Many programs blocked from updating/running, i give up!

[rune1990]

I can't update most of my spyware/maleware/firewall programs nor run scans as they abort without me being able to continue.

I tried to run erunt and dds, however those will not run either.

I am really at a loss, any help would be greatly appreciated.

 

[vict0r]

Hello and welcome to the forum.

My name is vict0r and I will help you with the malware issues on your computer.

Please read the following information carefully.

IMPORTANT: Whatever repairs we make, are for fixing this computer only and by no means should be used on another computer.

To make cleaning this machine easier:

• Continue to respond to this thread until I I tell you that the logs are clean!
• Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
• Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
• Please follow all instructions in the order posted.
• If you have any questions or do not understand instructions, please ask before continuing.
• Please reply to this thread. Do not start a new topic.
• Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Download/run Rkill:

Please download Rkill from one of the following links and save it to your Desktop:

One, Two,Three, Four or Five

• Double click on Rkill.
• A command window will open then disappear upon completion, this is normal.
• A notepad window will open, please post the contents in your next reply
• This log can also be found at C:\rkill.log
• Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore/allow the download/execution to continue.


random's system information tool (RSIT)

• Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  • log.txt (<<will be maximized)
  • info.txt (<<will be minimized)
    You can also find the logs here: C:\rsit
• Post both of these logs. Please use one reply per log.

When finished, please post:

• rkill log.
• RSIT logs.

 

[rune1990]

Thank you for the assistance!

I dl'd rkill from all 5 locations and everytime I try to run any of them I get the message that windows cannot locate the exe file.

Unfortunatly the same thing happened with rsit. When I tried to run it the first time I did not choose run as admin and I get two security warnings which I click run..and nothing. When run as admin I get the now familiar windows cannot locate /rsit.exe as well.

I also forgot to mention I noticed alot of my permissions for running/altering programs get changed without any notification.

 

[vict0r]

Scan with exeHelper:

Please download exeHelper and save it to your desktop.

• Right-click on exeHelper.com And select " Run as administrator " to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
• Please post the contents of the log.txt file in your next reply.
• Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Now please retry RSIT (run as administrator) and if RSIT will not run try rkill and then RSIT again.

 

[rune1990]

Ok, dl'd exeHelper, tried to run as admin however that was not an option shown at all.

Simply tried 'open' but yet again, got the "windows cannot find 'C:\...exeHelper.com' Make sure you typed the name correctly, and then try again" message.

 

[vict0r]

It is possible that you have to burn a cd to be able to scan the computer if the following instructions fail. Do you have access to another computer with a cdburner? You also need a empty cd.

Which version is Windows on the other computer and the infected computer?

Which make and model is the infected computer? Do you have a Windows installation cd that may have followed the computer as new or another Windows installation cd (which version)?


Download this program but dont use it yet

Download Inherit and save it to your desktop.


Print out the instructions or save them to a file (there's no internet access in safe mode).


Boot to safemode and try to run exhelper, RKill and then RSIT.

To Enter Safemode

• Go to Start> Shut off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Safemode.
• Then press the Enter Key on your Keyboard

Try dragging rKill one at a time into Inherit.exe and then start the program until one runs. Try dragging exehelper into Inherit and finally RSIT and then start the programs.

 

[rune1990]

Ok, had some small success.

rkill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/05/2011 at 12:31:40.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 06/05/2011 at 12:31:41.


exe.helper log:

exeHelper by Raktor
Build 20100414
Run at 20:03:48 on 05/20/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


And rsit log, which wasn't successful:

Logfile of random's system information tool 1.08 (written by random/random)
Run by K at 2011-05-20 20:04:09


I do have a computer with cd burner that I can use. It is running win 7. The infected computer is an acer laptop running win vista.

Did a search and could only come up with cds for win 98 and vista! lol.

 

[rune1990]

Sorry, windows cds were 98 and xp.

 

[vict0r]

Does the XP cd include a Service Pack (i.e. SP2)?

For all the tools we try to run, if prompted by UAC (User access control), please allow the prompt.

Please try to run DDS and RSIT in normal mode now. If they don't run, then please delete your current copy of dds, download the following tools to your desktop and follow the instructions below.
OTL.exe
dds.com
HijackThis.exe


Print out the instructions or save them to a file (there's no internet access in safe mode).

To Enter Safemode

• Go to Start> Shut off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Safemode.
• Then press the Enter Key on your Keyboard

OTL

• Double click on OTL.exe (on your desktop) to run it.
  If it does not run, then drag it to inherit wait for the Ok and try again.
• Check the boxes labeled :
  • Scan All Users
  • LOP check
  • Purity check
• Click on the Run Scan button at the top left hand corner.
• OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
  They will be saved on your desktop. Close the logs.

If OTL does not work then try HijackThis:

Right click Hijackthis and select Run as administrator (or Open if not present).
After HijackThis has started, click Do a system scan and save a log file.
Save the log to your desktop.


DDS

Double click dds(.com) to run the tool, if it runs successfully two textfiles will open.
* DDS.txt
* Attach.txt
If not saved these logs will be automatically deleted when closed, so save both to your Desktop.


If all tools fail, then please rerun exeHelper and try again. You can also drag the tools into the Inherit icon, wait for the Ok and try again.

Reboot to normal mode and post all logs.

 

[rune1990]

I was still not able to get DDS to run, but was able to get OTL to scan. My win xp cd is sp 1 only.

OTL logfile created on: 21/05/2011 8:15:34 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\K\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71.28 Gb Total Space | 7.18 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
Drive D: | 70.94 Gb Total Space | 70.83 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: K-PC | User Name: K | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/21 08:06:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\K\Desktop\OTL.exe


========== Modules (SafeList) ==========

MOD - [2011/05/21 08:06:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\K\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/04/18 10:11:52 | 001,803,224 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/01 10:34:16 | 000,131,072 | ---- | M] (acer) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/11/30 19:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () [On_Demand | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/20 21:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/11/16 16:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/13 00:13:10 | 000,024,576 | ---- | M] () [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 10:14:13 | 000,080,064 | ---- | M] (COMODO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/04/18 10:14:13 | 000,034,744 | ---- | M] (COMODO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/04/18 10:14:12 | 000,236,600 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/09/19 03:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/03/19 07:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/04/25 13:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/01/16 11:44:46 | 000,011,986 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/11/20 06:02:42 | 000,847,392 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/10/29 21:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/10/25 02:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 02:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 02:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/04 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/03/07 18:43:40 | 000,111,872 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
DRV - [2005/08/18 11:44:50 | 000,049,867 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2


