FBI warning malware straight to boot-looping

Eric Witzling · Nov 26, 2012

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012
Ran by SYSTEM at 26-11-2012 15:03:11
Running from B:\Documents and Settings\Default User\Desktop
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Mouse Suite 98 Daemon] ICO.EXE [x]
HKLM\...\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [40960 2008-09-26] ()
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [393216 2009-04-23] (Lenovo Group Limited)
HKLM\...\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe [72256 2009-04-24] ()
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-11-24] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [165208 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [124248 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start [49976 2009-05-28] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [149280 2009-07-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [77887 2003-02-25] (Novell, Inc., c/o Corel Corporation Limited)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2007-08-03] (LogMeIn, Inc.)
HKLM\...\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon [258856 2008-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 [954368 2007-04-25] ()
HKLM\...\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1077248 2007-08-29] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s [407368 2008-02-08] (CA)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Task Scheduler] "C:\Documents and Settings\mike\Application Data\Task Scheduler\Task Scheduler.exe" [x]
HKU\Administrator\...\RunOnce: [CTRLWOL] C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE [x]
HKU\administrator.CP\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-03] (Google Inc.)
HKU\mike\...\Run: [Google Update] "C:\Documents and Settings\mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-21] (Google Inc.)
HKU\setup\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll [X]
Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\NavLogon:
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.220 8.8.8.8
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
==================== Services (Whitelisted) ===================
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service [258856 2008-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
2 iGateway; "C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe" [106496 2007-02-05] (CA, Inc.)
2 InoRPC; "C:\Program Files\CA\eTrustITM\InoRpc.exe" [192512 2009-12-21] (CA)
2 InoRT; "C:\Program Files\CA\eTrustITM\InoRT.exe" [208896 2009-12-21] (CA)
2 InoTask; "C:\Program Files\CA\eTrustITM\InoTask.exe" [389960 2011-02-15] (CA)
2 ITMRTSVC; "C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe" [283888 2009-12-21] (CA, Inc.)
2 NitroDriverReadSpool; "C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe" [188736 2009-09-15] (Nitro PDF Software)
2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [64064 2009-04-24] ()
4 QuickBooksDB18; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [128536 2006-09-13] (iAnywhere Solutions, Inc.)
2 SAAZappr; "C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe" SAAZappr [82760 2011-07-11] (Zenith Infotech Ltd)
2 SAAZapsc; "C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe" SAAZapsc [82760 2011-07-11] (Zenith Infotech Ltd)
2 SAAZDPMACTL; "C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe" [86856 2010-08-09] (Zenith Infotech Ltd)
4 SAAZRemoteSupport; "C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe" [78664 2010-08-09] (Zenith Infotech Ltd)
2 SAAZScheduler; "C:\PROGRA~1\SAAZOD\SAAZScheduler.exe" [77824 2010-08-09] (Zenith Infotech Ltd)
2 SAAZServerPlus; "C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe" [77824 2009-04-30] (Zenith Infotech Ltd)
2 SAAZWatchDog; "C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe" [86856 2010-08-09] (Zenith Infotech Ltd)
2 TVT Backup Protection Service; "C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [520192 2008-11-24] ()
3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
2 SUService; c:\program files\lenovo\system update\suservice.exe [x]
2 ThinkVantage Registry Monitor Service; "c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [x]
2 TVT Scheduler; "c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe" [x]
==================== Drivers (Whitelisted) ====================
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
0 INO_FLPY; C:\Windows\System32\Drivers\ino_flpy.sys [27536 2007-08-06] (Computer Associates)
2 INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys [184080 2007-10-18] (Computer Associates)
3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16768 2006-09-14] (Primax Electronics Ltd.)
3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [14592 2006-10-14] (Primax Electronics Ltd.)
