Redirects and unable to update

[ScoopMasters]

My wife's computer won't log onto any update sites, redirects to ask.com in google search and the DHCP client will not start, (though I can still connect to the internet throughthe router.) I ran malwarebytes and found/removed one infection. I tried Search & destroy, but it is no longer on the computer. (I didn't remove it??) And I can't get to the safer_networking.org site to download it. Following is the hijackthis log.
Thanks in advance for your help.
Tim

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:54 PM, on 4/29/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\SCOOPM~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Users\Scoopmasters 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10881 bytes

[Blade81]

Hi Tim

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

[ScoopMasters]

Hi Blade! As requested:My DDS.txt and Attach.txt (I'm not sure how to tell if I have a script blocker or not) Also, I'm not sure if I was suppose to zip the attach file or not. Since I've never done that...I didn't.
Thanks.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Scoopmasters 2 at 23:29:07.80 on Fri 05/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.973 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\SCOOPM~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Scoopmasters 2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: SmartShopper: {137e6e5e-a205-4657-a49f-1ab865787089} - c:\program files\smartshopper\bin\2.5.0\SmrtShpr.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStatusMessages = 1 (0x1)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {2260D608-C844-435d-90FD-DC16CFA577F2} - c:\program files\smartshopper\bin\2.5.0\SmrtShpr.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} - c:\program files\smartshopper\bin\2.5.0\SmrtShpr.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\scoopm~1\appdata\roaming\mozilla\firefox\profiles\i8ey0pgj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-frz_cb5f&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.scoopmasters.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\scoopmasters 2\appdata\roaming\mozilla\firefox\profiles\i8ey0pgj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\users\scoopmasters 2\appdata\local\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\scoopmasters 2\appdata\roaming\mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2008-12-12 4064]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-8-11 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

=============== Created Last 30 ================

2009-04-29 21:42 <DIR> --d----- c:\program files\Trend Micro
2009-04-29 19:40 <DIR> --d----- c:\users\scoopmasters 2\.housecall6.6
2009-04-29 13:14 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-29 13:14 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-29 13:14 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-29 13:14 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-29 13:01 236,529,687 a------- c:\windows\MEMORY.DMP
2009-04-28 21:35 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-04-28 21:35 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-04-21 00:42 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2009-04-21 00:41 <DIR> --d----- c:\programdata\ESET
2009-04-21 00:41 <DIR> --d----- c:\program files\ESET
2009-04-06 13:04 <DIR> --d----- c:\program files\SmartDraw 2009
2009-04-05 22:49 <DIR> --d----- c:\users\scoopmasters 2\IGC
2009-04-05 22:49 245,408 -----r-- c:\windows\system32\unicows.dll
2009-04-05 22:49 <DIR> --d----- c:\program files\IGC
2009-04-05 17:45 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-04-05 16:00 <DIR> --d----- c:\programdata\Auslogics
2009-04-05 16:00 <DIR> --d----- c:\progra~2\Auslogics
2009-04-05 15:51 <DIR> --d----- c:\users\scoopm~1\appdata\roaming\Auslogics
2009-04-05 15:49 <DIR> --d----- c:\program files\Auslogics
2009-04-04 19:19 <DIR> --d----- c:\program files\common files\supportsoft
2009-04-04 19:18 1,843,200 a------- c:\windows\system32\acXMLParser.dll
2009-04-04 19:18 3,518,464 a------- c:\windows\system32\cdintf300.dll
2009-04-04 19:12 <DIR> --d----- c:\programdata\Intuit
2009-04-04 19:12 <DIR> --d----- c:\program files\Intuit
2009-04-04 19:12 <DIR> --d----- c:\program files\common files\Intuit
2009-04-04 19:12 <DIR> --d----- c:\progra~2\Intuit
2009-04-04 19:10 <DIR> --d----- c:\programdata\COMMON FILES
2009-04-04 19:10 <DIR> --d----- c:\progra~2\COMMON FILES

==================== Find3M ====================

2009-04-29 12:59 51,200 a------- c:\windows\inf\infpub.dat
2009-04-29 12:59 86,016 a------- c:\windows\inf\infstor.dat
2009-04-29 12:59 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-05 21:40 85,296 a------- c:\users\scoopm~1\appdata\roaming\GDIPFONTCACHEV1.DAT
2008-11-10 12:35 450 a------- c:\users\scoopm~1\appdata\roaming\wklnhst.dat
2008-09-05 16:59 174 a--sh--- c:\program files\desktop.ini
2008-09-05 16:47 665,600 a------- c:\windows\inf\drvindex.dat
2008-08-11 22:13 87,608 a------- c:\users\scoopm~1\appdata\roaming\inst.exe
2008-08-11 22:13 47,360 a------- c:\users\scoopm~1\appdata\roaming\pcouffin.sys
2008-06-25 02:27 554 a------- c:\users\scoopmasters 2\152.bat
2008-02-26 22:55 87,608 a------- c:\users\scoopm~1\appdata\roaming\ezpinst.exe
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2002-09-24 08:24 61,440 a------- c:\windows\inf\i386\onetUSD.dll
1998-05-12 04:01 8,944 a------- c:\windows\inf\i386\Usbscan.sys
2007-09-13 12:22 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:29:57.44 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/13/2007 11:31:42 AM
System Uptime: 5/1/2009 11:06:22 PM (0 hours ago)

Motherboard: Acer | | Biwa
Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | U2E1 | 1467/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 35.27 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 68.133 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&24040786&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&24040786&0&00E0
Service: b57nd60x

==== System Restore Points ===================

RP567: 4/29/2009 5:13:25 PM - April2909
RP569: 4/29/2009 6:36:25 PM - Remove AnyDVD
RP571: 4/29/2009 6:37:30 PM - Remove CloneDVD2
RP572: 5/1/2009 11:22:48 PM - Installed

==== Installed Programs ======================

100+ Great Games Vol 2
32 Bit HP CIO Components Installer
5 Spots II (remove only)
7 Wonders 2
7 Wonders of the Ancient World (remove only)
Absurd Atlantis
Acer Assist
Acer Crystal Eye webcam
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acer Tour
Adobe Acrobat Reader 3.01
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe Type Manager 4.0
Agere Systems HDA Modem
Amazing Adventures Around the World (remove only)
Amazing Adventures The Lost Tomb (remove only)
Apple Mobile Device Support
Apple Software Update
AusLogics BoostSpeed
Azkend
Best Buy Digital Music Store
Big Fish Games Client
Bonjour
Brava! Reader 3.2
BreakQuest
Bricks of Camelot
Broadcom Gigabit Integrated Controller
Build-a-lot 2 - Town of the Year (remove only)
Chicken Invaders 3 - Revenge of the Yolk (remove only)
Chuzzle Deluxe (remove only)
Chuzzle Deluxe 1.0
ConvertXtoDVD 2.2.3.258
DivX Converter
DivX Player
DivX Web Player
Dream Day Wedding
Dream Day Wedding Married in Manhattan
Elf Bowling 7 - The Last Insult
Elf Bowling 7 - The Last Insult (remove only)
ESET NOD32 Antivirus
Fish Tycoon
FizzBall
Form Fill (Windows Live Toolbar)
Frosty Games
Full Tilt Poker
Golden Reef Casino
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Updater
Great Journey - Mr. Penguin's Letter (remove only)
HDPlugin
Heroes of Hellas
HijackThis 2.0.2
HP Photosmart D5400 Printer Driver 11.0 Rel .3
Indeo® Software
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Jawbreaker
JEOPARDY! 2
Jewel Quest II (remove only)
LightScribe 1.4.142.1
Lucky Emperor Casino
Luxor - Amun Rising
Luxor 2
Magic Ball 2 New Worlds
Magic Ball 3
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Streets & Trips 2008
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Monopoly Junior
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Mystery Case Files: Return to Ravenhearst ™
NeoBall
neroxml
NTI CD & DVD-Maker
Odds Maker
OddsMaker 2.1
OneTouch Version 3.0
Organizer Pro
Picaboo 2.0.406
PokerStars
PokerStars.net
PokerTimer(remove only)
PowerISO
PS_SF_03_D5400_Software_Min
QuickBooks Premier: Accountant Edition 2008
QuickTime
RealArcade
Realtek High Definition Audio Driver
Rebound Lost Worlds
Rhapsody Player Engine
Saints & Sinners Bowling (remove only)
ScanSoft PaperPort Viewer 7.0
Scrabble 2
Security Update for CAPICOM (KB931906)
Shangri La 2
Smart Menus (Windows Live Toolbar)
Smilebox
Sprill - The Mystery of the Bermuda Trianle (remove only)
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Weather Channel Desktop 6
TIPCI
Toolbox
UltimateBet
VCRedistSetup
Wheel of Fortune Deluxe (remove only)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Player Firefox Plugin
WinPcap 4.0.2
WinZip 11.1
Word Slinger
YouTube Download Studio 2.3.2.0