[2009/12/21 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\Mozilla\Extensions
[2009/12/21 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/12/21 20:00:15 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2009/03/07 22:24:23 | 000,302,589 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10431 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Jkibafekutegefix] File not found
O4 - HKCU..\Run: [Ljehifihufehor] File not found
O4 - HKCU..\Run: [logexixl] File not found
O4 - HKCU..\Run: [M5T8QL3YW3] File not found
O4 - HKCU..\Run: [setupupdater0000.exe] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [捁牥吠畯r] File not found
O4 - HKCU..\Run: [捁牥吠畯⁲敒業摮牥] File not found
O4 - Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O24 - Desktop WallPaper: C:\Users\K\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\K\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/02 02:15:27 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7ab24ea5-1e24-11e0-8c35-000000000000}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{7ab24ea5-1e24-11e0-8c35-000000000000}\Shell\phone\command - "" = F:\autorun.exe
O33 - MountPoints2\{ac237992-cf36-11dd-bb6e-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{ac237992-cf36-11dd-bb6e-000000000000}\Shell\AutoRun\command - "" = F:\AutoRun.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 08:06:36 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\K\Desktop\HijackThis.exe
[2011/05/21 08:06:22 | 000,606,738 | ---- | C] (Swearware) -- C:\Users\K\Desktop\dds.com
[2011/05/21 08:06:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\K\Desktop\OTL.exe
[2011/05/20 19:40:26 | 000,000,000 | ---D | C] -- C:\rsit
[2011/04/26 22:19:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/26 22:19:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/26 22:19:33 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/12/21 20:57:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\K\AppData\Roaming\pcouffin.sys
[2007/04/28 16:43:55 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2006/12/02 02:22:28 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2011/05/21 08:20:56 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\ahrkcwhj.sys
[2011/05/21 08:19:12 | 000,617,524 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/21 08:19:12 | 000,112,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/21 08:12:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/21 08:12:22 | 000,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2011/05/21 08:10:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/21 08:07:14 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 08:07:14 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 08:06:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\K\Desktop\HijackThis.exe
[2011/05/21 08:06:22 | 000,606,738 | ---- | M] (Swearware) -- C:\Users\K\Desktop\dds.com
[2011/05/21 08:06:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\K\Desktop\OTL.exe
[2011/05/21 08:02:00 | 000,210,582 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/21 08:02:00 | 000,210,582 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/21 07:10:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 20:11:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/20 19:13:13 | 000,085,504 | ---- | M] () -- C:\Users\K\Desktop\Inherit.exe
[2011/05/20 17:50:43 | 001,007,108 | ---- | M] () -- C:\Users\K\Desktop\rkill.com
[2011/05/20 16:54:50 | 000,294,400 | ---- | M] () -- C:\Users\K\Desktop\exeHelper.com
[2011/05/20 16:52:08 | 001,007,108 | ---- | M] () -- C:\Users\K\Desktop\rkill.scr
[2011/05/20 16:52:02 | 001,007,108 | ---- | M] () -- C:\Users\K\Desktop\rkill.exe
[2011/05/20 16:51:59 | 001,007,108 | ---- | M] () -- C:\Users\K\Desktop\iExplore.exe
[2011/05/20 13:10:57 | 000,339,991 | ---- | M] () -- C:\Users\K\Desktop\RSIT.exe
[2011/05/20 13:10:16 | 001,007,108 | ---- | M] () -- C:\Users\K\Desktop\eXplorer.exe
[2011/05/06 22:40:15 | 000,001,113 | ---- | M] () -- C:\Users\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/06 22:40:15 | 000,001,089 | ---- | M] () -- C:\Users\K\Desktop\Spybot - Search & Destroy.lnk
[2011/05/06 20:47:25 | 000,246,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/23 11:26:12 | 000,044,032 | ---- | M] () -- C:\Users\K\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/05/20 19:13:13 | 000,085,504 | ---- | C] () -- C:\Users\K\Desktop\Inherit.exe
[2011/05/20 16:51:15 | 001,007,108 | ---- | C] () -- C:\Users\K\Desktop\iExplore.exe
[2011/05/20 16:50:36 | 001,007,108 | ---- | C] () -- C:\Users\K\Desktop\rkill.scr
[2011/05/20 16:50:17 | 001,007,108 | ---- | C] () -- C:\Users\K\Desktop\rkill.com
[2011/05/20 16:49:52 | 001,007,108 | ---- | C] () -- C:\Users\K\Desktop\rkill.exe
[2011/05/20 16:44:48 | 000,294,400 | ---- | C] () -- C:\Users\K\Desktop\exeHelper.com
[2011/05/20 13:10:56 | 000,339,991 | ---- | C] () -- C:\Users\K\Desktop\RSIT.exe
[2011/05/20 13:10:16 | 001,007,108 | ---- | C] () -- C:\Users\K\Desktop\eXplorer.exe
[2010/06/18 14:48:30 | 000,000,120 | ---- | C] () -- C:\Users\K\AppData\Local\Ebojohekafomoh.dat
[2010/06/18 14:48:30 | 000,000,000 | ---- | C] () -- C:\Users\K\AppData\Local\Jvedobuvog.bin
[2010/06/18 14:48:04 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\ahrkcwhj.sys
[2010/02/06 14:59:34 | 000,118,784 | ---- | C] () -- C:\Windows\System32\PTTreeIcons.dll
[2009/12/21 20:57:43 | 000,087,608 | ---- | C] () -- C:\Users\K\AppData\Roaming\inst.exe
[2009/12/21 20:57:43 | 000,007,887 | ---- | C] () -- C:\Users\K\AppData\Roaming\pcouffin.cat
[2009/12/21 20:57:43 | 000,001,144 | ---- | C] () -- C:\Users\K\AppData\Roaming\pcouffin.inf
[2009/11/22 14:30:35 | 000,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/09/17 10:48:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 10:48:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 10:48:16 | 000,217,088 | ---- | C] () -- C:\Windows\System32\WerFault.exe
[2008/12/21 04:01:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/12 22:28:35 | 000,210,582 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/12 22:28:35 | 000,210,582 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/07/10 20:22:55 | 000,000,089 | ---- | C] () -- C:\Users\K\AppData\Local\fusioncache.dat
[2008/06/29 15:59:43 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat
[2008/06/29 15:55:03 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2008/06/28 21:03:28 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008/06/28 21:03:28 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008/06/28 21:03:28 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008/06/28 21:03:28 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/06/28 21:03:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008/06/28 21:03:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/05/22 18:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/31 19:57:18 | 000,000,680 | ---- | C] () -- C:\Users\K\AppData\Local\d3d9caps.dat
[2007/04/29 13:49:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/04/29 13:49:11 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
[2007/04/29 12:09:33 | 000,000,024 | ---- | C] () -- C:\Windows\actval.ini
[2007/04/28 23:24:48 | 000,024,206 | ---- | C] () -- C:\Users\K\AppData\Roaming\UserTile.png
[2007/04/28 19:28:50 | 000,044,032 | ---- | C] () -- C:\Users\K\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/28 17:41:14 | 000,024,803 | ---- | C] () -- C:\Users\K\AppData\Roaming\nvModes.001
[2007/04/28 17:41:09 | 000,024,803 | ---- | C] () -- C:\Users\K\AppData\Roaming\nvModes.dat
[2007/04/28 16:43:55 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/04/28 16:43:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/04/28 16:43:14 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/04/28 16:42:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/04/28 16:35:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/04/28 16:33:18 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.DAT
[2007/01/09 00:24:45 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2006/12/02 13:32:44 | 000,001,024 | ---- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/12/02 02:25:56 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2006/12/02 02:22:32 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe
[2006/12/02 02:22:31 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/12/02 02:15:46 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006/12/02 02:09:05 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2006/12/02 00:35:28 | 000,000,103 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006/12/02 00:35:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/12/02 00:34:19 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/16 13:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2006/11/16 13:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2006/11/16 13:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006/11/16 13:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006/11/16 13:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2006/11/16 13:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2006/11/16 13:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/11/16 13:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,246,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,617,524 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,112,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:24:01 | 025,966,024 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/10/12 11:58:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\mr310exd.dll
[2001/10/12 11:57:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\mr310exv.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2000/12/07 11:13:58 | 000,015,164 | ---- | C] () -- C:\Windows\Mr310twv.ini

