Redirect Virus Problem

S

spacyway

New member
I have had the redirect virus, and AVG was saying winlogon.exe and explorer.exe were infected. It also said "virus found win32/patched". I'm sorry, but I did run combofix (I had not yet read the "Before you post" forum). That means I had to remove AVG. Combofix also detected winlogon and explorer as infected. I can post my combofix log or do a new one if you'd like. I actually have tried quite a bit on my own to defeat the virus but have had no success. I appreciate any help and let me know if any other information is needed. Thanks.

Here is my DDS log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 15:09:21.07 on Fri 12/31/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.49 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\ERUNT\ERUNT.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: trymedia.com
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-7 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-7 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-7 243024]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-6-2 194304]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 136176]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-9-21 327000]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-30 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S4 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]

=============== Created Last 30 ================

2010-12-31 21:15:22 98816 ----a-w- c:\windows\sed.exe
2010-12-31 21:15:22 89088 ----a-w- c:\windows\MBR.exe
2010-12-31 21:15:22 256512 ----a-w- c:\windows\PEV.exe
2010-12-31 21:15:22 161792 ----a-w- c:\windows\SWREG.exe
2010-12-31 21:15:08 -------- d-----w- C:\NewCF
2010-12-31 20:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-31 20:06:34 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2010-12-31 00:37:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-31 00:37:39 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-31 00:32:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-31 00:26:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-31 00:09:11 -------- d-----w- c:\program files\Bonjour
2010-12-15 03:24:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Garmin
2010-12-15 02:52:13 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\GARMIN_Corp
2010-12-15 02:30:46 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\GARMIN
2010-12-14 23:57:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2010-12-14 23:57:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-12-14 23:55:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-12-14 23:55:47 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-12-14 23:55:29 -------- d-----w- C:\Garmin
2010-12-14 23:55:27 -------- d-----w- c:\program files\Garmin

==================== Find3M ====================

2010-11-30 00:44:12 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31:23 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25:55 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24:49 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24:48 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24:47 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24:46 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19:22 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19:21 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14:15 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10:05 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08:43 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08:03 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08:00 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07:55 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07:54 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07:47 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06:30 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06:03 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06:02 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05:56 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03:53 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03:37 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41:02 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08:23 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02:51 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59:09 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59:05 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59:04 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58:26 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57:53 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57:47 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57:45 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56:04 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37:06 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25:39 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25:38 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25:23 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25:16 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25:14 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36:19 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36:15 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36:13 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35:18 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34:29 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33:41 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33:39 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32:12 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28:36 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28:34 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57:17 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56:59 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56:44 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56:18 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56:09 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56:08 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56:07 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56:03 0 ----a-w- c:\windows\system32\FAPEF.tmp
2010-11-28 01:51:01 0 ----a-w- c:\windows\system32\FAPEC.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE7.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE4.tmp
2010-11-28 01:50:53 0 ----a-w- c:\windows\system32\FAPE2.tmp
2010-11-28 01:50:32 0 ----a-w- c:\windows\system32\FAPD9.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD7.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD5.tmp
2010-11-28 01:50:20 0 ----a-w- c:\windows\system32\FAPD3.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPD1.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPCF.tmp
2010-11-28 01:49:42 0 ----a-w- c:\windows\system32\FAPCC.tmp

============= FINISH: 15:10:33.31 ===============
 
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Post fresh dds logs + old ComboFix log.
 
Thank you. I uninstalled utorrent, and below is my new DDS log. It was too many characters to include the ComboFix log, so I've attached it and also the DDS attach.txt. If it's easier for me to do another post with separate logs just let me know. Thanks again.

DDS log:


DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 17:40:02.98 on Tue 01/04/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.697 [GMT -7:00]


============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\Program Files\Google\Update\GoogleUpdate.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: trymedia.com
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft research\hd view\nphdview.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-7 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-7 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-7 243024]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-9-21 327000]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-6-2 194304]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 136176]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-30 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S4 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]

=============== Created Last 30 ================

2010-12-31 21:15:22 98816 ----a-w- c:\windows\sed.exe
2010-12-31 21:15:22 89088 ----a-w- c:\windows\MBR.exe
2010-12-31 21:15:22 256512 ----a-w- c:\windows\PEV.exe
2010-12-31 21:15:22 161792 ----a-w- c:\windows\SWREG.exe
2010-12-31 21:15:08 -------- d-----w- C:\NewCF
2010-12-31 20:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-31 20:06:34 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2010-12-31 00:37:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-31 00:37:39 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-31 00:32:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-31 00:26:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-31 00:09:11 -------- d-----w- c:\program files\Bonjour
2010-12-15 03:24:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Garmin
2010-12-15 02:52:13 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\GARMIN_Corp
2010-12-15 02:30:46 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\GARMIN
2010-12-14 23:57:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2010-12-14 23:57:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-12-14 23:55:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-12-14 23:55:47 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-12-14 23:55:29 -------- d-----w- C:\Garmin
2010-12-14 23:55:27 -------- d-----w- c:\program files\Garmin

