I have uploaded both logs in this post.. Hope you'd check 'em out too..

Thanx for the continued help sir!

Tech Clinic / Multiple PC Issues

« on: October 16, 2009, 10:58:13 AM »

[quote name=\'guestolo\' post=\'465721\' date=\'Oct 14 2009, 09:17 PM\']Second Image: Recommends more System Memory, this is hardware, do you want to update your memory?[/quote]
can i update my memory without reformatting or installing new (external) mem?

[quote name=\'guestolo\' post=\'465721\' date=\'Oct 14 2009, 09:17 PM\']I'm not a big fan of TuneUp utilitities if it includes a registry cleaner that is not used properly
Does it have one built in?[/quote]
Yes, why?

[quote name=\'guestolo\' post=\'465721\' date=\'Oct 14 2009, 09:17 PM\']When was the last time you opened up the side cover of your computer, when it's shut down totally and cleaned it out, is it clean inside the box?[/quote]

I'm using a laptop, I don't open anything inside it.. I haven't even touched the screws

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

[quote name=\'guestolo\' post=\'465721\' date=\'Oct 14 2009, 09:17 PM\']Can you also do the following
Sysprot Antirootkit
Please download [color=\"#0000ff\"]Sysprot Antirootki[/color]t from the linik
and save to your Desktop

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to.
Open the text file and copy/paste the log here.

[/quote]

Here's the log.txt it created...

I uploaded it...

And another thing... I noticed that my pc has been making a lot of weird things.. Like for example, for the last two days, when I turn it off, I click on shut down, but, it restarts by itself. I'm pretty sure I clicked SHUT DOWN. It happened twice already. The last time was awhile ago.

Tech Clinic / Multiple PC Issues

« on: October 14, 2009, 10:19:35 AM »

[quote name=\'guestolo\' post=\'465690\' date=\'Oct 13 2009, 09:47 PM\']Please keep me informed of What programs are not responding
Sometimes things have a way of fixing themselves, and a new problem arises
So please keep me updated[/quote]

It has 6 different pop-ups before it shuts down and I can't memorize it all, but here's some of the few that shows in the pop-up that aren't responding.

1. LockMon.exe
2. explorer.exe
3. Realtek HD Audio Manager

still have 3 more that I forgot.. but if I turn it off right now.. I'll try to post there names as well.

And another thing, about my first post in this thread, the one with images regarding the Tune Up Utilities, it's not yet fixed.. Can you help me figure that out?

Tech Clinic / Multiple PC Issues

« on: October 13, 2009, 11:35:35 AM »

[quote name=\'guestolo\' post=\'465662\' date=\'Oct 12 2009, 11:09 AM\']Are you still experiencing any problems with this computer?[/quote]

These are the problems I'm still encountering in this PC.

1. After I did what you asked me last night... About Running the Random System Information Tool (RSIT), my PC rebooted twice today. Once later this morning when I turned it on, after I used it for a few minutes, it just rebooted by itself without me doing anything to it. And it happened again later tonight before I replied here in your message. I don't know what's wrong with it. I just followed your instructions thoroughly.

2. I'm still bugged with the same problem every time I turn off my PC. The pop-ups of PROGRAM NOT RESPONDING is still there even though I did unstill the other anti-virus I'm using. And I forgot to tell you that even before when I was still using 1 anti-virus (AVIRA), I was already experiencing this problem. And it just continued until I installed another one (ESET).

[quote name=\'guestolo\' post=\'465662\' date=\'Oct 12 2009, 11:09 AM\']Can I also have you open MalwareBytes AntiMalware
Check for updates, then run another quick scan
Remove anything if found and post it's log[/quote]

Here's the LOG it showed up:

Code: [Select]

Malwarebytes' Anti-Malware 1.41
Database version: 2954
Windows 5.1.2600 Service Pack 2

10/14/2009 12:29:45 AM
mbam-log-2009-10-14 (00-29-45).txt

Scan type: Quick Scan
Objects scanned: 101187
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

No detections were found.. But still, problems aren't totally fixed..