========== LOP Check ==========

[2011/01/27 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\.minecraft
[2010/04/09 21:13:53 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\acccore
[2007/12/06 14:42:44 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Azureus
[2008/03/24 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\eMule
[2009/04/04 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Image Zone Express
[2007/04/28 16:48:31 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Leadertech
[2009/03/04 20:52:31 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\LimeWire
[2011/01/22 19:28:54 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\mjusbsp
[2009/09/17 10:12:40 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\OpenOffice.org
[2007/04/28 23:24:48 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\PeerNetworking
[2008/06/30 10:09:35 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Printer Info Cache
[2008/07/10 19:47:19 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\SmartDraw
[2009/05/04 23:54:12 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Sony
[2009/12/21 20:00:38 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\TomTom
[2009/05/10 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Turbine
[2009/12/21 20:57:43 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Vso
[2011/05/21 08:10:55 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

 

[rune1990]

OTL Extras logfile created on: 21/05/2011 8:15:34 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\K\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71.28 Gb Total Space | 7.18 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
Drive D: | 70.94 Gb Total Space | 70.83 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: K-PC | User Name: K | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0552CF72-AC1D-42FC-A8A4-D93113F66B4E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{060FFC8C-6F0F-4850-A17A-3CC855F82300}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{08B85043-8AE7-48A5-B5F1-CDAE33732403}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0DB1A113-D5D4-47EC-AE62-8EEA1B00E6F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55D4262F-9DEC-4526-84DB-56489DFFE81F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6F7E5517-9CB3-4695-A910-B9E9C0FC87A5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7A0ADB00-C9CF-4F8B-931B-F5C3E3207FF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81C93E7F-3E5B-4856-A248-585650262F36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{926A8876-E42F-447C-B0CD-E031FECBCE97}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E35B5F5B-DD4B-46FC-8A9A-20E3AE4EA3D4}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{089DB2A5-639D-4CE0-B664-4051CFAFF69B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0B60A314-9017-4826-91D1-6F4E6F2E011B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0EA28119-D130-4AFC-893F-4580F730D88B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{15096B46-246C-4EE4-858A-A70ADC136650}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{15E3E58C-F8BE-4941-8ABA-F3CA032594BB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"{1BA86A68-665C-4BC3-9482-56D1991036B8}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{26953776-C0AC-4FC3-8B97-0FCDFAE0A19A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{2A4E7E18-61CA-4C85-B93C-8B961ABBA3CB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{2F5A6D9A-6B17-48AD-84ED-ADE36BFCCAD6}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{33DDA838-7D55-4282-B210-F1BE80C7F694}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{386E72EE-DC09-442C-808C-28C9BE58DBC9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{47184B13-0E3A-4921-9201-78D2DA93DDCF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{4B5D2A11-E8B7-4405-B85B-6E686EC84C2A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{51C78F25-05E1-49EC-9148-C92990611C18}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5AEF0C85-A503-4829-A93E-FED9E06A8D96}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{5F7777EC-374F-4BB8-A0B5-DBE89178724A}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{6020BD3B-A070-4739-BA6A-AB3391D23032}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"{64D886C9-0D6C-4305-975B-0E2586E33C5D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67D87F23-7B48-4621-A940-F8E7C7C52896}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C494B8F-C27E-4116-86AE-511716081513}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{72B1B270-2BA3-4875-9EDF-5554AC844DE7}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |
"{7A6B601B-4C54-46D0-AC7B-CD148B5C4FE9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{7C00CED8-CD82-4D15-9A1A-E8AAB3D632B1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{862F1077-D8AD-4C2D-A25E-918E42D1DFCF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{88BDBBA6-2C4A-4581-AD12-4F931B11DC7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A10F366-6462-4219-8DA9-71C86AE162C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93A3174E-74FC-46E6-9BF3-624B4E99FE5A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{D4D9ED95-81D5-4A29-B823-B4EA45D1FE40}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |
"{DB938CED-5B6B-4610-BB64-8C329ECF9EC2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{DBD3623C-CE46-476B-A12C-16284C310953}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E01A07F3-D152-4E34-A936-6E484C8420F2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F595A1A9-D6BE-4174-A39B-37F6A4E8CCAF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FF918CBF-FD17-451A-8A55-9BA4A6689FB2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"TCP Query User{08C04F73-8269-43C1-B011-A03E8744ED55}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{0A8E689F-A2C0-4D3E-AC48-932C5CF885D1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{11B8C75D-7A57-46E4-A978-AB7E2F436318}C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe |
"TCP Query User{13AC9FF3-A59C-4F42-9256-2DD6E12B25F8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{1EC6E1E9-94F6-43C9-81E6-B55962B60192}C:\users\k\appdata\local\temp\blizzard launcher temporary - f2b86708\launcher.exe" = protocol=6 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - f2b86708\launcher.exe |
"TCP Query User{348B3E97-F85F-41A1-A126-A50D4D4A336D}C:\program files\ea sports\nhl07\nhl2007.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\nhl07\nhl2007.exe |
"TCP Query User{4538B91A-E3FB-4AD2-8186-D5D219EFBFB6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{4AE5907C-F815-44E2-AEDC-5EF4848139FF}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"TCP Query User{4B400B6A-7F6B-4BE8-8017-D913A2756A80}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{60B2DF4C-E545-4BDC-A2C3-60955E67F51E}C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe |
"TCP Query User{64000632-7550-47DF-9C48-ADE5530C9B20}C:\users\k\appdata\local\temp\blizzard launcher temporary - 71e7b268\launcher.exe" = protocol=6 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 71e7b268\launcher.exe |
"TCP Query User{71809E23-41B9-4AAD-B96B-5029F2B58324}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{840074C0-AD58-46E0-A108-279E170C8143}C:\users\k\appdata\local\temp\blizzard launcher temporary - 118e1fb0\launcher.exe" = protocol=6 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 118e1fb0\launcher.exe |