==================== Find3M ====================

2010-11-30 00:44:12 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31:23 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25:55 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24:49 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24:48 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24:47 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24:46 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19:22 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19:21 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14:15 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10:05 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08:43 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08:03 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08:00 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07:55 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07:54 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07:47 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06:30 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06:03 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06:02 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05:56 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03:53 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03:37 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41:02 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08:23 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02:51 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59:09 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59:05 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59:04 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58:26 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57:53 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57:47 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57:45 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56:04 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37:06 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25:39 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25:38 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25:23 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25:16 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25:14 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36:19 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36:15 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36:13 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35:18 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34:29 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33:41 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33:39 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32:12 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28:36 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28:34 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57:17 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56:59 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56:44 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56:18 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56:09 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56:08 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56:07 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56:03 0 ----a-w- c:\windows\system32\FAPEF.tmp
2010-11-28 01:51:01 0 ----a-w- c:\windows\system32\FAPEC.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE7.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE4.tmp
2010-11-28 01:50:53 0 ----a-w- c:\windows\system32\FAPE2.tmp
2010-11-28 01:50:32 0 ----a-w- c:\windows\system32\FAPD9.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD7.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD5.tmp
2010-11-28 01:50:20 0 ----a-w- c:\windows\system32\FAPD3.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPD1.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPCF.tmp
2010-11-28 01:49:42 0 ----a-w- c:\windows\system32\FAPCC.tmp

============= FINISH: 17:42:00.84 ===============
 
Hi,

Upload these files to Virustotal and post back the results like you did with the files above:
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
 
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
FCopy::
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe|c:\windows\system32\winlogon.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe|c:\windows\explorer.exe
DDS::
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
Folder::
c:\Program Files\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.4 + 9.4.1 update or Adobe Reader X if offered) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 23.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Thanks. Here are the results of everything you told me to do:

---When following the instructions for dragging the script to the combofix executable, I get a lot of errors. The first one is:

32788R22FWJFW\iexplore.exe is not a valid Win32 application

I can only select OK, and when I do, the same message continues to come back, though the executable changes\alternates between the following:

FireFox.exe
hidec.exe
PEV.exe
NircmdB.exe
NIRCMD.exe

A total of about 50 error messages come up before they stop. Towards the end, the the blue ComboFix command prompt comes up, only "Access is denied" shows, then the window disappears.
If you need any screen shots or more info on this just let me know.


--I uninstalled Adobe Reader and installed version X
--I uninstalled Adobe Flash Player and installed version 10.1.102.64
--I removed older version Java components and updated to the latest version (jre-6u23-windows-i586)
--Eset's log:

C:\Documents and Settings\All Users\Application Data\SafeReturner\Quarantine\explorer.exe.vir Win32/Bamital.EC trojan
C:\Documents and Settings\All Users\Application Data\SafeReturner\Quarantine\winlogon.exe.vir Win32/Bamital.EC trojan
C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.DZ trojan
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-182a8173.zip probably a variant of Win32/Agent.IFZWEVY trojan
C:\Documents and Settings\HP_Administrator\Desktop\LimewireDownloads\mmmbop remix.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\692926503.dll.vir a variant of Win32/Kryptik.DJM trojan
C:\WINDOWS\explorer.exe Win32/Bamital.EC trojan
C:\WINDOWS\system32\winlogon.exe Win32/Bamital.EC trojan
C:\WINDOWS\system32\drivers\etc\hosts.20100422-234048.backup Win32/Qhost trojan
Operating memory Win32/Bamital.EC trojan

--DDS Log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 15:40:13.42 on Sat 01/08/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.255 [GMT -7:00]


============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: trymedia.com
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft research\hd view\nphdview.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-7 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-7 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-7 243024]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-9-21 327000]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-6-2 194304]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 136176]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-30 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S4 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]

=============== Created Last 30 ================

2011-01-08 17:30:31 -------- d-----w- c:\program files\ESET
2011-01-08 17:22:25 -------- d-s---w- C:\ComboFix
2011-01-08 17:20:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-08 17:20:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 17:20:56 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-31 21:15:08 -------- d-----w- C:\NewCF
2010-12-31 20:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-31 20:06:34 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2010-12-31 00:37:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-31 00:37:39 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-31 00:32:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-31 00:26:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-31 00:09:11 -------- d-----w- c:\program files\Bonjour
2010-12-15 03:24:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Garmin
2010-12-15 02:52:13 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\GARMIN_Corp
2010-12-15 02:30:46 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\GARMIN
2010-12-14 23:57:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2010-12-14 23:57:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-12-14 23:55:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-12-14 23:55:47 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-12-14 23:55:29 -------- d-----w- C:\Garmin
2010-12-14 23:55:27 -------- d-----w- c:\program files\Garmin