==== Event Viewer Messages From Past Week ========

4/30/2009 12:00:39 PM, Error: EventLog [6008] - The previous system shutdown at 6:53:13 PM on 4/29/2009 was unexpected.
4/29/2009 6:43:50 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001C26B9B587. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/29/2009 6:43:27 PM, Error: EventLog [6008] - The previous system shutdown at 5:06:19 PM on 4/29/2009 was unexpected.
4/29/2009 4:59:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Kaspersky Anti-Virus service to connect.
4/29/2009 4:59:57 PM, Error: Service Control Manager [7000] - The Kaspersky Anti-Virus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/29/2009 4:59:46 PM, Error: EventLog [6008] - The previous system shutdown at 1:36:37 PM on 4/29/2009 was unexpected.
4/29/2009 12:59:00 PM, Error: Service Control Manager [7000] - The Kaspersky Lab Driver service failed to start due to the following error: The system cannot find message text for message number 0xKaspersky Lab Driver in the message file for The system cannot find message text for message number 0x%1 in the message file for %2..
4/29/2009 12:51:21 PM, Error: EventLog [6008] - The previous system shutdown at 12:32:04 PM on 4/29/2009 was unexpected.
4/29/2009 12:24:12 PM, Error: EventLog [6008] - The previous system shutdown at 8:33:07 PM on 4/28/2009 was unexpected.
4/29/2009 1:14:54 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
4/29/2009 1:14:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.83 for the Network Card with network address 001C26B9B587 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/29/2009 1:12:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/29/2009 1:03:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/29/2009 1:03:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ATMhelpr DfsC easdrv ElbyCDIO epfwtdir kl1 klbg KLIF KLIM6 NetBIOS netbt nsiproxy PSched RasAcd rdbss SCDEmu Smb spldr tdx Wanarpv6
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2009 1:03:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2009 1:03:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/29/2009 1:02:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/29/2009 1:02:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/29/2009 1:02:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/29/2009 1:02:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/29/2009 1:02:12 PM, Error: EventLog [6008] - The previous system shutdown at 12:58:08 PM on 4/29/2009 was unexpected.
4/28/2009 8:28:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCOOP-LAPTOP1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{26089ED5-FCB5-41F4-B786-1C9E. The master browser is stopping or an election is being forced.
4/28/2009 8:24:59 PM, Error: EventLog [6008] - The previous system shutdown at 12:12:07 AM on 4/27/2009 was unexpected.
4/27/2009 12:06:00 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: An instance of the service is already running.
4/27/2009 12:02:00 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/27/2009 12:02:00 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/27/2009 12:01:49 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Organizer PDF Creator with shared resource name Organizer PDF Creator. Error 2114. The printer cannot be used by others on the network.
4/27/2009 12:01:43 AM, Error: EventLog [6008] - The previous system shutdown at 1:42:29 PM on 4/26/2009 was unexpected.
4/26/2009 1:34:46 PM, Error: EventLog [6008] - The previous system shutdown at 3:41:16 PM on 4/25/2009 was unexpected.
4/25/2009 3:35:19 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.105 with the system having network hardware address 00-1D-D9-31-CE-1A. Network operations on this system may be disrupted as a result.
4/25/2009 3:18:44 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
4/24/2009 10:27:59 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.221 for the Network Card with network address 001C26B9B587 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/24/2009 10:21:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seekeen Service service to connect.
4/24/2009 10:21:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Eset Nod32 Boot service to connect.
4/24/2009 10:21:29 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/24/2009 10:21:29 AM, Error: Service Control Manager [7000] - The Eset Nod32 Boot service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

[Blade81]

Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

________

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.

[ScoopMasters]

As requested:
GooredFix v1.92 by jpshortstuff
Log created at 12:51 on 02/05/2009 running Option #1 (Scoopmasters 2)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"