2 pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-07-23] (Microsoft Corporation)
3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [5760 2008-03-06] ()
3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [289024 2008-06-27] (Marvell)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
1 lbrtfdc; [x]
4 LMIRfsClientNP; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
1 SASDIFSV; \??\C:\DOCUME~1\mike\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
1 SASKUTIL; \??\C:\DOCUME~1\mike\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
4 Simbad; [x]
3 WDICA; [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2012-11-21 08:35 - 2012-11-21 10:13 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-11-16 12:07 - 2012-11-16 12:07 - 00000000 ____D C:\FRST
2012-11-15 11:38 - 2012-11-15 11:38 - 00000209 ____A C:\Documents and Settings\mike\Desktop\REATOGO.txt
2012-11-15 11:11 - 2012-11-15 11:11 - 00049454 ____A C:\OTL.Txt
2012-11-14 12:16 - 2012-11-21 10:12 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Task Scheduler.bak
2012-11-13 13:09 - 2012-11-13 13:09 - 00315072 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
==================== One Month Modified Files and Folders ========
2012-11-21 10:13 - 2012-11-21 08:35 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-11-21 10:12 - 2012-11-14 12:16 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Task Scheduler.bak
2012-11-16 12:07 - 2012-11-16 12:07 - 00000000 ____D C:\FRST
2012-11-15 11:39 - 2011-02-10 12:02 - 00000000 ____D C:\download
2012-11-15 11:38 - 2012-11-15 11:38 - 00000209 ____A C:\Documents and Settings\mike\Desktop\REATOGO.txt
2012-11-15 11:11 - 2012-11-15 11:11 - 00049454 ____A C:\OTL.Txt
2012-11-14 13:32 - 2009-09-11 14:49 - 00000762 ____A C:\Windows\System32\gotomon.log
2012-11-14 13:32 - 2009-09-09 14:32 - 00000178 __ASH C:\Documents and Settings\administrator.CP\ntuser.ini
2012-11-14 13:32 - 2009-09-09 13:36 - 00000178 __ASH C:\Documents and Settings\mike\ntuser.ini
2012-11-14 13:32 - 2008-07-21 17:50 - 00000263 __RSH C:\boot.ini
2012-11-14 13:32 - 2008-07-21 17:05 - 00032502 ____A C:\Windows\SchedLgU.Txt
2012-11-14 13:32 - 2008-07-21 17:05 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-14 13:32 - 2008-07-21 17:01 - 01338881 ____A C:\Windows\WindowsUpdate.log
2012-11-14 13:24 - 2010-06-06 12:06 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-14 13:24 - 2008-07-21 17:50 - 00002278 ____A C:\Windows\System32\wpa.dbl
2012-11-14 13:21 - 2009-09-09 13:36 - 00000062 __ASH C:\Documents and Settings\mike\Local Settings\desktop.ini
2012-11-14 13:20 - 2009-09-09 13:41 - 00000104 ____A C:\Windows\System32\config\netlogon.ftl
2012-11-14 13:14 - 2010-08-09 14:09 - 00000000 ____D C:\Program Files\SAAZOD
2012-11-14 13:11 - 2009-09-09 14:32 - 00000062 __ASH C:\Documents and Settings\administrator.CP\Local Settings\desktop.ini
2012-11-14 13:09 - 2009-09-08 13:17 - 00000520 ____A C:\Windows\System32\ICAutoUpdate.log.bak
2012-11-14 13:09 - 2008-07-21 17:05 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-14 13:09 - 2008-07-21 17:05 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-14 13:06 - 2010-06-06 12:06 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-14 13:02 - 2012-07-03 08:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-14 12:44 - 2009-09-08 13:16 - 00000254 ____A C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2012-11-14 12:35 - 2012-03-28 11:20 - 00000974 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2610266335-1772602443-367391177-1118UA.job
2012-11-14 12:17 - 2009-09-09 15:53 - 00000000 ___AD C:\Documents and Settings\All Users\Application Data\LogMeIn
2012-11-14 12:14 - 2009-09-28 08:11 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Nitro PDF
2012-11-14 10:32 - 2011-09-15 08:18 - 00001615 ____A C:\Documents and Settings\mike\Desktop\MGP SCANS - Shortcut.lnk
2012-11-14 08:39 - 2009-09-09 15:51 - 00002341 ____A C:\Documents and Settings\mike\Desktop\WordPerfect.lnk
2012-11-14 08:35 - 2012-03-28 11:20 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2610266335-1772602443-367391177-1118Core.job
2012-11-14 08:09 - 2009-09-09 14:11 - 00002521 ____A C:\Documents and Settings\mike\Desktop\Microsoft Office Outlook 2007.lnk
2012-11-14 06:47 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\security
2012-11-13 13:09 - 2012-11-13 13:09 - 00315072 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-11-12 22:34 - 2008-07-21 17:50 - 00000607 ____A C:\Windows\win.ini
2012-11-12 08:37 - 2012-03-28 11:21 - 00002284 ____A C:\Documents and Settings\mike\Desktop\Google Chrome.lnk
2012-11-12 00:02 - 2010-08-09 14:11 - 00001300 ____A C:\Windows\System32\ipstuffNew.txt
2012-11-10 20:00 - 2009-07-23 14:32 - 00000436 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-11-06 16:23 - 2010-08-09 15:26 - 00000000 ____D C:\Program Files\LogMeIn
2012-11-06 16:22 - 2009-09-09 15:53 - 00092072 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-11-06 16:22 - 2009-09-09 15:53 - 00031144 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-11-05 16:25 - 2008-07-21 09:55 - 00593798 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-05 16:22 - 2009-09-09 13:42 - 00000000 __SHD C:\Windows\CSC
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-11-14 00:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9822
RP: -> 2012-11-13 00:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9821
RP: -> 2012-11-12 00:02 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9820
RP: -> 2012-11-11 00:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9819
RP: -> 2012-11-10 00:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9818
RP: -> 2012-11-09 00:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9817
RP: -> 2012-11-08 00:06 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9816
RP: -> 2012-11-07 00:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9815
RP: -> 2012-11-06 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9814
RP: -> 2012-11-06 00:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9813