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / Multiple PC Issues

« on: October 12, 2009, 10:01:37 AM »

[quote name=\'guestolo\' post=\'465646\' date=\'Oct 11 2009, 12:21 PM\']Ok, let's deal with this computer
Back to what I posted earlier

With that said, we don't need the incompatibility of 2 antivirus software on top of other problems
Again, Uninstall one and then reboot the computer

Let me know of any problems your still experiencing, Only with this computer for now[/quote]

Ok, i have uninstalled AVIRA anti virus, and now I'm left with ESET because it has an anti-spyware.

here are the txt files as i have uploaded both files.

what's next to do?

Logfile of random's system information tool 1.06 (written by random/random)
Run by omayr at 2009-10-12 22:56:26
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 17 GB (64%) free of 26 GB
Total RAM: 446 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:35 PM, on 10/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\omayr.KUSINFAMILY\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\omayr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4963 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-07-30 159472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-14 16010752]
"eLockMonitor"=C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe [2006-04-21 16384]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.reg - edit -
.reg - open - "%1" %*
.txt - open -

======List of files/folders created in the last 1 months======

2009-10-12 22:56:26 ----D---- C:\rsit
2009-10-10 00:55:59 ----SHD---- C:\RECYCLER
2009-10-10 00:47:55 ----D---- C:\WINDOWS\temp
2009-10-10 00:47:52 ----A---- C:\ComboFix.txt
2009-10-10 00:40:27 ----A---- C:\Boot.bak
2009-10-10 00:40:22 ----RASHD---- C:\cmdcons
2009-10-10 00:36:32 ----A---- C:\WINDOWS\zip.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\SWSC.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\SWREG.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\sed.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\PEV.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\grep.exe
2009-10-10 00:36:20 ----D---- C:\WINDOWS\ERDNT
2009-10-10 00:35:01 ----D---- C:\Qoobox
2009-10-09 22:59:09 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Malwarebytes
2009-10-09 22:58:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-09 22:58:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-09 22:37:18 ----D---- C:\_OTL
2009-10-09 15:50:53 ----A---- C:\WINDOWS\iPlayer.INI
2009-10-09 15:37:25 ----D---- C:\Program Files\InterActual
2009-10-06 22:26:16 ----D---- C:\Program Files\Mozilla Firefox
2009-10-05 21:55:19 ----D---- C:\Documents and Settings\All Users\Application Data\Speedbit
2009-10-03 13:15:20 ----A---- C:\DVDPATH.TXT
2009-10-01 00:05:38 ----D---- C:\Program Files\CleanUp!
2009-09-30 13:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-09-30 03:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-30 03:14:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-30 03:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-30 03:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-30 03:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-30 03:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-30 03:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-30 03:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-30 03:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-09-30 03:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-30 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-09-30 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-30 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-30 03:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-30 03:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-09-30 03:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-30 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-30 03:02:09 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-30 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-09-30 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-30 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-30 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-09-30 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-30 02:56:55 ----D---- C:\Program Files\Trend Micro
2009-09-29 23:43:48 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ESET
2009-09-29 23:36:31 ----D---- C:\Program Files\ESET
2009-09-28 00:25:54 ----D---- C:\Program Files\INAC
2009-09-26 23:34:41 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Download Manager
2009-09-25 17:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-25 17:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-25 17:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-25 17:30:35 ----D---- C:\2a420226d86363a7344d60
2009-09-25 17:28:54 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-25 17:28:49 ----D---- C:\Program Files\MSBuild
2009-09-25 17:28:46 ----D---- C:\WINDOWS\system32\en-US
2009-09-25 17:28:37 ----D---- C:\Program Files\Reference Assemblies
2009-09-25 17:28:05 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-09-25 17:28:05 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-09-25 17:28:05 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-09-25 17:28:04 ----D---- C:\2995d2e1e33890630e13
2009-09-25 17:24:22 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-09-25 17:24:16 ----D---- C:\Program Files\MSXML 6.0
2009-09-25 17:22:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-25 17:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-15 21:17:41 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Apple Computer
2009-09-15 21:15:54 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-09-15 21:13:29 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