ComboFix 09-05-02.4 - Scoopmasters 2 05/02/2009 12:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1212 [GMT -7:00]
Running from: c:\users\Scoopmasters 2\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Scoopmasters 2\AppData\Roaming\inst.exe
c:\windows\system32\drivers\gaopdxspvdlpjbpmdmumsxeqofeehiinqyscod.sys
c:\windows\system32\gaopdxcdphxbdprwnwlntsfiivekkxgdqpubiq.dll
c:\windows\system32\gaopdxcounter
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-04-30 04:42 . 2009-04-30 04:42 -------- d-----w c:\program files\Trend Micro
2009-04-30 02:40 . 2009-04-30 04:23 -------- d-----w c:\users\Scoopmasters 2\.housecall6.6
2009-04-29 20:14 . 2009-05-02 19:33 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-29 20:14 . 2009-05-02 19:33 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-29 04:35 . 2009-04-29 04:35 -------- d-----w c:\programdata\Kaspersky Lab Setup Files
2009-04-29 04:35 . 2009-04-29 04:35 -------- d-----w c:\users\All Users\Kaspersky Lab Setup Files
2009-04-21 08:03 . 2009-04-21 08:03 -------- d-----w c:\users\Scoopmasters 2\AppData\Local\ESET
2009-04-21 07:42 . 2008-03-03 21:25 5702 ---ha-w c:\windows\nod32restoretemdono.reg
2009-04-21 07:41 . 2009-04-21 07:41 -------- d-----w c:\program files\ESET
2009-04-21 07:41 . 2009-04-21 07:41 -------- d-----w c:\programdata\ESET
2009-04-21 07:41 . 2009-04-21 07:41 -------- d-----w c:\users\All Users\ESET
2009-04-06 20:04 . 2009-04-06 21:02 -------- d-----w c:\program files\SmartDraw 2009
2009-04-06 05:49 . 2009-04-06 05:51 -------- d-----w c:\users\Scoopmasters 2\IGC
2009-04-06 05:49 . 2003-05-28 19:19 245408 ------r c:\windows\system32\unicows.dll
2009-04-06 05:49 . 2009-04-06 05:49 -------- d-----w c:\program files\IGC
2009-04-06 00:49 . 2009-04-06 00:49 -------- d-----w c:\program files\Microsoft.NET
2009-04-06 00:45 . 2009-04-06 00:45 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-06 00:37 . 2009-04-06 00:37 -------- dc-h--r C:\MSOCache
2009-04-05 23:00 . 2009-04-05 23:00 -------- d-----w c:\programdata\Auslogics
2009-04-05 23:00 . 2009-04-05 23:00 -------- d-----w c:\users\All Users\Auslogics
2009-04-05 22:51 . 2009-04-06 20:08 -------- d-----w c:\users\Scoopmasters 2\AppData\Roaming\Auslogics
2009-04-05 22:49 . 2009-04-05 22:49 -------- d-----w c:\program files\Auslogics
2009-04-05 02:19 . 2009-04-05 02:19 -------- d-----w c:\users\Scoopmasters 2\AppData\Local\Intuit
2009-04-05 02:19 . 2009-04-05 02:19 -------- d-----w c:\program files\Common Files\supportsoft
2009-04-05 02:18 . 2007-06-28 21:09 1843200 ----a-w c:\windows\system32\acXMLParser.dll
2009-04-05 02:18 . 2007-07-30 21:44 3518464 ----a-w c:\windows\system32\cdintf300.dll
2009-04-05 02:12 . 2009-04-05 02:14 -------- d-----w c:\program files\Common Files\Intuit
2009-04-05 02:12 . 2009-04-05 07:16 -------- d-----w c:\programdata\Intuit
2009-04-05 02:12 . 2009-04-05 07:16 -------- d-----w c:\users\All Users\Intuit
2009-04-05 02:12 . 2009-04-05 02:12 -------- d-----w c:\program files\Intuit
2009-04-05 02:10 . 2009-04-05 02:10 -------- d-----w c:\programdata\COMMON FILES
2009-04-05 02:10 . 2009-04-05 02:10 -------- d-----w c:\users\All Users\COMMON FILES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 19:41 . 2009-02-20 04:16 272 ----a-w c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
2009-05-02 19:34 . 2009-03-22 03:18 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-02 19:34 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 19:33 . 2009-04-29 20:14 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-02 19:33 . 2009-04-29 20:14 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-30 06:28 . 2008-12-29 23:15 892 ----a-w c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350496862-426771745-2629552281-1000.job
2009-04-29 20:13 . 2007-12-18 09:19 1356 ----a-w c:\users\Scoopmasters 2\AppData\Local\d3d9caps.dat
2009-04-29 19:59 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-29 19:59 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-29 19:59 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-27 06:53 . 2009-01-10 23:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 05:49 . 2007-08-26 04:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 01:28 . 2007-10-22 04:34 121472 ----a-w c:\users\Scoopmasters 2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-06 00:51 . 2007-08-26 05:30 -------- d-----w c:\program files\Microsoft Works
2009-04-06 00:51 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-03-27 03:24 . 2008-05-04 03:04 -------- d-----w c:\program files\Yahoo! Games
2009-03-21 04:49 . 2008-04-02 23:27 -------- d-----w c:\program files\Jawbreaker
2009-03-05 20:28 . 2009-03-05 20:28 -------- d-----w c:\program files\HDPlugin
2008-09-05 23:59 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-03-12 05:47 . 2008-03-12 05:47 141824 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-12-18 08:56 . 2007-12-18 08:45 48 --sh--w c:\windows\SA0594035.tmp
2007-09-13 19:22 . 2007-09-13 19:22 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-31 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-29 4472832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-25 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)
"DisableStartupSound"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SmileboxTray"="c:\users\Scoopmasters 2\AppData\Roaming\Smilebox\SmileboxTray.exe"
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" /startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PLFSet"=rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Microsoft WinUpdate"=c:\windows\system32\msupdte.exe
"Skytel"=Skytel.exe
"Acer Assist Launcher"=c:\program files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3350496862-426771745-2629552281-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F4611106-25F1-49C8-A64D-37CBB613E525}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{BA85F995-5919-4D9D-A29E-8E4E6319F1EC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8A032A9A-F194-4F44-B75A-EFD1BB753F99}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{BE57C9E0-1043-4459-AC79-CF9E87A9790E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{F787A9E3-AF80-465B-944B-C91CCE7BDCFA}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{B3F51E0E-D0FB-49E3-AE25-138A99E6FD4D}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{751BA009-55F9-41B8-AEE8-9C6482AB25F4}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F94EC44A-82FD-4BB9-9565-27653824F697}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{40327822-6008-44A0-BA90-961423C47C41}c:\\program files\\odds maker\\client.exe"= UDP:c:\program files\odds maker\client.exe:Odds Maker Client
"UDP Query User{848DE33F-2D75-4EE9-8F8A-EF57A61ECA4C}c:\\program files\\odds maker\\client.exe"= TCP:c:\program files\odds maker\client.exe:Odds Maker Client
"{747F35EF-8D2B-40E4-B92C-D046A4E2F156}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{01DBE3CA-4EF8-4258-95E6-3A1BD430C2F9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B49E9A36-77CF-4F21-AD38-1B0D85427E08}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{575D7858-3821-464B-9DC2-FF38271BDCF8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A8498C03-EBDA-4652-892D-1F1EB7C84D4A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9444F7E3-D465-45AE-891A-0289EACE958D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E6D58B45-559D-48C5-81F2-D4099AAA1007}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AAFA3BF6-BB25-4D10-847B-75F3B896AD94}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CF216AF7-D62D-4DED-961B-86159B2E7BE8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5CEB858A-EC35-4F0D-85A8-604536970A6B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{21B3A172-6B2D-4C19-9AAD-E38F695EB0B7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CFD88CDB-B84D-49BA-B8D9-20096D534758}"= UDP:c:\users\Scoopmasters 2\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{BF252301-ED72-4D09-9D2F-27FFB1BD5F3B}"= TCP:c:\users\Scoopmasters 2\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{3195E2F6-76F1-43FC-839C-3251454D0BD0}"= UDP:c:\users\Scoopmasters 2\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{1F431AB3-6025-4FF4-92A0-86B1A63AE7B5}"= TCP:c:\users\Scoopmasters 2\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-30 32784]
S1 ATMhelpr;ATMhelpr; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-10 20496]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-05-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-28 01:39]

2009-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-31 03:18]

2009-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350496862-426771745-2629552281-1000.job
- c:\users\Scoopmasters 2\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-14 00:38]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {2260D608-C844-435d-90FD-DC16CFA577F2} - c:\program files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} - c:\program files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\Scoopmasters 2\AppData\Roaming\Mozilla\Firefox\Profiles\i8ey0pgj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-frz_cb5f&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.scoopmasters.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Scoopmasters 2\AppData\Roaming\Mozilla\Firefox\Profiles\i8ey0pgj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\users\Scoopmasters 2\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Scoopmasters 2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 12:43
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-02 12:45
ComboFix-quarantined-files.txt 2009-05-02 19:45

Pre-Run: 37,141,377,024 bytes free
Post-Run: 37,234,372,608 bytes free

316 --- E O F --- 2009-03-05 16:51

[Blade81]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
LimeWire


I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).



After that:


Open notepad and copy/paste the text in the quotebox below into it:

Code:

Folder::
c:\program files\LimeWire
c:\program files\uTorrent
c:\program files\SmartShopper

DDS::
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {2260D608-C844-435d-90FD-DC16CFA577F2} -
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} -

FireFox::
FF - ProfilePath - c:\users\Scoopmasters 2\AppData\Roaming\Mozilla\Firefox\Profiles\i8ey0pgj.default\
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft WinUpdate"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F4611106-25F1-49C8-A64D-37CBB613E525}"=-
"{BA85F995-5919-4D9D-A29E-8E4E6319F1EC}"=-
"{8A032A9A-F194-4F44-B75A-EFD1BB753F99}"=-
"{BE57C9E0-1043-4459-AC79-CF9E87A9790E}"=-
"TCP Query User{751BA009-55F9-41B8-AEE8-9C6482AB25F4}c:\\program files\\utorrent\\utorrent.exe"=-
"UDP Query User{F94EC44A-82FD-4BB9-9565-27653824F697}c:\\program files\\utorrent\\utorrent.exe"=-

RegLock::
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 13.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.

[ScoopMasters]

The aforementioned p2p programs were removed before I started this thread. ( No more lending laptop to son) Following are the requested logs: (Not sure about the hijack this log as when I rescanned, it has an older date than today's date.) And all requested updates were done. Combofix file on next post, as it was too long.
Thanks

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 4, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 04, 2009 08:16:04
Records in database: 2126063
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 216665
Threat name: 3
Infected objects: 2
Suspicious objects: 2
Duration of the scan: 02:43:44


File name / Threat name / Threats count
C:\Users\Scoopmasters 2\.housecall6.6\Quarantine\铱昖.bac_a04500 Suspicious: Trojan.Win32.Patched.dy 1
C:\Users\Scoopmasters 2\AppData\Roaming\Auslogics\Rescue\One Button Checkup\090405155436155.rsc Suspicious: Trojan.Win32.Patched.dy 1
C:\Users\Scoopmasters 2\Music\italian romantic songs.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\Scoopmasters 2\Music\lo mejor del folklore de argen (best quality).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:54 PM, on 4/29/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\SCOOPM~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Users\Scoopmasters 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10881 bytes

[ScoopMasters]