"TCP Query User{8BB2B005-C8CB-47EC-8A0A-3F2970854238}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8D6D62D4-DC94-4C88-ACAE-729173FF6A2A}C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe |
"TCP Query User{9A68CF59-E259-4C61-A547-E9FF337F4B20}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"TCP Query User{9BF063E6-A5E0-4039-BA68-29725F6B0407}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A59E621E-F59F-4F2B-93DB-9E93767C0ABC}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"TCP Query User{A7A66E65-4AAB-4541-84AA-32D398F7F1BE}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{B29F9197-D6DA-4902-A3A7-E216831943CA}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{B75353B4-BD6F-4A74-B55D-CBE6EC3FAB85}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"TCP Query User{C253EEEF-7633-46CF-AFF6-B4443CCCC941}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"TCP Query User{CECFD4E3-91E6-4C7C-8599-B7B3236BAA9A}C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe |
"TCP Query User{DE47D51B-9D2F-49E2-B085-9AA113964F54}C:\users\k\appdata\local\temp\blizzard launcher temporary - 141e6780\launcher.exe" = protocol=6 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 141e6780\launcher.exe |
"TCP Query User{DFAAC5FD-EDFA-48C5-8344-C089190AF4A3}C:\users\k\appdata\local\microsoft\windows\temporary internet files\content.ie5\kfhwkvwy\wrath_of_the_lich_king_en.avi-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\k\appdata\local\microsoft\windows\temporary internet files\content.ie5\kfhwkvwy\wrath_of_the_lich_king_en.avi-downloader[1].exe |
"TCP Query User{EB860A7F-09FB-48B3-B488-F970359B75DB}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{F0E1CB3C-FEB6-4A6D-B8E0-FCC63CEFF6EF}C:\program files\ea sports\nhl07\nhl2007.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\nhl07\nhl2007.exe |
"TCP Query User{FEB7334B-3FCF-4A00-B583-9E3521C912DB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{05BAC0E9-9AC0-4D11-94A3-856C13AED845}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"UDP Query User{1F222031-C213-472B-BC47-80C59BA86E10}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{24B0FCE1-AC10-469F-A551-E2AAC21490AD}C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe |
"UDP Query User{2D9A1AB9-E2DC-4614-9DA8-0D5E6BC83392}C:\program files\ea sports\nhl07\nhl2007.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\nhl07\nhl2007.exe |
"UDP Query User{3765DDB6-E0EB-46A6-AD71-2040329ED37D}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{3E6C5CCB-D849-4DCF-9606-B12F71353A9B}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"UDP Query User{48137D30-0913-4E90-AA0C-6B28D4A3FFE7}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{55406FFD-37C0-42C6-AE05-B4DB7C9BB694}C:\users\k\appdata\local\temp\blizzard launcher temporary - 141e6780\launcher.exe" = protocol=17 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 141e6780\launcher.exe |
"UDP Query User{5D7FB164-DC4A-41B2-8BB6-14E17B095970}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{621E2C63-0F31-41B5-97F8-D005902ED4B7}C:\program files\ea sports\nhl07\nhl2007.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\nhl07\nhl2007.exe |
"UDP Query User{67D92A26-FA79-4826-8F0F-A4B706F0E202}C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe |
"UDP Query User{72238392-25B5-49D5-94F2-D84B61D284CF}C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe |
"UDP Query User{74B41406-46A6-41B2-B79D-44C8703A318B}C:\users\k\appdata\local\temp\blizzard launcher temporary - 71e7b268\launcher.exe" = protocol=17 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 71e7b268\launcher.exe |
"UDP Query User{86A73E7A-510A-405A-99D7-A78754391D4E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{8C81351C-9684-41A5-A987-7830AE02C26D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{95AC38A2-A95E-4C2A-8C4B-120C1BEB713C}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"UDP Query User{98815986-C8B7-4D3D-B35A-24B6C7396689}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"UDP Query User{A15C21F8-80A8-47FB-8277-E71B0E028240}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{AFC46FBC-50BD-43B7-8B16-225FF38A86DD}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{B478684E-7420-4838-86F2-394CEC4672E0}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"UDP Query User{B4A215AA-6B7E-475D-A0BA-9C1A72F40B12}C:\users\k\appdata\local\temp\blizzard launcher temporary - f2b86708\launcher.exe" = protocol=17 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - f2b86708\launcher.exe |
"UDP Query User{BB264361-2607-4E61-96EC-909C9ADFD607}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{BCDA0697-FFAE-449E-932A-8B1B4AF03E65}C:\users\k\appdata\local\microsoft\windows\temporary internet files\content.ie5\kfhwkvwy\wrath_of_the_lich_king_en.avi-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\k\appdata\local\microsoft\windows\temporary internet files\content.ie5\kfhwkvwy\wrath_of_the_lich_king_en.avi-downloader[1].exe |
"UDP Query User{C64918A9-11EA-40EC-999B-BD21448019F8}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{DA61D1A8-897D-47E2-8BAD-583F1EA46714}C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe |
"UDP Query User{E210E752-12D0-40E6-A3EC-B9D87AF46773}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{F7FBB5B4-0912-474E-84FC-A6FC0F9FE0F9}C:\users\k\appdata\local\temp\blizzard launcher temporary - 118e1fb0\launcher.exe" = protocol=17 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 118e1fb0\launcher.exe |
"UDP Query User{FAA017FE-BAE9-4E9B-A2CD-FF525EB36045}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi Software
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{44E75850-B838-43D2-8F37-84D3FB71FF6E}" = VGA Dual-Mode Camera
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{46A5D1D1-8956-497C-92FB-59C44EFA6214}" = Safari
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"18 Wheels of Steel Pedal to the Metal" = 18 Wheels of Steel Pedal to the Metal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"AIMars" = Kids Cam Show and Share Creativity Center
"Allok MPEG4 Converter_is1" = Allok MPEG4 Converter 4.1.0422
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Foci PhotoViewer 2.0_is1" = PhotoViewer 2.0.2.5
"ERUNT_is1" = ERUNT 1.1j
"Fish Tycoon" = Fish Tycoon (remove only)
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"GridVista" = Acer GridVista
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Virtual Villagers" = Virtual Villagers (remove only)
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/08/2008 9:12:52 PM | Computer Name = K-PC | Source = VSS | ID = 8194
Description =

Error - 06/08/2008 3:16:41 AM | Computer Name = K-PC | Source = VSS | ID = 8194
Description =

Error - 12/09/2008 2:52:53 PM | Computer Name = K-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 7.7.1.11 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: e9c Start Time: 01c915087eb9de5e Termination Time: 21

Error - 16/10/2008 12:13:01 AM | Computer Name = K-PC | Source = VSS | ID = 12298
Description =

Error - 18/10/2008 10:12:35 PM | Computer Name = K-PC | Source = Application Error | ID = 1000
Description = Faulting application IKEA Home Planner.exe, version 1.9.25.0, time
stamp 0x4738d522, faulting module IKEA Home Planner.exe, version 1.9.25.0, time
stamp 0x4738d522, exception code 0xc0000005, fault offset 0x000e4d7d, process id
0x668, application start time 0x01c9318e473b80cf.