==================== Find3M ====================

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 00:44:12 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31:23 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25:55 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24:49 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24:48 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24:47 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24:46 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19:22 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19:21 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14:15 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10:05 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08:43 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08:03 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08:00 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07:55 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07:54 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07:47 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06:30 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06:03 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06:02 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05:56 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03:53 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03:37 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41:02 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08:23 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02:51 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59:09 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59:05 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59:04 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58:26 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57:53 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57:47 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57:45 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56:04 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37:06 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25:39 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25:38 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25:23 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25:16 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25:14 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36:19 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36:15 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36:13 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35:18 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34:29 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33:41 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33:39 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32:12 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28:36 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28:34 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57:17 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56:59 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56:44 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56:18 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56:09 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56:08 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56:07 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56:03 0 ----a-w- c:\windows\system32\FAPEF.tmp
2010-11-28 01:51:01 0 ----a-w- c:\windows\system32\FAPEC.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE7.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE4.tmp
2010-11-28 01:50:53 0 ----a-w- c:\windows\system32\FAPE2.tmp
2010-11-28 01:50:32 0 ----a-w- c:\windows\system32\FAPD9.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD7.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD5.tmp
2010-11-28 01:50:20 0 ----a-w- c:\windows\system32\FAPD3.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPD1.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPCF.tmp

============= FINISH: 15:42:00.70 ===============
 
Hi,

Please try to run ComboFix with the script in safe mode.
 
Thanks, it worked in safe mode, though when it rebooted it went into normal mode. I then got the error 3 times that I got before, but a log was produced. I didn't know if I should redo it and if it reboots I can boot into safe mode again, so just let me know if I should.

ComboFix 10-12-31.01 - HP_Administrator 01/09/2011 17:50:38.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.692 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP77\A0009502.exe
.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-08 17:30 . 2011-01-08 17:30 -------- d-----w- c:\program files\ESET
2011-01-08 17:21 . 2011-01-08 17:21 -------- d-----w- c:\program files\Common Files\Java
2011-01-08 17:20 . 2011-01-08 17:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-08 17:20 . 2011-01-08 17:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 17:20 . 2011-01-08 17:20 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-31 22:01 . 2010-12-31 22:01 -------- d-----w- c:\program files\ERUNT
2010-12-31 21:15 . 2010-12-31 21:43 -------- d-----w- C:\NewCF
2010-12-31 20:35 . 2010-12-31 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-31 20:06 . 2010-12-31 20:06 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG8
2010-12-31 00:37 . 2010-12-31 00:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-12-31 00:37 . 2010-12-31 00:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2010-12-31 00:37 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2010-12-31 00:37 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2010-12-31 00:37 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2010-12-31 00:37 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2010-12-31 00:32 . 2010-12-31 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26 . 2010-12-31 00:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-31 00:26 . 2010-12-31 00:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-31 00:26 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-31 00:26 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-31 00:26 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-31 00:26 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-31 00:26 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-31 00:09 . 2010-12-31 00:09 -------- d-----w- c:\program files\Bonjour
2010-12-15 03:24 . 2010-12-15 03:24 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Garmin
2010-12-15 02:52 . 2010-12-15 02:52 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GARMIN_Corp
2010-12-15 02:30 . 2010-12-15 03:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GARMIN
2010-12-14 23:57 . 2010-12-14 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2010-12-14 23:57 . 2010-12-14 23:57 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-12-14 23:55 . 2010-12-14 23:55 -------- d-----w- c:\program files\DIFX
2010-12-14 23:55 . 2009-04-17 22:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-12-14 23:55 . 2009-04-17 22:48 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-12-14 23:55 . 2010-12-15 03:21 -------- d-----w- C:\Garmin
2010-12-14 23:55 . 2010-12-15 03:21 -------- d-----w- c:\program files\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 01:09 . 2010-03-20 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 01:08 . 2010-03-20 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 00:44 . 2010-11-30 00:43 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38 . 2010-11-30 00:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38 . 2010-11-30 00:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31 . 2010-11-29 00:31 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31 . 2010-11-29 00:31 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31 . 2010-11-29 00:31 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31 . 2010-11-29 00:31 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25 . 2010-11-29 00:25 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24 . 2010-11-29 00:24 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24 . 2010-11-29 00:24 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24 . 2010-11-29 00:24 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24 . 2010-11-29 00:24 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19 . 2010-11-28 23:19 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19 . 2010-11-28 23:19 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14 . 2010-11-28 23:14 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10 . 2010-11-28 23:10 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08 . 2010-11-28 23:08 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08 . 2010-11-28 23:08 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08 . 2010-11-28 23:08 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07 . 2010-11-28 23:07 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07 . 2010-11-28 23:07 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07 . 2010-11-28 23:07 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05 . 2010-11-28 23:05 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03 . 2010-11-28 23:03 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03 . 2010-11-28 23:03 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41 . 2010-11-28 22:41 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41 . 2010-11-28 22:41 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41 . 2010-11-28 22:41 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08 . 2010-11-28 20:08 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08 . 2010-11-28 20:08 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08 . 2010-11-28 20:08 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08 . 2010-11-28 20:08 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08 . 2010-11-28 20:08 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02 . 2010-11-28 20:02 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02 . 2010-11-28 20:02 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02 . 2010-11-28 20:02 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59 . 2010-11-28 19:59 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59 . 2010-11-28 19:59 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59 . 2010-11-28 19:59 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58 . 2010-11-28 19:58 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58 . 2010-11-28 19:58 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58 . 2010-11-28 19:58 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57 . 2010-11-28 19:57 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57 . 2010-11-28 19:57 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57 . 2010-11-28 19:57 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56 . 2010-11-28 19:56 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37 . 2010-11-28 19:37 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36 . 2010-11-28 07:36 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36 . 2010-11-28 07:36 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36 . 2010-11-28 07:36 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36 . 2010-11-28 07:36 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36 . 2010-11-28 07:36 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35 . 2010-11-28 07:35 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34 . 2010-11-28 07:34 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33 . 2010-11-28 07:33 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33 . 2010-11-28 07:33 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32 . 2010-11-28 07:32 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32 . 2010-11-28 07:32 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32 . 2010-11-28 07:32 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28 . 2010-11-28 07:28 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28 . 2010-11-28 07:28 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57 . 2010-11-28 01:57 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPEF.tmp
2010-11-28 01:51 . 2010-11-28 01:51 0 ----a-w- c:\windows\system32\FAPEC.tmp
2010-11-28 01:51 . 2010-11-28 01:51 0 ----a-w- c:\windows\system32\FAPE7.tmp
2010-11-28 01:51 . 2010-11-28 01:51 0 ----a-w- c:\windows\system32\FAPE4.tmp
2010-11-28 01:50 . 2010-11-28 01:50 0 ----a-w- c:\windows\system32\FAPE2.tmp
2010-11-28 01:50 . 2010-11-28 01:50 0 ----a-w- c:\windows\system32\FAPD9.tmp
2010-11-28 01:50 . 2010-11-28 01:50 0 ----a-w- c:\windows\system32\FAPD7.tmp
2010-11-28 01:50 . 2010-11-28 01:50 0 ----a-w- c:\windows\system32\FAPD5.tmp
2010-11-28 01:50 . 2010-11-28 01:50 0 ----a-w- c:\windows\system32\FAPD3.tmp
2006-08-31 00:54 . 2006-08-31 00:54 13386 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2006-08-31 00:54 . 2006-08-31 00:54 92234 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-02-08 04:46 . 2008-02-08 04:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 04:46 . 2008-02-08 04:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 04:46 . 2008-02-08 04:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 04:46 . 2008-02-08 04:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 04:46 . 2008-02-08 04:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 04:46 . 2008-02-08 04:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 04:46 . 2008-02-08 04:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-17 00:27 . 2007-03-17 00:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-17 00:27 . 2007-03-17 00:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-17 00:27 . 2007-03-17 00:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 19:47 . 2007-07-20 19:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 04:46 . 2008-02-08 04:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-09-21 4086104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-6-2 1261568]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-3 27136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"huuipbxzyjxjlyqlrnmrTaskMgr"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 15:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start 3DxWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Start 3DxWare.lnk
backup=c:\windows\pss\Start 3DxWare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-16 04:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 07:19 77312 ----a-w- c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2005-09-27 07:43 1060864 ----a-w- c:\program files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2005-09-27 07:42 61440 ----a-w- c:\program files\DISC\DISCUpdateMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2006-12-26 00:23 643072 ----a-w- c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-08-30 00:16 133104 ----atw- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 00:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-01-03 21:48 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-11-10 19:23 157312 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/7/2008 5:40 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/7/2008 5:40 PM 243024]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [9/21/2010 2:51 PM 327000]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 6:10 PM 5248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [6/2/2008 9:58 PM 194304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/23/2010 2:10 PM 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [10/30/2010 12:39 PM 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\Safe Returner\RegKernelHelp.sys --> c:\program files\Safe Returner\RegKernelHelp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S4 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2011-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2011-01-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-03 23:16]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 07:07]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 07:07]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902625785-3568907837-3550786534-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:16]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902625785-3568907837-3550786534-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: trymedia.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-09 18:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\RtlGina2.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2856)
c:\windows\system32\WININET.dll
c:\windows\system32\LnkProtect.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2011-01-09 18:28:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-10 01:28
ComboFix2.txt 2010-12-31 21:43
ComboFix3.txt 2010-10-28 08:26