ComboFix 09-05-02.4 - Scoopmasters 2 05/03/2009 22:51.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1034 [GMT -7:00]
Running from: c:\users\Scoopmasters 2\Desktop\ComboFix.exe
Command switches used :: c:\users\Scoopmasters 2\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-03 00:31 . 2008-12-16 05:31 7680 ----a-w c:\windows\system32\spwmp.dll
2009-05-03 00:31 . 2008-12-16 05:31 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-05-03 00:31 . 2008-12-16 03:29 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-05-03 00:29 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-05-03 00:29 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-05-03 00:29 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-30 04:42 . 2009-04-30 04:42 -------- d-----w c:\program files\Trend Micro
2009-04-30 02:40 . 2009-04-30 04:23 -------- d-----w c:\users\Scoopmasters 2\.housecall6.6
2009-04-29 20:14 . 2009-05-03 20:16 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-29 20:14 . 2009-05-03 20:16 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-29 04:35 . 2009-04-29 04:35 -------- d-----w c:\programdata\Kaspersky Lab Setup Files
2009-04-29 04:35 . 2009-04-29 04:35 -------- d-----w c:\users\All Users\Kaspersky Lab Setup Files
2009-04-21 08:03 . 2009-04-21 08:03 -------- d-----w c:\users\Scoopmasters 2\AppData\Local\ESET
2009-04-21 07:42 . 2008-03-03 21:25 5702 ---ha-w c:\windows\nod32restoretemdono.reg
2009-04-21 07:41 . 2009-04-21 07:41 -------- d-----w c:\program files\ESET
2009-04-21 07:41 . 2009-04-21 07:41 -------- d-----w c:\programdata\ESET
2009-04-21 07:41 . 2009-04-21 07:41 -------- d-----w c:\users\All Users\ESET
2009-04-06 20:04 . 2009-04-06 21:02 -------- d-----w c:\program files\SmartDraw 2009
2009-04-06 05:49 . 2009-04-06 05:51 -------- d-----w c:\users\Scoopmasters 2\IGC
2009-04-06 05:49 . 2003-05-28 19:19 245408 ------r c:\windows\system32\unicows.dll
2009-04-06 05:49 . 2009-04-06 05:49 -------- d-----w c:\program files\IGC
2009-04-06 00:49 . 2009-04-06 00:49 -------- d-----w c:\program files\Microsoft.NET
2009-04-06 00:45 . 2009-04-06 00:45 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-06 00:37 . 2009-04-06 00:37 -------- dc-h--r C:\MSOCache
2009-04-05 23:00 . 2009-04-05 23:00 -------- d-----w c:\programdata\Auslogics
2009-04-05 23:00 . 2009-04-05 23:00 -------- d-----w c:\users\All Users\Auslogics
2009-04-05 22:51 . 2009-04-06 20:08 -------- d-----w c:\users\Scoopmasters 2\AppData\Roaming\Auslogics
2009-04-05 22:49 . 2009-04-05 22:49 -------- d-----w c:\program files\Auslogics
2009-04-05 02:19 . 2009-04-05 02:19 -------- d-----w c:\users\Scoopmasters 2\AppData\Local\Intuit
2009-04-05 02:19 . 2009-04-05 02:19 -------- d-----w c:\program files\Common Files\supportsoft
2009-04-05 02:18 . 2007-06-28 21:09 1843200 ----a-w c:\windows\system32\acXMLParser.dll
2009-04-05 02:18 . 2007-07-30 21:44 3518464 ----a-w c:\windows\system32\cdintf300.dll
2009-04-05 02:12 . 2009-04-05 02:14 -------- d-----w c:\program files\Common Files\Intuit
2009-04-05 02:12 . 2009-04-05 07:16 -------- d-----w c:\programdata\Intuit
2009-04-05 02:12 . 2009-04-05 07:16 -------- d-----w c:\users\All Users\Intuit
2009-04-05 02:12 . 2009-04-05 02:12 -------- d-----w c:\program files\Intuit
2009-04-05 02:10 . 2009-04-05 02:10 -------- d-----w c:\programdata\COMMON FILES
2009-04-05 02:10 . 2009-04-05 02:10 -------- d-----w c:\users\All Users\COMMON FILES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 05:41 . 2009-02-20 04:16 272 ----a-w c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
2009-05-03 20:57 . 2008-12-29 23:15 892 ----a-w c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350496862-426771745-2629552281-1000.job
2009-05-03 20:21 . 2009-03-22 03:18 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-03 20:19 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 20:16 . 2009-04-29 20:14 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-03 20:16 . 2009-04-29 20:14 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-29 20:13 . 2007-12-18 09:19 1356 ----a-w c:\users\Scoopmasters 2\AppData\Local\d3d9caps.dat
2009-04-29 19:59 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-29 19:59 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-29 19:59 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-27 06:53 . 2009-01-10 23:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 05:49 . 2007-08-26 04:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 01:28 . 2007-10-22 04:34 121472 ----a-w c:\users\Scoopmasters 2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-06 00:51 . 2007-08-26 05:30 -------- d-----w c:\program files\Microsoft Works
2009-04-06 00:51 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-03-27 03:24 . 2008-05-04 03:04 -------- d-----w c:\program files\Yahoo! Games
2009-03-21 04:49 . 2008-04-02 23:27 -------- d-----w c:\program files\Jawbreaker
2009-03-17 03:38 . 2009-05-03 00:30 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-05-03 00:30 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-05-03 00:30 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-05 20:28 . 2009-03-05 20:28 -------- d-----w c:\program files\HDPlugin
2009-03-03 04:46 . 2009-05-03 00:30 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-05-03 00:30 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-05-03 00:30 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-05-03 00:30 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-05-03 00:30 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-05-03 00:30 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-05-03 00:30 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-05-03 00:30 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-05-03 00:30 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-05-03 00:30 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-13 08:49 . 2009-05-03 00:30 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-05-03 00:30 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-05-03 00:30 2033152 ----a-w c:\windows\system32\win32k.sys
2008-09-05 23:59 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-03-12 05:47 . 2008-03-12 05:47 141824 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-12-18 08:56 . 2007-12-18 08:45 48 --sh--w c:\windows\SA0594035.tmp
2007-09-13 19:22 . 2007-09-13 19:22 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-02_19.43.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-03 00:30 . 2009-03-03 04:32 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\printfilterpipelineprxy.dll
+ 2009-05-03 00:30 . 2009-03-03 04:39 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\printfilterpipelineprxy.dll
+ 2009-05-03 00:30 . 2009-03-03 04:17 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\printfilterpipelineprxy.dll
+ 2009-05-03 00:30 . 2009-03-03 04:19 24576 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\printfilterpipelineprxy.dll
+ 2009-05-03 00:30 . 2009-03-03 02:24 17408 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\iashost.exe
+ 2009-05-03 00:30 . 2009-03-03 04:28 47104 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\iasdatastore.dll
+ 2009-05-03 00:30 . 2009-03-03 04:28 57344 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\iasads.dll
+ 2009-05-03 00:30 . 2009-03-03 04:37 98304 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\iasrecst.dll
+ 2009-05-03 00:30 . 2009-03-03 02:38 17408 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\iashost.exe
+ 2009-05-03 00:30 . 2009-03-03 04:37 44032 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\iasdatastore.dll
+ 2009-05-03 00:30 . 2009-03-03 04:37 54784 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\iasads.dll
+ 2009-05-03 00:30 . 2009-03-03 04:14 97280 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.21023_none_cfbf2bc5520477a3\iasrecst.dll
+ 2009-05-03 00:30 . 2009-03-03 04:14 37888 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.21023_none_cfbf2bc5520477a3\iasdatastore.dll
+ 2009-05-03 00:30 . 2009-03-03 04:14 53248 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.21023_none_cfbf2bc5520477a3\iasads.dll
+ 2009-05-03 00:30 . 2009-03-03 04:16 97280 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16830_none_cf27e60e38f17483\iasrecst.dll
+ 2009-05-03 00:30 . 2009-03-03 04:16 37888 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16830_none_cf27e60e38f17483\iasdatastore.dll
+ 2009-05-03 00:30 . 2009-03-03 04:16 53248 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16830_none_cf27e60e38f17483\iasads.dll
+ 2009-05-03 00:30 . 2009-02-13 08:21 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\secur32.dll
+ 2009-05-03 00:30 . 2009-02-13 08:49 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\secur32.dll
+ 2009-05-03 00:30 . 2009-02-13 07:15 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\secur32.dll
+ 2009-05-03 00:30 . 2009-02-13 07:26 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\secur32.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21023_none_2a8666ad812ddf1b\iebrshim.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16830_none_29ef20f6681adbfb\iebrshim.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c461503d7a7e09be\iesetup.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c461503d7a7e09be\iernonce.dll
+ 2009-05-03 00:29 . 2009-03-03 02:06 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c461503d7a7e09be\ie4uinit.exe
+ 2009-05-03 00:29 . 2009-03-03 04:16 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0a86616b069e\iesetup.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0a86616b069e\iernonce.dll
+ 2009-05-03 00:29 . 2009-03-03 02:08 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0a86616b069e\ie4uinit.exe
+ 2009-05-03 00:29 . 2009-03-03 02:15 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\ieUnatt.exe
+ 2009-05-03 00:29 . 2009-03-03 02:28 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\ieUnatt.exe
+ 2009-05-03 00:29 . 2009-03-03 02:06 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\ieUnatt.exe
+ 2009-05-03 00:29 . 2009-03-03 02:08 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\ieUnatt.exe
+ 2009-05-03 00:29 . 2009-03-03 04:14 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21023_none_592c1a7f8042c775\icardie.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16830_none_5894d4c8672fc455\icardie.dll
+ 2009-05-03 00:29 . 2009-03-03 02:14 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22389_none_f3a9aa51d37cf9f0\mshtmler.dll
+ 2009-05-03 00:29 . 2009-03-03 04:28 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22389_none_f3a9aa51d37cf9f0\ieencode.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18226_none_f35dec30ba31667b\mshtmler.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18226_none_f35dec30ba31667b\ieencode.dll
+ 2009-05-03 00:29 . 2009-03-03 00:41 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21023_none_f1fe2199d62b5c91\mshtmler.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21023_none_f1fe2199d62b5c91\ieencode.dll
+ 2009-05-03 00:29 . 2009-03-03 00:44 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16830_none_f166dbe2bd185971\mshtmler.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16830_none_f166dbe2bd185971\ieencode.dll
+ 2009-05-03 00:29 . 2009-03-03 04:26 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22389_none_ae6e459e201c473b\admparse.dll
+ 2008-05-23 00:20 . 2008-01-19 07:33 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18226_none_ae22877d06d0b3c6\admparse.dll
+ 2009-05-03 00:29 . 2009-03-03 04:13 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21023_none_acc2bce622caa9dc\admparse.dll
+ 2009-05-03 00:29 . 2009-03-03 04:15 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16830_none_ac2b772f09b7a6bc\admparse.dll
+ 2009-05-03 00:29 . 2009-03-03 04:32 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\WininetPlugin.dll
+ 2009-05-03 00:29 . 2009-03-03 04:29 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\jsproxy.dll
+ 2008-04-10 06:36 . 2008-02-22 05:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\WininetPlugin.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\jsproxy.dll