Error - 18/10/2008 10:44:21 PM | Computer Name = K-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 8.0.1.11 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 6bc Start Time: 01c931931f31118f Termination Time: 179

Error - 21/10/2008 10:51:33 AM | Computer Name = K-PC | Source = Application Hang | ID = 1002
Description = The program DrvInst.exe version 1.0.703.1965 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 15b8 Start Time: 01c9338bd00b7bb0 Termination Time: 63

Error - 09/11/2008 12:37:49 AM | Computer Name = K-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16757, time stamp
0x48e4238e, faulting module MSVCR71.dll, version 7.10.3052.4, time stamp 0x3e561eac,
exception code 0xc0000005, fault offset 0x000017fb, process id 0x1bc, application
start time 0x01c93e0fb3c81b64.

Error - 12/11/2008 8:52:23 PM | Computer Name = K-PC | Source = VSS | ID = 8194
Description =

Error - 06/12/2008 7:54:22 PM | Computer Name = K-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16549 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 160 Start Time: 01c95288eaf9a681 Termination Time: 1404

[ Media Center Events ]
Error - 17/12/2007 4:50:36 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 18/12/2007 10:01:48 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 22/12/2007 5:53:42 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 16/04/2008 2:55:02 AM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 17/04/2008 5:38:57 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 28/04/2008 7:01:21 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 16/12/2008 2:18:38 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 19/12/2008 2:17:58 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 24/04/2009 2:37:05 AM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 07/10/2009 5:06:29 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:29 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:17:13 AM | Computer Name = K-PC | Source = DCOM | ID = 10000
Description =


< End of report >

 

[vict0r]

It will take me a while to research the logs from OTL. I will post a preliminary fix as soon as possible.

 

[vict0r]

Hi.

Please read the following carefully and post your decision in a reply to this post.


BACKDOOR TROJAN

I'm afraid I have some bad news for you. One or more of the identified infections is a BACKDOOR TROJAN. A backdoor gives intruders complete control of your computer, logs your keystrokes, steals personal information, etc.

You are strongly advised to do the following:

• Disconnect the computer from the Internet and from any networked computers.
• If you have ever handled anything related to money (online banking, online shopping, etc), call your bank and credit card company and say that you might be a victim of identity theft due to a computer virus which logs keystrokes.
• Next, change ALL your passwords from a known clean computer! Do not use them on this computer again (until cleaned).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records when the computer connects to the internet.

Due to the backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted and fully secured again unless you reformat and reinstall Windows.

Further reading:

• How do I respond to a possible identity theft and how do I prevent it
• When should do a reformat and reinstallation of my OS

An attempt to clean the computer can be made, but you cannot trust it again for banking, shopping and any activity involving a password, it might not even be possible to clean the computer at all.

Since this is a Acer computer it probably has a recovery partition to restore the system to the state it was delivered as new (reformat and reinstall). This is also probably the less time consuming method to clean the computer. (Backup all important data first!)

Post any question if you have, i.e. how to backup and restore the computer.

Please let me know what you have decided to do in your next post.

 

[rune1990]

Ok, I had a feeling this was the issue, and since it was infected many months ago we had actually done what you suggested and changed all pw etc from a safe computer.

In light of the fact that I want to be able to do banking from this computer(which I probably will never do, not trusting it), I believe the solution will be a reformat and reinstall.

I am not exactlly sure how to go about this however. I don't feel I have anything important I need to back up or save off the computer either.

 

[vict0r]

I don't feel I have anything important I need to back up or save off the computer either.

Usually there are files and folders in the My Documents folder that you might not want to lose, bookmarks in your internet browser (firefox?), there's e-mail (if not using a webmail or IMAP solution) and software licenses that need special reinstall procedure (TomTom?). It's actually remarkably easy to forget something... :sad:

If you copy this directory (and other desired user profiles) to your D: drive somewhere, then you have most covered: C:\Users\K. Do not copy the profile back after the reinstall as it might be infected. Retrieve only necessary files as you need them.


To restore a Acer computer to factory default after the necessary backups has been made:

# 1 Close all programs.

# 2 Shut down your Acer laptop by opening your Start menu and selecting "Shut Down" from the options for shutting down and restarting windows.

# 3 Detach any external hardware such as an external hard drive or printer.

# 4 Press the Power button to boot your Acer laptop.

# 5 Press "Alt + F10" on your keyboard when the Acer screen appears at the start of the boot up process. Wait a moment while Windows loads the reset files.

# 6 Select "Restore System from factory default" in the Acer eRecovery Management window.

# 7 Click "Next" on the next screen to continue. Click "Next" on the following destination information window. This will pop up a notice telling you that resetting your Acer laptop will erase all data and restore the laptop to its original settings and configuration.

# 8 Click "OK" in the notice window to proceed with resetting your Acer laptop.

# 9 Wait while your Acer laptop is reset to factory settings.


After the reset is finished, then it is important to not use it for any internet activity before it has got an anti-virus installed and its fully updated again (Control-Panel -> Windows Update -> Check for updates -> Install updates) This is a remarkably time consuming process.

Let me know if you have got further related questions.

 

[rune1990]

I will start that right now, thank you, very much, for your help and your time

 

[vict0r]

You're welcome.

Do you own usb pen drives or external hard drives? Then you will probably find the following tool useful.

If your USB-stick is formatted with the NTFS-file system: STOP following these instructions and post back. If you are unsure, stop and ask for advise. Do not use Panda USB Vaccine on a NTFS file system.


Download, install and run Panda USB Vaccine

The usb vaccination performed by this program will permanently disable any autorun.inf functionality of your usb stick. After the vaccination you will be able to use the usb stick normally and files (even malware) can be copied to/from it, however they will be prevented from executing automatically. This vaccination can only be reversed with a reformat of the usb stick.

Download and save Panda USB Vaccine from to your Windows 7 computer from>>>here<<<.