Pre-Run: 97,312,948,224 bytes free
Post-Run: 96,397,262,848 bytes free

- - End Of File - - 1A6D5391EBE92A79590EB6506143F01F
 
Hi,

Run this AVG remover to remove AVG remnants. Post back fresh dds.txt log and rescan C:\WINDOWS\explorer.exe & C:\WINDOWS\system32\winlogon.exe files at Virustotal.
 
Hi,
I ran the AVG remover.
Here are the new winlogon.exe results from virustotal:
http://www.virustotal.com/file-scan...2270ca2c1522d8bcc66da7dba8d0380b6a-1294706440

And the new explorer.exe results:
http://www.virustotal.com/file-scan...2ec6efced04245baca950d835175896199-1294706723

DDS log below:



DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 17:34:07.78 on Mon 01/10/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.205 [GMT -7:00]


============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: trymedia.com
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft research\hd view\nphdview.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-9-21 327000]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-6-2 194304]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 136176]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-30 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-10 00:47:15 89088 ----a-w- c:\windows\MBR.exe
2011-01-10 00:47:14 98816 ----a-w- c:\windows\sed.exe
2011-01-10 00:47:14 256512 ----a-w- c:\windows\PEV.exe
2011-01-10 00:47:14 161792 ----a-w- c:\windows\SWREG.exe
2011-01-10 00:46:39 -------- d-----w- C:\ComboFix
2011-01-08 17:30:31 -------- d-----w- c:\program files\ESET
2011-01-08 17:20:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-08 17:20:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 17:20:56 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-31 21:15:08 -------- d-----w- C:\NewCF
2010-12-31 20:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-31 20:06:34 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2010-12-31 00:37:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-31 00:37:39 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-31 00:32:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-31 00:26:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-31 00:09:11 -------- d-----w- c:\program files\Bonjour
2010-12-15 03:24:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Garmin
2010-12-15 02:52:13 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\GARMIN_Corp
2010-12-15 02:30:46 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\GARMIN
2010-12-14 23:57:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2010-12-14 23:57:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-12-14 23:55:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-12-14 23:55:47 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-12-14 23:55:29 -------- d-----w- C:\Garmin
2010-12-14 23:55:27 -------- d-----w- c:\program files\Garmin

==================== Find3M ====================

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 00:44:12 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31:23 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25:55 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24:49 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24:48 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24:47 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24:46 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19:22 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19:21 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14:15 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10:05 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08:43 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08:03 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08:00 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07:55 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07:54 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07:47 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06:30 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06:03 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06:02 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05:56 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03:53 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03:37 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41:02 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08:23 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02:51 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59:09 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59:05 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59:04 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58:26 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57:53 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57:47 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57:45 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56:04 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37:06 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25:39 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25:38 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25:23 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25:16 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25:14 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36:19 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36:15 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36:13 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35:18 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34:29 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33:41 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33:39 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32:12 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28:36 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28:34 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57:17 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56:59 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56:44 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56:18 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56:09 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56:08 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56:07 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56:03 0 ----a-w- c:\windows\system32\FAPEF.tmp
2010-11-28 01:51:01 0 ----a-w- c:\windows\system32\FAPEC.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE7.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE4.tmp
2010-11-28 01:50:53 0 ----a-w- c:\windows\system32\FAPE2.tmp
2010-11-28 01:50:32 0 ----a-w- c:\windows\system32\FAPD9.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD7.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD5.tmp
2010-11-28 01:50:20 0 ----a-w- c:\windows\system32\FAPD3.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPD1.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPCF.tmp

============= FINISH: 17:36:57.26 ===============
 
Hi,

We need to install service pack 3 to make some progress here. Any reason why you haven't installed it earlier?
 
Wow, that's definitely progress! I updated to SP3 and figured it couldn't hurt to run the files at virustotal again and they seem to come up clean now:

Explorer: http://www.virustotal.com/file-scan...56038a0d09c6e5a3e6862c5e26885ef455-1294803717

Winlogon: http://www.virustotal.com/file-scan...7dbf7199117afb3652ebf100d5f0429b1e-1294804005

I didn't have any good reason for not having installed in previously, I was surprised I didn't have SP3 already. I didn't have autoupdates on and I guess somehow I subconsciously ignored any prompts that came up with the update. I'm not sure if I'm in the clear what should I do next? Thanks for all of your help with this.
 
DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 17:37:52.46 on Wed 01/12/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.96 [GMT -7:00]


============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: trymedia.com
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft research\hd view\nphdview.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-9-21 327000]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-6-2 194304]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 136176]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-30 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-12 01:01:19 -------- d-----w- c:\windows\system32\scripting
2011-01-12 01:01:18 -------- d-----w- c:\windows\l2schemas
2011-01-12 01:01:17 -------- d-----w- c:\windows\system32\en
2011-01-12 01:01:17 -------- d-----w- c:\windows\system32\bits
2011-01-10 00:47:15 89088 ----a-w- c:\windows\MBR.exe
2011-01-10 00:47:14 98816 ----a-w- c:\windows\sed.exe
2011-01-10 00:47:14 256512 ----a-w- c:\windows\PEV.exe
2011-01-10 00:47:14 161792 ----a-w- c:\windows\SWREG.exe
2011-01-10 00:46:39 -------- d-----w- C:\ComboFix
2011-01-08 17:30:31 -------- d-----w- c:\program files\ESET
2011-01-08 17:20:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-08 17:20:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 17:20:56 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-31 21:15:08 -------- d-----w- C:\NewCF
2010-12-31 20:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-31 20:06:34 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2010-12-31 00:37:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-31 00:37:39 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-31 00:32:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-31 00:26:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-31 00:09:11 -------- d-----w- c:\program files\Bonjour
2010-12-15 03:24:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Garmin
2010-12-15 02:52:13 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\GARMIN_Corp
2010-12-15 02:30:46 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\GARMIN
2010-12-14 23:57:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2010-12-14 23:57:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-12-14 23:55:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-12-14 23:55:47 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-12-14 23:55:29 -------- d-----w- C:\Garmin
2010-12-14 23:55:27 -------- d-----w- c:\program files\Garmin