+ 2009-05-03 00:29 . 2009-03-03 04:18 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\WininetPlugin.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\jsproxy.dll
+ 2009-05-03 00:29 . 2009-03-03 04:20 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\WininetPlugin.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\jsproxy.dll
+ 2009-05-03 00:29 . 2009-03-03 04:17 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21023_none_ec570a422f6e343f\pngfilt.dll
+ 2009-05-03 00:29 . 2009-03-03 04:19 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16830_none_ebbfc48b165b311f\pngfilt.dll
+ 2009-05-03 00:30 . 2008-06-06 03:25 38912 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.22197_none_4d223d3bd2ae154b\xolehlp.dll
+ 2009-05-03 00:30 . 2008-06-06 03:27 38912 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18085_none_4ca16fc8b98a26e2\xolehlp.dll
+ 2009-05-03 00:30 . 2008-06-06 03:23 30208 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.20852_none_4b623eb9d56b930a\xolehlp.dll
+ 2009-05-03 00:30 . 2008-06-05 04:50 30208 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.16697_none_4ab261cabc69e490\xolehlp.dll
+ 2009-05-03 00:30 . 2009-03-21 03:14 13824 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_none_7b098a66fa8bd087\apilogen.dll
+ 2009-05-03 00:30 . 2009-03-21 03:14 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_none_7b098a66fa8bd087\apihex86.dll
+ 2009-05-03 00:30 . 2009-03-21 03:14 24064 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_none_7b098a66fa8bd087\amxread.dll
+ 2009-05-03 00:30 . 2009-03-17 03:38 13824 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_none_7ab7ca89e145a508\apilogen.dll
+ 2009-05-03 00:30 . 2009-03-17 03:38 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_none_7ab7ca89e145a508\apihex86.dll
+ 2009-05-03 00:30 . 2009-03-17 03:38 24064 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_none_7ab7ca89e145a508\amxread.dll
+ 2009-05-03 00:30 . 2009-03-17 03:19 14848 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_none_796ed356fd2caf41\apilogen.dll
+ 2009-05-03 00:30 . 2009-03-17 03:19 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_none_796ed356fd2caf41\apihex86.dll
+ 2009-05-03 00:30 . 2009-03-17 03:19 25600 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_none_796ed356fd2caf41\amxread.dll
+ 2009-05-03 00:30 . 2009-03-17 03:16 14848 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_none_78d58d0be41b7973\apilogen.dll
+ 2009-05-03 00:30 . 2009-03-17 03:16 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_none_78d58d0be41b7973\apihex86.dll
+ 2009-05-03 00:30 . 2009-03-17 03:16 25600 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_none_78d58d0be41b7973\amxread.dll
+ 2009-05-03 00:30 . 2008-06-06 03:27 38912 c:\windows\System32\xolehlp.dll
- 2008-05-23 00:23 . 2008-01-19 07:37 38912 c:\windows\System32\xolehlp.dll
+ 2007-04-18 09:41 . 2009-05-03 20:27 87252 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-04-18 09:41 . 2009-05-02 19:36 87252 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-03 20:27 82260 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-10-22 04:35 . 2009-05-03 20:27 13044 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3350496862-426771745-2629552281-1000_UserData.bin
- 2009-02-11 03:49 . 2009-01-15 06:08 28160 c:\windows\System32\jsproxy.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 28160 c:\windows\System32\jsproxy.dll
+ 2007-09-13 18:49 . 2009-05-03 20:08 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-13 18:49 . 2009-05-02 06:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-13 18:49 . 2009-05-03 20:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-09-13 18:49 . 2009-05-02 06:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-24 02:12 . 2009-01-04 08:50 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-06-24 02:12 . 2009-05-03 20:12 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-06-24 02:12 . 2009-05-03 20:12 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-06-24 02:12 . 2009-05-03 20:12 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-06-24 02:12 . 2009-05-03 20:12 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-06-24 02:12 . 2009-05-03 20:12 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-06-24 02:12 . 2009-05-03 20:12 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-06-24 02:12 . 2009-05-03 20:12 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-05-03 00:31 . 2008-12-16 04:31 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\spwmp.dll
+ 2009-05-03 00:31 . 2008-12-16 04:32 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\dxmasf.dll
+ 2009-05-03 00:31 . 2008-12-16 05:31 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\spwmp.dll
+ 2009-05-03 00:31 . 2008-12-16 05:31 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\dxmasf.dll
+ 2009-05-03 00:31 . 2008-12-16 05:36 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\spwmp.dll
+ 2009-05-03 00:31 . 2008-12-16 05:37 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\dxmasf.dll
+ 2009-05-03 00:31 . 2008-12-16 05:53 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\spwmp.dll
+ 2009-05-03 00:31 . 2008-12-16 05:53 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\dxmasf.dll
+ 2009-05-03 00:30 . 2009-02-13 08:20 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
+ 2008-05-23 00:21 . 2008-01-19 07:33 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
+ 2009-05-03 00:30 . 2009-02-13 04:58 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
+ 2009-05-03 00:30 . 2009-02-13 07:26 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
- 2009-04-29 20:14 . 2009-05-02 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-03 20:19 . 2009-05-03 20:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-29 20:14 . 2009-05-02 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-03 20:19 . 2009-05-03 20:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-24 02:12 . 2009-05-03 20:12 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-06-24 02:12 . 2009-05-03 20:12 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-06-24 02:12 . 2009-05-03 20:12 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-05-03 00:30 . 2008-12-06 04:26 376832 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.22323_none_2544fb0bdb4e81f9\winhttp.dll
+ 2009-05-03 00:30 . 2008-12-06 04:42 376832 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18178_none_248a4e30c254ef70\winhttp.dll
+ 2009-05-03 00:30 . 2008-12-08 04:19 377344 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.20971_none_2326ac35de524a0f\winhttp.dll
+ 2009-05-03 00:30 . 2008-12-08 04:34 376832 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16786_none_22973f0ac53847c2\winhttp.dll
+ 2009-05-03 00:30 . 2009-03-03 02:03 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_109ee25ca4bb6776\WmiPrvSE.exe
+ 2009-05-03 00:30 . 2009-03-03 04:33 499200 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_109ee25ca4bb6776\WmiPrvSD.dll
+ 2009-05-03 00:30 . 2009-03-03 04:33 129024 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_109ee25ca4bb6776\WmiDcPrv.dll
+ 2009-05-03 00:30 . 2009-03-03 02:16 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\WmiPrvSE.exe
+ 2009-05-03 00:30 . 2009-03-03 04:40 499200 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\WmiPrvSD.dll
+ 2009-05-03 00:30 . 2009-03-03 04:40 129024 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\WmiDcPrv.dll
+ 2009-05-03 00:30 . 2009-03-03 01:57 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_0ef359a4a769ca17\WmiPrvSE.exe
+ 2009-05-03 00:31 . 2009-03-03 04:18 501760 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_0ef359a4a769ca17\WmiPrvSD.dll
+ 2009-05-03 00:30 . 2009-03-03 04:18 130560 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_0ef359a4a769ca17\WmiDcPrv.dll
+ 2009-05-03 00:30 . 2009-03-03 01:59 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_0e5c13ed8e56c6f7\WmiPrvSE.exe
+ 2009-05-03 00:31 . 2009-03-03 04:20 501760 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_0e5c13ed8e56c6f7\WmiPrvSD.dll
+ 2009-05-03 00:30 . 2009-03-03 04:20 130560 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_0e5c13ed8e56c6f7\WmiDcPrv.dll
+ 2009-05-03 00:30 . 2009-03-03 04:28 615424 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.22389_none_fb85772b93130197\fastprox.dll
+ 2009-05-03 00:30 . 2009-03-03 04:36 615424 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18226_none_fb39b90a79c76e22\fastprox.dll
+ 2009-05-03 00:30 . 2009-03-03 04:14 614912 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.21023_none_f9d9ee7395c16438\fastprox.dll
+ 2009-05-03 00:30 . 2009-03-03 04:16 614912 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16830_none_f942a8bc7cae6118\fastprox.dll
+ 2009-05-03 00:30 . 2008-12-02 04:36 268288 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22320_none_228a4bcd6e70a8bb\schannel.dll
+ 2009-05-03 00:30 . 2008-11-27 04:43 268288 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18175_none_21cf9ef255771632\schannel.dll
+ 2009-05-03 00:30 . 2008-12-02 04:25 269824 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.20967_none_207fcf7d716438ef\schannel.dll
+ 2009-05-03 00:30 . 2008-11-27 04:42 269824 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16782_none_1fdb8f82585b552d\schannel.dll
+ 2009-05-03 00:30 . 2009-03-03 02:49 666624 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\printfilterpipelinesvc.exe
+ 2009-05-03 00:30 . 2009-03-03 03:04 666624 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\printfilterpipelinesvc.exe
+ 2009-05-03 00:31 . 2009-03-03 02:37 659456 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\printfilterpipelinesvc.exe
+ 2009-05-03 00:30 . 2009-03-03 02:40 654336 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\printfilterpipelinesvc.exe
+ 2009-05-03 00:31 . 2009-03-03 04:32 324608 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\sdohlp.dll
+ 2009-05-03 00:30 . 2009-03-03 04:28 119296 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\iasrecst.dll
+ 2009-05-03 00:30 . 2009-03-03 04:39 183296 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\sdohlp.dll
+ 2009-05-03 00:30 . 2009-03-03 04:17 158720 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.21023_none_cfbf2bc5520477a3\sdohlp.dll
+ 2009-05-03 00:30 . 2009-03-03 04:19 158720 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16830_none_cf27e60e38f17483\sdohlp.dll
+ 2009-05-03 00:31 . 2008-12-16 02:38 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmpshare.exe
+ 2009-05-03 00:31 . 2008-12-16 02:38 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmplayer.exe
+ 2009-05-03 00:31 . 2008-12-16 02:38 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmpconfig.exe
+ 2009-05-03 00:31 . 2008-12-16 05:31 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmpshare.exe
+ 2009-05-03 00:31 . 2008-12-16 05:31 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmplayer.exe
+ 2009-05-03 00:31 . 2008-12-16 05:31 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmpconfig.exe
+ 2009-05-03 00:31 . 2008-12-16 03:49 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmpshare.exe
+ 2009-05-03 00:31 . 2008-12-16 03:49 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmplayer.exe
+ 2009-05-03 00:31 . 2008-12-16 03:49 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmpconfig.exe
+ 2009-05-03 00:31 . 2008-12-16 05:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmpshare.exe
+ 2009-05-03 00:31 . 2008-12-16 05:53 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmplayer.exe
+ 2009-05-03 00:31 . 2008-12-16 05:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmpconfig.exe
+ 2009-05-03 00:30 . 2009-01-30 00:29 441400 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\ksecdd.sys
+ 2008-05-23 00:23 . 2008-01-19 07:43 441400 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\ksecdd.sys
+ 2006-11-02 08:43 . 2006-11-02 09:51 407144 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\ksecdd.sys
+ 2006-11-02 08:43 . 2006-11-02 09:51 407144 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\ksecdd.sys
+ 2009-05-03 00:30 . 2009-02-13 08:21 890880 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
+ 2009-05-03 00:30 . 2009-02-13 08:49 888832 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