• Double click the file USBVaccineSetup.exe to start the installation.
• During setup uncheck the option to Run Panda USB Vaccine automatically when computer boots.
• Start Panda USB Vaccine.
• Insert your usb-stick, choose the correct drive letter (i.e "F:\") and click Vaccinate USB.
• When it's finished, close the program.
• You can delete the downloaded USBVaccineSetup.exe.

With your vaccinated drive, transfer DDS to the Acer laptop and run the tool. Save the two logs to the drive and bring them back to your Windows 7 machine, then post the logs. Then I'll take a look at the logs.

 

[rune1990]

Alright! All set up once again.

No thumb drive, should I just DL and run dds on infected computer?

 

[vict0r]

No thumb drive, should I just DL and run dds on infected computer?

Hopefully it is not infected anymore if you have done the factory restore.

Since you have no thumb drive, you can download and run DDS from the following link: >Here<.

Please do not use the computer for anything else on the network until it is fully updated and secured.

 

[rune1990]

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6000.16982
Run by Rachel at 18:16:19 on 2011-05-22
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2046.1152 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskeng.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Rachel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rachel\Desktop\dds.com
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sympatico.msn.ca/
uSEARCH PAGE = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.ca.acer.yahoo.com
mDefault_Page_URL = hxxp://en.ca.acer.yahoo.com
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [????r]
uRun: [?????????] ??????????????e
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Tour]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [AcerOrbicamRibbon] "c:\program files\acer\orbicam10\OrbiCam.exe" /hide
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [eRecoveryService]
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
AppInit_DLLs: c:\windows\system32\guard32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-22 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-22 307928]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 36568]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-22 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-22 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-22 42184]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-22 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-12-2 847392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-2 1174152]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2006-12-2 202872]
.
=============== Created Last 30 ================
.
2011-05-22 20:20:00 -------- d-----w- c:\program files\COMODO
2011-05-22 20:18:39 -------- d-----w- c:\programdata\Comodo
2011-05-22 20:16:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-22 20:16:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-22 20:14:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-22 20:10:19 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-05-22 20:10:18 -------- d-----w- c:\program files\SpywareBlaster
2011-05-22 14:54:22 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-22 14:54:17 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-22 14:52:35 40112 ----a-w- c:\windows\avastSS.scr
2011-05-22 14:51:55 -------- d-----w- c:\programdata\AVAST Software
2011-05-22 14:51:55 -------- d-----w- c:\program files\AVAST Software
2011-05-22 14:32:31 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-05-22 14:30:50 268800 ----a-w- c:\windows\system32\es.dll
2011-05-22 14:30:06 -------- d-----w- c:\users\rachel\Roaming
2011-05-22 14:30:06 -------- d-----w- c:\programdata\Roaming
2011-05-22 14:29:13 -------- d-----w- c:\program files\Cisco
2011-05-22 14:29:12 -------- d-----w- c:\program files\common files\Intel
2011-05-22 13:50:55 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-05-22 13:50:55 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-05-22 13:50:54 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-05-22 13:50:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-22 13:50:54 24064 ----a-w- c:\windows\system32\lpk.dll
2011-05-22 13:50:54 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-05-22 13:46:09 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-05-22 13:46:09 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-05-22 13:46:09 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-05-22 13:46:09 272896 ----a-w- c:\windows\system32\polstore.dll
2011-05-22 13:43:25 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-22 13:43:24 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-22 13:42:04 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-05-22 13:42:04 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-05-22 13:42:04 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-05-22 13:40:43 707072 ----a-w- c:\program files\common files\system\wab32.dll
2011-05-22 13:40:43 41984 ----a-w- c:\program files\windows mail\wabimp.dll
2011-05-22 13:40:43 1098752 ----a-w- c:\program files\common files\system\wab32res.dll
2011-05-22 13:40:42 87040 ----a-w- c:\windows\system32\msoert2.dll
2011-05-22 13:40:42 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2011-05-22 13:40:42 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll
2011-05-22 13:40:42 205824 ----a-w- c:\windows\system32\msoeacct.dll
2011-05-22 13:40:41 1614848 ----a-w- c:\program files\windows mail\msoe.dll
2011-05-22 13:40:38 397312 ----a-w- c:\program files\windows mail\WinMail.exe
2011-05-22 13:40:37 81408 ----a-w- c:\program files\windows mail\oeimport.dll
2011-05-22 13:40:37 24064 ----a-w- c:\program files\common files\system\DirectDB.dll
2011-05-22 13:38:45 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-22 13:38:45 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-22 13:38:45 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-22 13:38:45 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-22 13:38:45 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-22 13:38:45 15360 ----a-w- c:\windows\system32\netevent.dll
2011-05-22 13:38:45 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-22 13:38:45 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-22 13:38:45 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-22 13:36:44 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-05-22 13:36:44 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2011-05-22 13:36:42 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-05-22 13:36:42 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2011-05-22 13:36:42 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-05-22 13:36:42 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2011-05-22 13:36:41 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2011-05-22 13:36:40 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2011-05-22 13:36:39 542720 ----a-w- c:\windows\system32\sysmain.dll
2011-05-22 13:35:23 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-05-22 13:35:23 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-05-22 13:34:06 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-05-22 13:34:05 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-05-22 13:34:04 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-05-22 13:34:04 502272 ----a-w- c:\windows\system32\wlansvc.dll
2011-05-22 13:34:04 297984 ----a-w- c:\windows\system32\wlansec.dll
2011-05-22 13:34:04 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2011-05-22 13:32:31 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-05-22 13:32:31 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-05-22 13:32:30 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-05-22 13:32:30 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-05-22 13:31:01 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-22 13:29:36 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-22 13:29:36 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-22 13:29:36 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-22 13:28:22 49664 ----a-w- c:\windows\system32\csrsrv.dll
2011-05-22 13:28:22 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-05-22 13:27:05 98816 ----a-w- c:\windows\system32\mfps.dll
2011-05-22 13:27:05 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-05-22 13:27:05 2855424 ----a-w- c:\windows\system32\mf.dll
2011-05-22 13:27:05 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-05-22 13:27:05 2048 ----a-w- c:\windows\system32\mferror.dll
2011-05-22 13:25:35 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-22 13:25:35 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-22 13:20:34 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-05-22 13:19:16 71680 ----a-w- c:\windows\system32\atl.dll