==================== Find3M ====================

2011-01-12 01:04:58 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2011-01-12 01:04:58 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2011-01-12 01:04:58 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2011-01-12 01:04:58 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2011-01-12 01:04:57 61440 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2011-01-12 01:04:57 40960 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2011-01-12 01:04:57 341048 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2011-01-12 01:04:57 163840 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 00:44:12 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31:23 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25:55 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24:49 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24:48 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24:47 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24:46 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19:22 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19:21 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14:15 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10:05 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08:43 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08:03 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08:00 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07:55 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07:54 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07:47 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06:30 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06:03 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06:02 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05:56 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03:53 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03:37 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41:02 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08:23 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02:51 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59:09 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59:05 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59:04 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58:26 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57:53 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57:47 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57:45 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56:04 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37:06 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25:39 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25:38 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25:23 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25:16 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25:14 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36:19 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36:15 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36:13 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35:18 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34:29 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33:41 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33:39 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32:12 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28:36 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28:34 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57:17 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56:59 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56:44 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56:18 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56:09 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56:08 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56:07 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56:03 0 ----a-w- c:\windows\system32\FAPEF.tmp
2010-11-28 01:51:01 0 ----a-w- c:\windows\system32\FAPEC.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE7.tmp

============= FINISH: 17:46:13.89 ===============
 
Hi,

Run ComboFix again and let it update itself. Post back the report.
 
ComboFix 11-01-14.01 - HP_Administrator 01/14/2011 19:22:03.4.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.583 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\AcroInstall\doit.exe
.

((((((((((((((((((((((((( Files Created from 2010-12-15 to 2011-01-15 )))))))))))))))))))))))))))))))
.

2011-01-13 01:02 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-01-13 01:02 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-13 01:01 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-01-13 01:00 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-13 00:49 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-01-12 01:01 . 2011-01-12 01:01 -------- d-----w- c:\windows\system32\scripting
2011-01-12 01:01 . 2011-01-12 01:01 -------- d-----w- c:\windows\l2schemas
2011-01-12 01:01 . 2011-01-12 01:01 -------- d-----w- c:\windows\system32\en
2011-01-12 01:01 . 2011-01-12 01:01 -------- d-----w- c:\windows\system32\bits
2011-01-08 17:30 . 2011-01-08 17:30 -------- d-----w- c:\program files\ESET
2011-01-08 17:21 . 2011-01-08 17:21 -------- d-----w- c:\program files\Common Files\Java
2011-01-08 17:20 . 2011-01-08 17:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-08 17:20 . 2011-01-08 17:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 17:20 . 2011-01-08 17:20 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-31 22:01 . 2010-12-31 22:01 -------- d-----w- c:\program files\ERUNT
2010-12-31 21:15 . 2010-12-31 21:43 -------- d-----w- C:\NewCF
2010-12-31 20:35 . 2010-12-31 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-31 20:06 . 2010-12-31 20:06 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG8
2010-12-31 00:37 . 2010-12-31 00:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-12-31 00:37 . 2010-12-31 00:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2010-12-31 00:37 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2010-12-31 00:37 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2010-12-31 00:37 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2010-12-31 00:37 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2010-12-31 00:32 . 2010-12-31 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26 . 2010-12-31 00:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-31 00:26 . 2010-12-31 00:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-31 00:26 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-31 00:26 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-31 00:26 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-31 00:26 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-31 00:26 . 2010-12-31 00:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-31 00:09 . 2010-12-31 00:09 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-12 01:04 . 2011-01-12 01:04 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2011-01-12 01:04 . 2011-01-12 01:04 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2011-01-12 01:04 . 2011-01-12 01:04 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2011-01-12 01:04 . 2011-01-12 01:04 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2011-01-12 01:04 . 2011-01-12 01:04 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2011-01-12 01:04 . 2011-01-12 01:04 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2011-01-12 01:04 . 2011-01-12 01:04 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2011-01-12 01:04 . 2011-01-12 01:04 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-12-21 01:09 . 2010-03-20 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 01:08 . 2010-03-20 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 00:44 . 2010-11-30 00:43 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38 . 2010-11-30 00:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38 . 