RP: -> 2012-11-05 16:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9812
RP: -> 2012-10-28 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9811
RP: -> 2012-10-28 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9810
RP: -> 2012-10-27 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9809
RP: -> 2012-10-26 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9808
RP: -> 2012-10-25 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9807
RP: -> 2012-10-24 23:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9806
RP: -> 2012-10-23 23:02 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9805
RP: -> 2012-10-22 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9804
RP: -> 2012-10-21 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9803
RP: -> 2012-10-20 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9802
RP: -> 2012-10-20 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9801
RP: -> 2012-10-19 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9800
RP: -> 2012-10-18 23:17 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9799
RP: -> 2012-10-17 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9798
RP: -> 2012-10-17 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9797
RP: -> 2012-10-17 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9796
RP: -> 2012-10-16 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9795
RP: -> 2012-10-15 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9794
RP: -> 2012-10-15 23:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9793
RP: -> 2012-10-14 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9792
RP: -> 2012-10-13 23:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9791
RP: -> 2012-10-12 23:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9790
RP: -> 2012-10-12 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9789
RP: -> 2012-10-11 23:03 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9788
RP: -> 2012-10-10 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9787
RP: -> 2012-10-09 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9786
RP: -> 2012-10-08 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9785
RP: -> 2012-10-07 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9784
RP: -> 2012-10-06 23:21 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9783
RP: -> 2012-10-05 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9782
RP: -> 2012-10-05 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9781
RP: -> 2012-10-04 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9780
RP: -> 2012-10-03 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9779
RP: -> 2012-10-02 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9778
RP: -> 2012-10-02 23:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9777
RP: -> 2012-10-02 22:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9776
RP: -> 2012-10-02 20:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9775
RP: -> 2012-10-02 18:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9774
RP: -> 2012-10-02 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9773
RP: -> 2012-10-02 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9772
RP: -> 2012-10-02 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9771
RP: -> 2012-10-02 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9770
RP: -> 2012-10-02 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9769
RP: -> 2012-10-01 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9768
RP: -> 2012-10-01 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9767
RP: -> 2012-10-01 22:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9766
RP: -> 2012-10-01 18:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9765
RP: -> 2012-10-01 16:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9764
RP: -> 2012-10-01 13:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9763
RP: -> 2012-10-01 13:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9762
RP: -> 2012-10-01 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9761
RP: -> 2012-10-01 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9760
RP: -> 2012-09-30 23:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9759
RP: -> 2012-09-30 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9758
RP: -> 2012-09-30 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9757
RP: -> 2012-09-30 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9756
RP: -> 2012-09-30 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9755
RP: -> 2012-09-30 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9754
RP: -> 2012-09-30 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9753
RP: -> 2012-09-30 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9752
RP: -> 2012-09-30 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9751
RP: -> 2012-09-30 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9750
RP: -> 2012-09-30 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9749
RP: -> 2012-09-30 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9748
RP: -> 2012-09-30 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9747
RP: -> 2012-09-30 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9746
RP: -> 2012-09-29 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9745
RP: -> 2012-09-29 23:06 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9744
RP: -> 2012-09-29 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9743
RP: -> 2012-09-29 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9742
RP: -> 2012-09-29 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9741
RP: -> 2012-09-29 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9740
RP: -> 2012-09-29 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9739
RP: -> 2012-09-29 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9738
RP: -> 2012-09-29 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9737
RP: -> 2012-09-29 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9736
RP: -> 2012-09-29 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9735
RP: -> 2012-09-29 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9734