2011-05-22 13:16:55 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-05-22 13:15:46 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2011-05-22 13:15:46 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-05-22 13:11:43 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2011-05-22 13:10:35 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-05-22 13:10:35 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-05-22 13:09:16 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-22 13:07:55 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-05-22 13:07:54 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-05-22 13:07:54 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-05-22 13:06:30 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-05-22 13:04:05 414208 ----a-w- c:\windows\system32\msscp.dll
2011-05-22 13:02:57 713728 ----a-w- c:\windows\system32\timedate.cpl
2011-05-22 13:01:42 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2011-05-22 13:00:34 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2011-05-22 13:00:33 86016 ----a-w- c:\windows\system32\icfupgd.dll
2011-05-22 13:00:33 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2011-05-22 13:00:33 61952 ----a-w- c:\windows\system32\cmifw.dll
2011-05-22 13:00:33 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2011-05-22 13:00:33 16896 ----a-w- c:\windows\system32\wfapigp.dll
2011-05-22 12:58:10 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-05-22 12:58:09 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-05-22 12:58:09 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-05-22 12:58:09 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-05-22 12:55:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2011-05-22 12:55:16 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2011-05-22 12:55:16 1244672 ----a-w- c:\windows\system32\mcmde.dll
2011-05-22 12:55:15 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-05-22 12:55:15 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-05-22 12:55:15 292352 ----a-w- c:\windows\system32\psisdecd.dll
2011-05-22 12:55:15 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-05-22 12:55:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-05-22 12:51:22 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-22 12:49:54 696832 ----a-w- c:\windows\system32\localspl.dll
2011-05-22 12:47:29 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-05-22 12:47:28 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2011-05-22 12:47:28 17464 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-05-22 12:47:28 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2011-05-22 12:47:27 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-22 12:47:27 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2011-05-22 12:46:30 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2011-05-22 12:45:31 2923520 ----a-w- c:\windows\explorer.exe
2011-05-22 12:45:00 2565432 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-05-22 12:44:54 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{32022ae2-ea0f-4097-b85f-c22bf3710af0}\mpengine.dll
2011-05-22 12:44:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 12:43:04 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-05-22 12:41:49 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-05-22 12:41:48 7680 ----a-w- c:\windows\system32\lsass.exe
2011-05-22 12:41:48 72704 ----a-w- c:\windows\system32\secur32.dll
2011-05-22 12:41:48 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-05-22 12:41:48 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-05-22 12:41:48 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-05-22 12:41:47 272384 ----a-w- c:\windows\system32\schannel.dll
2011-05-22 12:40:38 24064 ----a-w- c:\windows\system32\netcfg.exe
2011-05-22 12:35:35 220160 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-05-22 12:35:35 19456 ----a-w- c:\windows\system32\drivers\bthenum.sys
2011-05-22 12:35:35 181760 ----a-w- c:\windows\system32\fsquirt.exe
2011-05-22 12:35:34 29184 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-05-22 12:33:23 1585664 ----a-w- c:\windows\system32\setupapi.dll
2011-05-22 12:30:38 549888 ----a-w- c:\windows\system32\rpcss.dll
2011-05-22 12:30:37 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-05-22 12:30:36 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-05-22 12:30:36 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-05-22 12:30:36 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-05-22 12:30:36 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-05-22 12:30:36 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-05-22 12:30:35 53248 ----a-w- c:\windows\system32\iasads.dll
2011-05-22 12:30:35 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2011-05-22 12:30:35 158720 ----a-w- c:\windows\system32\sdohlp.dll
2011-05-22 12:30:34 97280 ----a-w- c:\windows\system32\iasrecst.dll
2011-05-22 12:29:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-05-22 12:29:25 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-05-22 12:27:14 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-05-22 12:27:13 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-22 12:27:13 22016 ----a-w- c:\windows\system32\netiougc.exe
2011-05-22 12:27:13 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2011-05-22 12:27:13 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-05-22 12:27:13 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2011-05-22 12:27:13 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-05-22 12:26:12 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-05-22 12:25:21 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2011-05-22 12:24:25 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2011-05-22 12:24:25 223232 ----a-w- c:\windows\system32\WMASF.DLL
2011-05-22 12:24:25 2048 ----a-w- c:\windows\system32\asferror.dll
2011-05-22 12:23:31 25600 ----a-w- c:\windows\system32\amxread.dll
2011-05-22 12:23:30 14848 ----a-w- c:\windows\system32\apilogen.dll
2011-05-22 12:22:24 223232 ----a-w- c:\windows\system32\SLC.dll
2011-05-22 12:22:23 33280 ----a-w- c:\windows\system32\slwmi.dll
2011-05-22 12:22:23 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2011-05-22 12:22:22 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2011-05-22 12:22:22 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2011-05-22 12:22:22 351232 ----a-w- c:\windows\system32\SLUI.exe
2011-05-22 12:22:22 186368 ----a-w- c:\windows\system32\SLLUA.exe
2011-05-22 12:22:21 39936 ----a-w- c:\windows\system32\slcinst.dll
2011-05-22 12:22:21 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2011-05-22 12:21:15 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-05-22 12:21:14 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-05-22 12:21:13 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-05-22 12:20:00 97792 ----a-w- c:\windows\system32\cabview.dll
2011-05-22 12:18:23 61440 ----a-w- c:\windows\system32\ntprint.exe
2011-05-22 12:18:23 220160 ----a-w- c:\windows\system32\ntprint.dll
2011-05-22 12:18:21 1984512 ----a-w- c:\windows\system32\authui.dll
2011-05-22 12:18:21 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2011-05-22 12:18:21 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2011-05-22 12:18:19 69632 ----a-w- c:\windows\system32\sendmail.dll
2011-05-22 12:18:17 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2011-05-22 12:16:30 441856 ----a-w- c:\windows\system32\win32spl.dll
2011-05-22 12:16:30 37376 ----a-w- c:\windows\system32\printcom.dll
2011-05-22 12:15:37 2031104 ----a-w- c:\windows\system32\win32k.sys
2011-05-22 12:13:41 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-05-22 12:13:41 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-05-22 12:12:39 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-05-22 12:12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-05-22 12:12:39 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-05-22 12:11:26 312320 ----a-w- c:\windows\system32\msdrm.dll
2011-05-22 12:11:25 515584 ----a-w- c:\windows\system32\RMActivate.exe
2011-05-22 12:11:25 472576 ----a-w- c:\windows\system32\secproc.dll
2011-05-22 12:11:25 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-05-22 12:11:25 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-05-22 12:11:25 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-05-22 12:11:25 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-05-22 12:11:24 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-05-22 12:11:24 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2011-05-22 12:10:26 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2011-05-22 12:10:25 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2011-05-22 12:10:25 11776 ----a-w- c:\windows\system32\sbunattend.exe