2010-11-30 00:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31 . 2010-11-29 00:31 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31 . 2010-11-29 00:31 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31 . 2010-11-29 00:31 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31 . 2010-11-29 00:31 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25 . 2010-11-29 00:25 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24 . 2010-11-29 00:24 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24 . 2010-11-29 00:24 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24 . 2010-11-29 00:24 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24 . 2010-11-29 00:24 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19 . 2010-11-28 23:19 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19 . 2010-11-28 23:19 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14 . 2010-11-28 23:14 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10 . 2010-11-28 23:10 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08 . 2010-11-28 23:08 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08 . 2010-11-28 23:08 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08 . 2010-11-28 23:08 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07 . 2010-11-28 23:07 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07 . 2010-11-28 23:07 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07 . 2010-11-28 23:07 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06 . 2010-11-28 23:06 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05 . 2010-11-28 23:05 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03 . 2010-11-28 23:03 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03 . 2010-11-28 23:03 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41 . 2010-11-28 22:41 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41 . 2010-11-28 22:41 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41 . 2010-11-28 22:41 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08 . 2010-11-28 20:08 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08 . 2010-11-28 20:08 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08 . 2010-11-28 20:08 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08 . 2010-11-28 20:08 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08 . 2010-11-28 20:08 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02 . 2010-11-28 20:02 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02 . 2010-11-28 20:02 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02 . 2010-11-28 20:02 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59 . 2010-11-28 19:59 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59 . 2010-11-28 19:59 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59 . 2010-11-28 19:59 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58 . 2010-11-28 19:58 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58 . 2010-11-28 19:58 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58 . 2010-11-28 19:58 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57 . 2010-11-28 19:57 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57 . 2010-11-28 19:57 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57 . 2010-11-28 19:57 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56 . 2010-11-28 19:56 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37 . 2010-11-28 19:37 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25 . 2010-11-28 16:25 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36 . 2010-11-28 07:36 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36 . 2010-11-28 07:36 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36 . 2010-11-28 07:36 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36 . 2010-11-28 07:36 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36 . 2010-11-28 07:36 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35 . 2010-11-28 07:35 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34 . 2010-11-28 07:34 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33 . 2010-11-28 07:33 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33 . 2010-11-28 07:33 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32 . 2010-11-28 07:32 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32 . 2010-11-28 07:32 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32 . 2010-11-28 07:32 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28 . 2010-11-28 07:28 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28 . 2010-11-28 07:28 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57 . 2010-11-28 01:57 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56 . 2010-11-28 01:56 0 ----a-w- c:\windows\system32\FAPEF.tmp
2006-08-31 00:54 . 2006-08-31 00:54 13386 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2006-08-31 00:54 . 2006-08-31 00:54 92234 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-02-08 04:46 . 2008-02-08 04:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 04:46 . 2008-02-08 04:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 04:46 . 2008-02-08 04:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 04:46 . 2008-02-08 04:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 04:46 . 2008-02-08 04:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 04:46 . 2008-02-08 04:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 04:46 . 2008-02-08 04:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-17 00:27 . 2007-03-17 00:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-17 00:27 . 2007-03-17 00:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-17 00:27 . 2007-03-17 00:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 19:47 . 2007-07-20 19:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 04:46 . 2008-02-08 04:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3qfe\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3gdr\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 97BB654A5D338C9DFA7FA8B3ED55546A . 507904 . . [5.1.2600.5512] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll
[-] 2005-07-26 11:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 11:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-11-06 . 2F2DA920F5B9582D40B9761D2AB45696 . 3604480 . . [7.00.6000.17093] . . c:\windows\SoftwareDistribution\Download\4b4e5b08eb63a86199f8a74197537531\sp3gdr\mshtml.dll
[-] 2010-11-06 . 2F2DA920F5B9582D40B9761D2AB45696 . 3604480 . . [7.00.6000.17093] . . c:\windows\system32\mshtml.dll
[-] 2010-11-06 . 2F2DA920F5B9582D40B9761D2AB45696 . 3604480 . . [7.00.6000.17093] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-11-06 . 1B62916D85DFC66158B1FD0CAC16BA05 . 3607040 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mshtml.dll
[-] 2010-11-06 . 1B62916D85DFC66158B1FD0CAC16BA05 . 3607040 . . [7.00.6000.21295] . . c:\windows\SoftwareDistribution\Download\4b4e5b08eb63a86199f8a74197537531\sp3qfe\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\mshtml.dll
[-] 2010-05-04 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\ie7updates\KB2416400-IE7\mshtml.dll
[-] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-07-20 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-07-20 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\SoftwareDistribution\Download\33ec000c08e174dc768520b0fd388192\SP3GDR\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\SoftwareDistribution\Download\33ec000c08e174dc768520b0fd388192\SP3QFE\mshtml.dll
[-] 2009-07-18 . 7467941BE64DFC5F8E9F3DC1DE920806 . 3069440 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll
[-] 2009-07-18 . 9A878C4D12BE5598B598B27BFEA1B3C2 . 3069440 . . [6.00.2900.3603] . . c:\windows\ie7\mshtml.dll
[-] 2009-07-18 . F3EE47F296295D08A97CB50EF57244D9 . 3069952 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2009-04-29 . ABD8093E43E53AEA5898D2214B92E9BA . 3068928 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll
[-] 2009-04-29 . 7BB862F4CBB8361551C34674291BA5EC . 3068928 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
 