======List of files/folders modified in the last 1 months======

2009-10-12 22:56:27 ----D---- C:\WINDOWS\Prefetch
2009-10-12 22:53:27 ----D---- C:\WINDOWS
2009-10-12 22:53:14 ----SD---- C:\WINDOWS\Tasks
2009-10-12 22:52:31 ----RD---- C:\Program Files
2009-10-12 22:51:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-12 22:50:25 ----D---- C:\WINDOWS\system32\drivers
2009-10-12 22:15:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-12 08:45:29 ----D---- C:\WINDOWS\system32
2009-10-12 06:16:58 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Skype
2009-10-12 03:48:03 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\skypePM
2009-10-12 01:06:53 ----SD---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Microsoft
2009-10-11 12:46:59 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\BitTorrent
2009-10-10 00:45:59 ----A---- C:\WINDOWS\system.ini
2009-10-10 00:45:29 ----SHD---- C:\WINDOWS\Installer
2009-10-10 00:43:57 ----D---- C:\WINDOWS\AppPatch
2009-10-10 00:43:50 ----D---- C:\Program Files\Common Files
2009-10-10 00:40:27 ----RASH---- C:\boot. ini
2009-10-09 15:51:33 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-09 15:40:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-07 06:59:52 ----D---- C:\WINDOWS\Minidump
2009-10-04 07:55:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-03 17:32:52 ----A---- C:\WINDOWS\win.ini
2009-10-03 17:27:21 ----D---- C:\WINDOWS\system32\config
2009-10-02 13:54:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-02 13:02:52 ----HD---- C:\WINDOWS\inf
2009-10-02 13:02:52 ----D---- C:\WINDOWS\Help
2009-09-30 07:33:32 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-30 04:55:45 ----D---- C:\Program Files\Outlook Express
2009-09-30 03:16:44 ----A---- C:\WINDOWS\imsins.BAK
2009-09-30 03:14:25 ----D---- C:\WINDOWS\Debug
2009-09-30 03:08:59 ----D---- C:\Program Files\Internet Explorer
2009-09-30 03:08:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-29 23:36:31 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-09-29 20:05:38 ----D---- C:\WINDOWS\WinSxS
2009-09-29 20:03:59 ----D---- C:\Program Files\Adobe
2009-09-29 19:53:28 ----D---- C:\Program Files\Common Files\Adobe
2009-09-29 19:43:37 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-09-29 01:57:16 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Adobe
2009-09-25 23:46:07 ----RSD---- C:\WINDOWS\assembly
2009-09-25 17:48:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-25 17:28:44 ----RSD---- C:\WINDOWS\Fonts
2009-09-25 17:25:53 ----D---- C:\WINDOWS\system32\mui
2009-09-25 00:09:54 ----A---- C:\WINDOWS\system32\TUKernel.exe
2009-09-24 10:31:28 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Yahoo!
2009-09-19 14:47:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-15 21:42:46 ----D---- C:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-06-25 36776]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-06-25 38440]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
R2 eLock2FSCTLDriver;eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-01-25 488448]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-08 1506816]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-16 4249088]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-06-25 119080]
S3 catchme;catchme; \??\C:\DOCUME~1\OMAYR~1.KUS\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-08 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-06-25 1552680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 LockServ;LockServ; C:\Acer\Empowering Technology\eLock\LockServ.exe [2006-04-24 364544]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-04-21 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 .EsetTrialReset;Eset Trial Reset; C:\WINDOWS\reset.exe /s []
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-19 190448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-14 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-04-21 362240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-10-12 22:56:39