2011-05-22 12:09:00 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-22 12:09:00 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-05-22 12:08:23 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2011-05-22 12:03:48 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-05-22 12:03:47 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-05-22 12:03:47 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-05-22 12:03:47 11264 ----a-w- c:\windows\system32\icardres.dll
2011-05-22 12:03:43 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-05-22 12:03:42 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-05-22 12:03:42 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-22 12:03:42 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-22 11:14:53 96760 ----a-w- c:\windows\system32\dfshim.dll
2011-05-22 11:14:53 41984 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-22 11:14:51 83968 ----a-w- c:\windows\system32\mscories.dll
2011-05-22 11:14:51 282112 ----a-w- c:\windows\system32\mscoree.dll
2011-05-22 11:14:51 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-05-22 02:32:11 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-22 02:32:09 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-22 02:32:08 1686528 ----a-w- c:\windows\system32\gameux.dll
2011-05-22 02:31:21 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-05-22 02:31:21 94720 ----a-w- c:\windows\system32\logagent.exe
2011-05-22 02:30:40 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-05-22 02:30:22 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-05-22 02:30:22 737792 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-22 02:29:54 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-05-22 02:29:27 1645568 ----a-w- c:\windows\system32\connect.dll
2011-05-22 02:29:04 5120 ----a-w- c:\windows\system32\wmi.dll
2011-05-22 02:29:04 152576 ----a-w- c:\windows\system32\imagehlp.dll
2011-05-22 02:29:04 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2011-05-22 02:28:43 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2011-05-22 02:27:53 396800 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-22 02:27:53 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-05-22 02:27:53 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-22 02:25:51 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-22 02:25:33 974336 ----a-w- c:\windows\system32\crypt32.dll
2011-05-22 02:24:54 274432 ----a-w- c:\windows\system32\raschap.dll
2011-05-22 02:24:54 232960 ----a-w- c:\windows\system32\rastls.dll
2011-05-22 02:24:27 321536 ----a-w- c:\windows\system32\WSDApi.dll
2011-05-22 02:23:45 -------- d-----w- c:\program files\MSXML 4.0
2011-05-22 02:23:32 633856 ----a-w- c:\windows\system32\user32.dll
2011-05-22 02:22:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-05-22 02:22:01 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-05-22 02:22:01 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-05-22 02:22:00 88576 ----a-w- c:\windows\system32\avifil32.dll
2011-05-22 02:22:00 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-05-22 02:22:00 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-05-22 02:22:00 31232 ----a-w- c:\windows\system32\msvidc32.dll
2011-05-22 02:22:00 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-05-22 02:22:00 1327616 ----a-w- c:\windows\system32\quartz.dll
2011-05-22 02:22:00 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-05-22 02:21:35 750080 ----a-w- c:\windows\system32\qmgr.dll
2011-05-22 02:21:11 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-05-22 02:20:30 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-05-22 02:20:29 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-05-22 02:20:29 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-05-22 02:20:28 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-05-22 02:20:28 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-05-22 02:20:28 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2011-05-22 02:20:28 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2011-05-22 02:20:25 311296 ----a-w- c:\windows\system32\unregmp2.exe
2011-05-22 02:20:25 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-05-22 01:35:18 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-05-22 01:35:18 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-05-22 01:35:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-05-22 01:35:18 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-05-22 01:35:18 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-05-22 01:35:18 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-05-22 01:35:17 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-05-22 00:47:26 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-05-22 00:46:38 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-05-22 00:46:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-05-22 00:46:11 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-05-22 00:42:55 -------- d--h--w- c:\users\rachel\appdata\local\acer eNM
2011-05-22 00:37:14 360448 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-05-22 00:37:14 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
2011-05-22 00:37:14 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
2011-05-22 00:37:14 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-05-22 00:37:14 1402880 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2011-05-22 00:36:31 8704 ----a-w- c:\windows\system32\drivers\TVicPort64.sys
2011-05-22 00:36:31 69632 ----a-w- c:\windows\system32\drivers\int15.sys
2011-05-22 00:36:31 6144 ----a-w- c:\windows\system32\drivers\zntport64.sys
2011-05-22 00:36:31 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
2011-05-22 00:36:31 15656 ----a-w- c:\windows\system32\drivers\int15_64.sys
2011-05-22 00:36:31 14544 ----a-w- c:\windows\system32\drivers\TVicPort.sys
2011-05-22 00:35:36 65536 ----a-w- c:\windows\system32\NATTraversal.dll
2011-05-22 00:31:45 53248 ----a-w- c:\windows\system32\acpimof.dll
2011-05-22 00:30:51 -------- d-----w- c:\windows\system32\i386
2011-05-22 00:30:23 -------- d-----w- c:\program files\common files\Logitech
2011-05-22 00:30:23 -------- d-----w- c:\program files\Acer
2011-05-22 00:29:00 229376 ----a-w- c:\windows\system32\BtwRSupport.dll
2011-05-22 00:28:51 -------- d-----w- c:\windows\system32\es-MX
2011-05-22 00:28:51 -------- d-----w- c:\windows\system32\es-AR
2011-05-22 00:28:49 -------- d-----w- c:\program files\WIDCOMM
2011-05-22 00:28:15 1285 ----a-w- c:\windows\CLEANUP.CMD
2011-05-22 00:27:37 -------- d-----w- c:\program files\Acer Registration
2011-05-22 00:26:33 506368 ----a-w- c:\windows\system32\athr.sys
2011-05-22 00:26:33 -------- d-----w- c:\program files\Atheros
2011-05-22 00:26:32 -------- d-----w- c:\windows\Options
2011-05-22 00:26:16 -------- d-----w- C:\temp
2011-05-22 00:25:41 176 ----a-w- c:\windows\system32\drivers\RTHDAEQ0.DAT
2011-05-22 00:24:33 1655464 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-05-22 00:24:33 14336 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-05-22 00:24:32 4186112 ----a-w- c:\windows\RtHDVCpl.exe
2011-05-22 00:23:45 -------- d-----w- c:\program files\Launch Manager
2011-05-22 00:22:54 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-22 00:20:29 -------- d-----w- c:\users\rachel\appdata\local\VirtualStore
2011-05-03 00:36:34 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-03 00:36:32 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-05-03 00:36:32 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-03 00:36:04 284744 ----a-w- c:\windows\system32\guard32.dll
.
==================== Find3M ====================
.
2011-05-22 14:28:00 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-05-22 13:48:38 72704 ----a-w- c:\windows\system32\admparse.dll
2011-05-22 13:48:36 832512 ----a-w- c:\windows\system32\wininet.dll
2011-05-22 13:48:36 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-05-22 13:48:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-05-22 13:48:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-22 13:48:31 389120 ----a-w- c:\windows\system32\html.iec
2011-05-22 13:48:30 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-22 13:48:27 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-22 13:48:25 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-22 13:48:22 56320 ----a-w- c:\windows\system32\iesetup.dll
2011-05-22 12:38:47 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-05-22 12:32:46 4608 ----a-w- c:\windows\system32\drivers\en-us\mouclass.sys.mui
2011-05-22 12:23:30 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-05-22 02:32:11 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-05-22 02:32:10 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-05-22 02:32:10 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-05-22 02:32:09 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-05-22 02:32:09 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-05-22 00:24:38 319984 ----a-w- c:\windows\DIFxAPI.dll
.
============= FINISH: 18:17:32.00 ===============