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-11-06 . 67CD1C036ECC93B1B45B07A4AFDA1D96 . 832512 . . [7.00.6000.17093] . . c:\windows\SoftwareDistribution\Download\4b4e5b08eb63a86199f8a74197537531\sp3gdr\wininet.dll
[-] 2010-11-06 . 67CD1C036ECC93B1B45B07A4AFDA1D96 . 832512 . . [7.00.6000.17093] . . c:\windows\system32\wininet.dll
[-] 2010-11-06 . 67CD1C036ECC93B1B45B07A4AFDA1D96 . 832512 . . [7.00.6000.17093] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-11-06 . F4310169BC5EE25617301E8E78FE5C84 . 841216 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\wininet.dll
[-] 2010-11-06 . F4310169BC5EE25617301E8E78FE5C84 . 841216 . . [7.00.6000.21295] . . c:\windows\SoftwareDistribution\Download\4b4e5b08eb63a86199f8a74197537531\sp3qfe\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll
[-] 2010-05-04 . 83306356DE710DA87ED91A6AF6233214 . 832512 . . [7.00.6000.17055] . . c:\windows\ie7updates\KB2416400-IE7\wininet.dll
[-] 2010-05-04 . 506B3DCB9C26070072E3047C6910F844 . 841216 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
[-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\SoftwareDistribution\Download\33ec000c08e174dc768520b0fd388192\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\SoftwareDistribution\Download\33ec000c08e174dc768520b0fd388192\SP3GDR\wininet.dll
[-] 2009-06-26 . 70FFEA4793D7139A447B169CB0E500BC . 666624 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
[-] 2009-06-26 . 8553E6D4EC1563277323E6B2D6FBB954 . 668160 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2009-06-26 . CF0B7B2738BEF0EB87673393CB7EA06E . 668160 . . [6.00.2900.3592] . . c:\windows\ie7\wininet.dll
[-] 2009-04-29 . 6002073519FA478BF89977369CDFD156 . 666624 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[-] 2009-04-29 . 9E36A148748C5DE4EA1F47B9B625F412 . 668160 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2009-04-29 . 04BCB4F87B35502568F6CF33433543A5 . 668160 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2009-02-20 . 1EA0E6DD74199209D60991FD46CE8643 . 668160 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[-] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2008-10-16 . 93C9D0A216498EE14EB9B26119BB95EE . 667648 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-08-20 . C91E3A6EF094202F6B5CA8960DFCF243 . 667648 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-08-20 . 9AF5F25124FBDC36E2B510729CBA2674 . 666112 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 . 94418F53D2612C26DBADC04DAFBC197C . 666624 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . 611ACE3F4201E9610AF8452F7C268995 . 667136 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\wininet.dll
[-] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 . 972299B7241EC325D8C7E5638C884925 . 666624 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-04-21 . 2E7DE1BF9418B071799EB53DE8CC22F5 . 666624 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 . 26F240C250E5B4B395CB4B178BA75437 . 666624 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[-] 2008-02-16 . BB1EACD6AB47E78EBCA02EB781550D55 . 666112 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2007-12-07 . 085A7C37F9C6EDE1BA870B7DBEC06399 . 666112 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2007-10-11 . 80D660A49E0D118144423099B2A9F5DA . 666112 . . [6.00.2900.3231] . . c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2007-08-22 . A1BC17EB3758D73C3938B2318820F5B4 . 665600 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-08-14 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2007-06-26 . E1A3DD68B5380B360A7310A64D9BB188 . 665600 . . [6.00.2900.3164] . . c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-04-18 . 4261BA03AFD659DE04F0A17DFBDD454D . 665600 . . [6.00.2900.3121] . . c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-09-03 . 97A6FD7CAFD688CF2C78939EBAF0CD0C . 660480 . . [6.00.2900.2753] . . c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-09-03 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-09-03 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2004-08-10 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB896688$\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2010-11-04 . 40876B6A111A3EE4EE5F15FF730F9219 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3gdr\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3qfe\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB902400$\ole32.dll