RP: -> 2012-09-29 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9733
RP: -> 2012-09-29 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9732
RP: -> 2012-09-28 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9731
RP: -> 2012-09-28 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9730
RP: -> 2012-09-28 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9729
RP: -> 2012-09-28 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9728
RP: -> 2012-09-28 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9727
RP: -> 2012-09-28 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9726
RP: -> 2012-09-28 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9725
RP: -> 2012-09-28 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9724
RP: -> 2012-09-28 16:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9723
RP: -> 2012-09-28 16:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9722
RP: -> 2012-09-28 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9721
RP: -> 2012-09-28 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9720
RP: -> 2012-09-28 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9719
RP: -> 2012-09-28 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9718
RP: -> 2012-09-27 23:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9717
RP: -> 2012-09-27 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9716
RP: -> 2012-09-27 22:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9715
RP: -> 2012-09-27 18:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9714
RP: -> 2012-09-27 16:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9713
RP: -> 2012-09-27 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9712
RP: -> 2012-09-27 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9711
RP: -> 2012-09-27 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9710
RP: -> 2012-09-27 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9709
RP: -> 2012-09-26 23:21 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9708
RP: -> 2012-09-26 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9707
RP: -> 2012-09-26 21:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9706
RP: -> 2012-09-26 17:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9705
RP: -> 2012-09-26 15:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9704
RP: -> 2012-09-26 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9703
RP: -> 2012-09-26 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9702
RP: -> 2012-09-25 23:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9701
RP: -> 2012-09-25 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9700
RP: -> 2012-09-25 22:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9699
RP: -> 2012-09-25 20:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9698
RP: -> 2012-09-25 18:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9697
RP: -> 2012-09-25 16:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9696
RP: -> 2012-09-25 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9695
RP: -> 2012-09-25 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9694
RP: -> 2012-09-25 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9693
RP: -> 2012-09-25 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9692
RP: -> 2012-09-24 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9691
RP: -> 2012-09-24 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9690
RP: -> 2012-09-24 22:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9689
RP: -> 2012-09-24 20:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9688
RP: -> 2012-09-24 18:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9687
RP: -> 2012-09-24 16:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9686
RP: -> 2012-09-24 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9685
RP: -> 2012-09-24 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9684
RP: -> 2012-09-24 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9683
RP: -> 2012-09-24 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9682
RP: -> 2012-09-23 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9681
RP: -> 2012-09-23 23:09 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9680
RP: -> 2012-09-23 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9679
RP: -> 2012-09-23 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9678
RP: -> 2012-09-23 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9677
RP: -> 2012-09-23 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9676
RP: -> 2012-09-23 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9675
RP: -> 2012-09-23 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9674
RP: -> 2012-09-22 23:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9673
RP: -> 2012-09-22 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9672
RP: -> 2012-09-22 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9671
RP: -> 2012-09-22 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9670
RP: -> 2012-09-22 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9669
RP: -> 2012-09-22 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9668
RP: -> 2012-09-22 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9667
RP: -> 2012-09-22 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9666
RP: -> 2012-09-21 23:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9665
RP: -> 2012-09-21 23:27 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9664
RP: -> 2012-09-21 22:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9663
RP: -> 2012-09-21 20:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9662
RP: -> 2012-09-21 18:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9661
RP: -> 2012-09-21 16:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9660
RP: -> 2012-09-21 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9659
RP: -> 2012-09-21 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9658
RP: -> 2012-09-20 23:40 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9657
RP: -> 2012-09-20 23:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9656
RP: -> 2012-09-20 22:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9655