+ 2009-05-03 00:30 . 2009-02-13 07:13 875520 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
+ 2009-05-03 00:30 . 2009-02-13 07:26 875520 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
+ 2009-05-03 00:29 . 2009-03-03 02:07 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21023_none_0bd4a953f021dd83\ieuser.exe
+ 2009-05-03 00:29 . 2009-03-03 02:09 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16830_none_0b3d639cd70eda63\ieuser.exe
+ 2009-05-03 00:29 . 2009-03-03 02:07 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21023_none_e72c7437ada71dd1\ieinstal.exe
+ 2009-05-03 00:29 . 2009-03-03 02:08 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16830_none_e6952e8094941ab1\ieinstal.exe
+ 2009-05-03 00:29 . 2009-03-03 04:28 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22389_none_64de9070c77566f8\ieui.dll
+ 2008-05-23 00:21 . 2008-01-19 07:34 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18226_none_6492d24fae29d383\ieui.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21023_none_633307b8ca23c999\ieui.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16830_none_629bc201b110c679\ieui.dll
+ 2009-05-03 00:29 . 2009-03-03 04:32 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22389_none_47dfce2aa5da8df2\sqmapi.dll
+ 2009-05-03 00:29 . 2009-03-03 04:28 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22389_none_47dfce2aa5da8df2\iertutil.dll
+ 2008-05-23 00:22 . 2008-01-19 07:36 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18226_none_479410098c8efa7d\sqmapi.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 270336 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18226_none_479410098c8efa7d\iertutil.dll
+ 2009-05-03 00:29 . 2009-03-03 04:17 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21023_none_46344572a888f093\sqmapi.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21023_none_46344572a888f093\iertutil.dll
+ 2009-05-03 00:29 . 2009-03-03 04:19 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16830_none_459cffbb8f75ed73\sqmapi.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16830_none_459cffbb8f75ed73\iertutil.dll
+ 2009-05-03 00:29 . 2009-03-03 04:31 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22389_none_37628bfd2d797360\occache.dll
+ 2009-05-03 00:29 . 2009-03-03 04:39 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18226_none_3716cddc142ddfeb\occache.dll
+ 2009-05-03 00:29 . 2009-03-03 04:17 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21023_none_35b703453027d601\occache.dll
+ 2009-05-03 00:29 . 2009-03-03 04:19 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16830_none_351fbd8e1714d2e1\occache.dll
+ 2009-05-03 00:29 . 2009-03-03 04:32 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
+ 2009-05-03 00:29 . 2009-03-03 04:40 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
+ 2009-05-03 00:29 . 2009-03-03 04:18 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
+ 2009-05-03 00:29 . 2009-03-03 04:22 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
+ 2009-05-03 00:29 . 2009-03-03 04:15 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21023_none_46b984805f698544\mshtmled.dll
+ 2009-05-03 00:29 . 2009-03-03 04:17 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16830_none_46223ec946568224\mshtmled.dll
+ 2009-05-03 00:29 . 2009-03-03 04:30 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22389_none_6022ae1d53ccc24d\msfeeds.dll
+ 2009-05-03 00:29 . 2009-03-03 04:38 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18226_none_5fd6effc3a812ed8\msfeeds.dll
+ 2009-05-03 00:29 . 2009-03-03 04:15 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21023_none_5e772565567b24ee\msfeeds.dll
+ 2009-05-03 00:29 . 2009-03-03 04:17 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16830_none_5ddfdfae3d6821ce\msfeeds.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21023_none_9656ea289da8d2b7\dxtrans.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21023_none_9656ea289da8d2b7\dxtmsft.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16830_none_95bfa4718495cf97\dxtrans.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16830_none_95bfa4718495cf97\dxtmsft.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21023_none_fa22b17087c34c89\ieapfltr.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 383488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16830_none_f98b6bb96eb04969\ieapfltr.dll
+ 2009-05-03 00:29 . 2009-03-03 04:28 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22389_none_ae6e459e201c473b\ieakui.dll
+ 2009-05-03 00:29 . 2009-03-03 04:28 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22389_none_ae6e459e201c473b\ieaksie.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18226_none_ae22877d06d0b3c6\ieakui.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18226_none_ae22877d06d0b3c6\ieaksie.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21023_none_acc2bce622caa9dc\ieakui.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21023_none_acc2bce622caa9dc\ieaksie.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16830_none_ac2b772f09b7a6bc\ieakui.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16830_none_ac2b772f09b7a6bc\ieaksie.dll
+ 2009-05-03 00:29 . 2009-03-03 04:28 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22389_none_748c904a70d3905c\iedkcs32.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18226_none_7440d2295787fce7\iedkcs32.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21023_none_72e107927381f2fd\iedkcs32.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16830_none_7249c1db5a6eefdd\iedkcs32.dll
+ 2009-05-03 00:29 . 2009-03-03 04:32 827904 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\wininet.dll
+ 2009-05-03 00:29 . 2009-03-03 04:40 827392 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\wininet.dll
+ 2009-05-03 00:29 . 2009-03-03 04:18 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\wininet.dll
+ 2009-05-03 00:29 . 2009-03-03 04:20 826368 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\wininet.dll
+ 2009-05-03 00:29 . 2009-03-03 04:30 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22389_none_e101ca7595c90871\mstime.dll
+ 2009-05-03 00:29 . 2009-03-03 04:38 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18226_none_e0b60c547c7d74fc\mstime.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21023_none_df5641bd98776b12\mstime.dll
+ 2009-05-03 00:29 . 2009-03-03 04:18 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16830_none_debefc067f6467f2\mstime.dll
+ 2009-05-03 00:30 . 2008-06-06 03:23 562176 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.22197_none_4d223d3bd2ae154b\msdtcprx.dll
+ 2009-05-03 00:30 . 2008-06-06 03:27 562176 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18085_none_4ca16fc8b98a26e2\msdtcprx.dll
+ 2009-05-03 00:30 . 2008-06-06 03:21 500736 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.20852_none_4b623eb9d56b930a\msdtcprx.dll
+ 2009-05-03 00:30 . 2008-06-05 04:50 500736 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.16697_none_4ab261cabc69e490\msdtcprx.dll
+ 2009-05-03 00:30 . 2009-03-03 04:32 551424 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
+ 2009-05-03 00:30 . 2009-03-03 04:39 551424 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
+ 2009-05-03 00:30 . 2009-03-03 04:17 550400 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
+ 2009-05-03 00:30 . 2009-03-03 04:19 549888 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
+ 2009-05-03 00:29 . 2009-03-03 04:13 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21023_none_aa5c00930ed54e40\advpack.dll
+ 2009-05-03 00:29 . 2009-03-03 04:15 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16830_none_a9c4badbf5c24b20\advpack.dll
+ 2009-05-03 00:30 . 2008-12-06 04:42 376832 c:\windows\System32\winhttp.dll
- 2008-05-23 00:23 . 2008-01-19 07:36 376832 c:\windows\System32\winhttp.dll
+ 2008-09-06 02:22 . 2009-05-04 05:26 258158 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-05-03 00:30 . 2009-03-03 02:16 247296 c:\windows\System32\wbem\WmiPrvSE.exe
+ 2009-05-03 00:30 . 2009-03-03 04:40 499200 c:\windows\System32\wbem\WmiPrvSD.dll
+ 2009-05-03 00:30 . 2009-03-03 04:40 129024 c:\windows\System32\wbem\WmiDcPrv.dll
+ 2009-05-03 00:30 . 2009-03-03 04:36 615424 c:\windows\System32\wbem\fastprox.dll
+ 2009-05-03 00:30 . 2008-11-27 04:43 268288 c:\windows\System32\schannel.dll
- 2008-05-23 00:23 . 2008-01-19 07:36 268288 c:\windows\System32\schannel.dll
+ 2006-11-02 10:33 . 2009-05-03 20:25 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-02 19:42 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-02 19:42 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-03 20:25 101350 c:\windows\System32\perfc009.dat
+ 2009-05-03 00:29 . 2009-03-03 04:39 102912 c:\windows\System32\occache.dll
- 2008-05-23 00:21 . 2008-01-19 07:36 102912 c:\windows\System32\occache.dll
+ 2009-05-03 00:29 . 2009-03-03 04:38 671232 c:\windows\System32\mstime.dll
- 2009-02-11 03:49 . 2009-01-15 06:08 671232 c:\windows\System32\mstime.dll
- 2009-02-11 03:49 . 2009-01-15 06:08 458240 c:\windows\System32\msfeeds.dll
+ 2009-05-03 00:29 . 2009-03-03 04:38 458240 c:\windows\System32\msfeeds.dll
+ 2009-05-03 00:30 . 2008-06-06 03:27 562176 c:\windows\System32\msdtcprx.dll
+ 2009-05-03 00:30 . 2009-02-13 08:49 888832 c:\windows\System32\kernel32.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 270336 c:\windows\System32\iertutil.dll
- 2009-02-11 03:49 . 2009-01-15 06:07 270336 c:\windows\System32\iertutil.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 389120 c:\windows\System32\iedkcs32.dll
- 2008-05-23 00:21 . 2008-01-19 07:34 230400 c:\windows\System32\ieaksie.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 230400 c:\windows\System32\ieaksie.dll
+ 2006-11-02 12:47 . 2009-05-03 20:18 521624 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-04-06 02:07 521624 c:\windows\System32\FNTCACHE.DAT
+ 2007-09-13 18:49 . 2009-05-03 20:08 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-13 18:49 . 2009-05-02 06:13 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-24 02:12 . 2009-05-03 20:12 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-06-24 02:12 . 2009-01-04 08:50 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-06-24 02:12 . 2009-05-03 20:12 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-05-03 00:30 . 2009-02-09 02:54 2033664 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22372_none_b9336b71b3db5a1d\win32k.sys
+ 2009-05-03 00:30 . 2009-02-09 03:10 2033152 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18211_none_b8e9ade49a8df956\win32k.sys
+ 2009-05-03 00:30 . 2009-02-09 01:54 2030080 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21006_none_b79cb589b6789e33\win32k.sys
+ 2009-05-03 00:30 . 2009-02-09 01:59 2028032 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16816_none_b70870b09d62e718\win32k.sys
+ 2009-05-03 00:31 . 2009-03-03 04:37 3548656 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntoskrnl.exe
+ 2009-05-03 00:31 . 2009-03-03 04:37 3600880 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntkrnlpa.exe
+ 2009-05-03 00:30 . 2009-03-03 04:46 3547632 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntoskrnl.exe
+ 2009-05-03 00:30 . 2009-03-03 04:46 3599328 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntkrnlpa.exe
+ 2009-05-03 00:31 . 2009-03-03 04:22 3471328 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntoskrnl.exe
+ 2009-05-03 00:31 . 2009-03-03 04:22 3505120 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntkrnlpa.exe
+ 2009-05-03 00:30 . 2009-03-03 04:24 3469280 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntoskrnl.exe
+ 2009-05-03 00:30 . 2009-03-03 04:24 3503584 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntkrnlpa.exe
+ 2009-05-03 00:31 . 2008-12-16 02:39 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmploc.DLL
+ 2009-05-03 00:31 . 2008-12-16 03:29 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmploc.DLL
+ 2009-05-03 00:31 . 2008-12-16 03:49 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmploc.DLL
+ 2009-05-03 00:31 . 2008-12-16 04:00 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmploc.DLL