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\sp3gdr\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\sp3qfe\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 13:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\SP3GDR\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-10 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 12:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution\Download\20417d45f198df0887b15c6703a74b0a\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution\Download\20417d45f198df0887b15c6703a74b0a\SP3GDR\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . 26A901A1840E9E46FFFC6D09B9618CDF . 2016768 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 5B542B9C2D8D613CE7D24563926F3411 . 2015744 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683_0$\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165\SP2QFE\ntkrnlpa.exe
[-] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165_0$\ntkrnlpa.exe
[-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-10 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-10 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution\Download\20417d45f198df0887b15c6703a74b0a\SP3GDR\ntoskrnl.exe
[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution\Download\20417d45f198df0887b15c6703a74b0a\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . A63052FA8FB8685382E10EE83C326864 . 2137088 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 339EC6940BEBF9775CB65E29E0CD9782 . 2136064 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683_0$\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165_0$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-10 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-09-21 4086104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-3 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-6-2 1261568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"huuipbxzyjxjlyqlrnmrTaskMgr"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start 3DxWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Start 3DxWare.lnk
backup=c:\windows\pss\Start 3DxWare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-16 04:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 07:19 77312 ----a-w- c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2005-09-27 07:43 1060864 ----a-w- c:\program files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2005-09-27 07:42 61440 ----a-w- c:\program files\DISC\DISCUpdateMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2006-12-26 00:23 643072 ----a-w- c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-08-30 00:16 133104 ----atw- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 00:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-01-03 21:48 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-11-10 19:23 157312 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/23/2010 2:10 PM 136176]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [9/21/2010 2:51 PM 327000]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 6:10 PM 5248]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [10/30/2010 12:39 PM 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\Safe Returner\RegKernelHelp.sys --> c:\program files\Safe Returner\RegKernelHelp.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [6/2/2008 9:58 PM 194304]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2011-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2011-01-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-03 23:16]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 07:07]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 07:07]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902625785-3568907837-3550786534-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:16]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902625785-3568907837-3550786534-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: trymedia.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 19:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(260)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(704)
c:\windows\system32\WININET.dll
.
Completion time: 2011-01-14 20:15:25
ComboFix-quarantined-files.txt 2011-01-15 03:15
ComboFix2.txt 2011-01-10 01:28
ComboFix3.txt 2010-12-31 21:43
ComboFix4.txt 2010-10-28 08:26

Pre-Run: 90,553,516,032 bytes free
Post-Run: 91,458,826,240 bytes free

- - End Of File - - 5AC509FE3ACF42D59536EB1E64B75460
 
You must log in or register to reply here.
Back
Top