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x9
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Atheros Wireless LAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D70DE630-0D13-4394-A15B-5ACE6CF2A18D}\Setup.exe" -l0x9 UNINSTALL
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{6FF67F80-BD1F-4142-B95A-8A0C044AA4F8}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{90437E5F-0A9E-4B63-AD8B-D232897D18BF}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom 802.11 Network Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F\HXFSETUP.EXE -U -IWstAzlK.inf
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB916089)-->"C:\WINDOWS\$NtUninstallKB916089$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Java(tm) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 4.5.3 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Malwarebytes' Anti-Malware-->"F:\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Essentials-->MsiExec.exe /X{8E72B982-D54F-486F-B35A-C24B6F171033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Skypeï¿½ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
The Hadith Software Version 1.0-->"C:\Program Files\Islamasoft Solutions\The Hadith Software\unins000.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-09-30]
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-09-30]
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) [2009-09-30]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-09-30]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ [2009-09-30]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html [2009-09-30]
O2 - BHO: (no name) - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - (no file) [2009-09-30]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ [2009-09-30]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com [2009-09-30]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-09-30]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com [2009-09-30]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com [2009-09-30]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html [2009-09-30]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com [2009-09-30]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ [2009-09-30]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-09-30]
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-30]
O3 - Toolbar: (no name) - {6F4F95AF-1647-4B72-A632-055405455423} - (no file) [2009-09-30]
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2009-09-30]
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-09-30]
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2009-09-30]
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-09-30]
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2009-09-30]
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2009-09-30]
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2009-09-30]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [2009-09-30]
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide [2009-09-30]
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2009-09-30]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-09-30]

======Security center information======

AV: ESET Smart Security 4.0
FW: ESET Personal firewall

======System event log======

Computer Name: KUSINFAMILY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 17179
Source Name: Cdrom
Time Written: 20091003131954.000000-420
Event Type: warning
User:

Computer Name: KUSINFAMILY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 17178
Source Name: Cdrom
Time Written: 20091003131954.000000-420
Event Type: warning
User:

Computer Name: KUSINFAMILY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 17177
Source Name: Cdrom
Time Written: 20091003131954.000000-420
Event Type: warning
User:

Computer Name: KUSINFAMILY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 17176
Source Name: Cdrom
Time Written: 20091003131954.000000-420
Event Type: warning
User:

Computer Name: KUSINFAMILY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 17175
Source Name: Cdrom
Time Written: 20091003131954.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: KUSINFAMILY
Event Code: 490
Message: svchost (408) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Record Number: 20
Source Name: ESENT
Time Written: 20091001045401.000000-420
Event Type: error
User:

Computer Name: KUSINFAMILY
Event Code: 1517
Message: Windows saved user KUSINFAMILY\omayr registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 12
Source Name: Userenv
Time Written: 20091001011805.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KUSINFAMILY
Event Code: 4113
Message:
Record Number: 11
Source Name: Avira AntiVir
Time Written: 20091001003145.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KUSINFAMILY
Event Code: 4113
Message:
Record Number: 10
Source Name: Avira AntiVir
Time Written: 20091001003142.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KUSINFAMILY
Event Code: 4113
Message:
Record Number: 9
Source Name: Avira AntiVir
Time Written: 20091001003136.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Pages: [1] 2

TheTechGuide Forum

News:

Show Posts

Messages - wedzmer

Software / Help about BAD_POOL_HEADER

Software / Help about BAD_POOL_HEADER

Software / Help about BAD_POOL_HEADER

Software / Help about BAD_POOL_HEADER

Tech Clinic / Office PC problem!

Tech Clinic / Office PC problem!

Tech Clinic / Office PC problem!

Tech Clinic / Office PC problem!

Tech Clinic / Office PC problem!

Tech Clinic / Office PC problem!

Tech Clinic / Office PC problem!

Tech Clinic / Multiple PC Issues

Tech Clinic / Office PC problem!

Tech Clinic / Multiple PC Issues

Tech Clinic / Office PC problem!

Tech Clinic / Multiple PC Issues

Tech Clinic / Multiple PC Issues

Tech Clinic / Multiple PC Issues

Tech Clinic / Multiple PC Issues

Tech Clinic / Multiple PC Issues