[ScoopMasters]

Continued:

64e35_6.0.6001.22376_none_a68e7da1761c2def\lsasrv.dll
+ 2009-05-03 00:30 . 2009-02-13 08:49 1255936 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsasrv.dll
+ 2009-05-03 00:30 . 2009-02-13 07:13 1234432 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsasrv.dll
+ 2009-05-03 00:30 . 2009-02-13 07:26 1233408 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsasrv.dll
+ 2009-05-03 00:29 . 2009-03-03 04:28 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22389_none_64de9070c77566f8\ieframe.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 6068736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18226_none_6492d24fae29d383\ieframe.dll
+ 2009-05-03 00:29 . 2009-03-03 04:14 6068736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21023_none_633307b8ca23c999\ieframe.dll
+ 2009-05-03 00:29 . 2009-03-03 04:16 6066176 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16830_none_629bc201b110c679\ieframe.dll
+ 2009-05-03 00:29 . 2009-03-03 04:30 3581440 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22389_none_137f366d3b7fd8cb\mshtml.dll
+ 2009-05-03 00:29 . 2009-03-03 04:38 3580928 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18226_none_1333784c22344556\mshtml.dll
+ 2009-05-03 00:29 . 2009-03-03 04:15 3596800 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21023_none_11d3adb53e2e3b6c\mshtml.dll
+ 2009-05-03 00:29 . 2009-03-03 04:17 3595264 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16830_none_113c67fe251b384c\mshtml.dll
+ 2007-09-13 19:19 . 2007-09-13 19:19 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21023_none_fa22b17087c34c89\ieapfltr.dat
+ 2007-09-13 19:19 . 2007-09-13 19:19 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16830_none_f98b6bb96eb04969\ieapfltr.dat
+ 2009-05-03 00:29 . 2009-03-03 04:32 1166848 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22389_none_b51f3bacf0204902\urlmon.dll
+ 2009-05-03 00:29 . 2009-03-03 04:40 1166336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18226_none_b4d37d8bd6d4b58d\urlmon.dll
+ 2009-05-03 00:29 . 2009-03-03 04:18 1163264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21023_none_b373b2f4f2ceaba3\urlmon.dll
+ 2009-05-03 00:29 . 2009-03-03 04:20 1160192 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16830_none_b2dc6d3dd9bba883\urlmon.dll
- 2009-02-11 03:49 . 2009-01-15 06:11 1166336 c:\windows\System32\urlmon.dll
+ 2009-05-03 00:29 . 2009-03-03 04:40 1166336 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-05-03 20:20 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-04-06 01:40 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-05-03 00:29 . 2009-03-03 04:38 3580928 c:\windows\System32\mshtml.dll
+ 2009-05-03 00:29 . 2009-03-03 04:37 6068736 c:\windows\System32\ieframe.dll
- 2006-11-02 12:47 . 2008-12-10 23:55 2643038 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 12:47 . 2009-05-03 20:20 2643038 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2009-04-06 00:55 . 2009-04-06 00:55 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-06 00:55 . 2009-05-03 20:11 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-04-06 00:55 . 2009-04-06 00:55 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-09-15 23:25 . 2006-09-15 23:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2009-05-04 05:50 . 2009-05-04 05:50 6336512 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-05-03 00:31 . 2008-12-16 04:32 10624512 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmp.dll
+ 2009-05-03 00:31 . 2008-12-16 05:31 10622976 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmp.dll
+ 2009-05-03 00:31 . 2008-12-16 05:37 10619904 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmp.dll
+ 2009-05-03 00:31 . 2008-12-16 05:53 10619904 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmp.dll
+ 2009-05-03 00:31 . 2008-12-16 05:31 10622976 c:\windows\System32\wmp.dll
+ 2006-11-02 10:24 . 2009-04-06 14:57 24921544 c:\windows\System32\mrt.exe
+ 2008-02-15 11:02 . 2009-05-03 00:29 172194814 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-31 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-29 4472832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-25 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)
"DisableStartupSound"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SmileboxTray"="c:\users\Scoopmasters 2\AppData\Roaming\Smilebox\SmileboxTray.exe"
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" /startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PLFSet"=rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Skytel"=Skytel.exe
"Acer Assist Launcher"=c:\program files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3350496862-426771745-2629552281-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F787A9E3-AF80-465B-944B-C91CCE7BDCFA}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{B3F51E0E-D0FB-49E3-AE25-138A99E6FD4D}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{40327822-6008-44A0-BA90-961423C47C41}c:\\program files\\odds maker\\client.exe"= UDP:c:\program files\odds maker\client.exe:Odds Maker Client
"UDP Query User{848DE33F-2D75-4EE9-8F8A-EF57A61ECA4C}c:\\program files\\odds maker\\client.exe"= TCP:c:\program files\odds maker\client.exe:Odds Maker Client
"{747F35EF-8D2B-40E4-B92C-D046A4E2F156}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{01DBE3CA-4EF8-4258-95E6-3A1BD430C2F9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B49E9A36-77CF-4F21-AD38-1B0D85427E08}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{575D7858-3821-464B-9DC2-FF38271BDCF8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A8498C03-EBDA-4652-892D-1F1EB7C84D4A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9444F7E3-D465-45AE-891A-0289EACE958D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E6D58B45-559D-48C5-81F2-D4099AAA1007}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AAFA3BF6-BB25-4D10-847B-75F3B896AD94}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CF216AF7-D62D-4DED-961B-86159B2E7BE8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5CEB858A-EC35-4F0D-85A8-604536970A6B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{21B3A172-6B2D-4C19-9AAD-E38F695EB0B7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CFD88CDB-B84D-49BA-B8D9-20096D534758}"= UDP:c:\users\Scoopmasters 2\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{BF252301-ED72-4D09-9D2F-27FFB1BD5F3B}"= TCP:c:\users\Scoopmasters 2\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{3195E2F6-76F1-43FC-839C-3251454D0BD0}"= UDP:c:\users\Scoopmasters 2\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{1F431AB3-6025-4FF4-92A0-86B1A63AE7B5}"= TCP:c:\users\Scoopmasters 2\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-30 32784]
S1 ATMhelpr;ATMhelpr; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-10 20496]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-28 01:39]

2009-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-31 03:18]

2009-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350496862-426771745-2629552281-1000.job
- c:\users\Scoopmasters 2\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-14 00:38]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\Scoopmasters 2\AppData\Roaming\Mozilla\Firefox\Profiles\i8ey0pgj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-frz_cb5f&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.scoopmasters.com/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Scoopmasters 2\AppData\Roaming\Mozilla\Firefox\Profiles\i8ey0pgj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\users\Scoopmasters 2\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Scoopmasters 2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 22:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5592)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Completion time: 2009-05-04 22:58
ComboFix-quarantined-files.txt 2009-05-04 05:58
ComboFix2.txt 2009-05-02 19:45

Pre-Run: 32,516,005,888 bytes free
Post-Run: 32,509,284,352 bytes free

675 --- E O F --- 2009-05-03 20:16

[Blade81]

Hi again,

Show hidden files (Vista)
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.

Clear items in C:\Users\Scoopmasters 2\.housecall6.6\Quarantine folder.



Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\Users\Scoopmasters 2\AppData\Roaming\Auslogics\Rescue\One Button Checkup\090405155436155.rsc
C:\Users\Scoopmasters 2\Music\italian romantic songs.mp3
C:\Users\Scoopmasters 2\Music\lo mejor del folklore de argen (best quality).mp3

RegLock::
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log and a fresh hjt log (start hjt by right clicking HijackThis.exe file and select 'run as administrator').