RP: -> 2012-09-20 22:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9654
RP: -> 2012-09-20 20:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9653
RP: -> 2012-09-20 20:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9652
RP: -> 2012-09-20 18:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9651
RP: -> 2012-09-20 18:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9650
RP: -> 2012-09-20 16:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9649
RP: -> 2012-09-20 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9648
RP: -> 2012-09-20 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9647
RP: -> 2012-09-20 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9646
RP: -> 2012-09-20 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9645
RP: -> 2012-09-19 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9644
RP: -> 2012-09-19 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9643
RP: -> 2012-09-19 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9642
RP: -> 2012-09-19 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9641
RP: -> 2012-09-19 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9640
RP: -> 2012-09-19 16:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9639
RP: -> 2012-09-19 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9638
RP: -> 2012-09-19 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9637
RP: -> 2012-09-18 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9636
RP: -> 2012-09-18 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9635
RP: -> 2012-09-18 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9634
RP: -> 2012-09-18 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9633
RP: -> 2012-09-18 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9632
RP: -> 2012-09-18 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9631
RP: -> 2012-09-18 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9630
RP: -> 2012-09-18 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9629
RP: -> 2012-09-17 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9628
RP: -> 2012-09-17 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9627
RP: -> 2012-09-17 22:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9626
RP: -> 2012-09-17 20:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9625
RP: -> 2012-09-17 18:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9624
RP: -> 2012-09-17 16:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9623
RP: -> 2012-09-17 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9622
RP: -> 2012-09-17 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9621
RP: -> 2012-09-17 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9620
RP: -> 2012-09-17 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9619
RP: -> 2012-09-16 23:36 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9618
RP: -> 2012-09-16 23:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9617
RP: -> 2012-09-16 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9616
RP: -> 2012-09-16 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9615
RP: -> 2012-09-16 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9614
RP: -> 2012-09-16 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9613
RP: -> 2012-09-16 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9612
RP: -> 2012-09-16 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9611
RP: -> 2012-09-15 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9610
RP: -> 2012-09-15 23:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9609
RP: -> 2012-09-15 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9608
RP: -> 2012-09-15 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9607
RP: -> 2012-09-15 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9606
RP: -> 2012-09-15 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9605
RP: -> 2012-09-15 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9604
RP: -> 2012-09-15 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9603
RP: -> 2012-09-15 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9602
RP: -> 2012-09-14 23:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9601
RP: -> 2012-09-14 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9600
RP: -> 2012-09-14 22:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9599
RP: -> 2012-09-14 20:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9598
RP: -> 2012-09-14 18:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9597
RP: -> 2012-09-14 16:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9596
RP: -> 2012-09-14 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9595
RP: -> 2012-09-14 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9594
RP: -> 2012-09-14 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9593
RP: -> 2012-09-14 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9592
RP: -> 2012-09-13 23:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9591
RP: -> 2012-09-13 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9590
RP: -> 2012-09-13 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9589
RP: -> 2012-09-13 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9588
RP: -> 2012-09-13 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9587
RP: -> 2012-09-13 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9586
RP: -> 2012-09-13 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9585
RP: -> 2012-09-13 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9584
RP: -> 2012-09-12 23:38 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9583
RP: -> 2012-09-12 23:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9582
RP: -> 2012-09-12 22:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9581
RP: -> 2012-09-12 20:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9580
RP: -> 2012-09-12 18:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9579
RP: -> 2012-09-12 16:34 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9578
RP: -> 2012-09-12 13:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9577
RP: -> 2012-09-12 13:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9576
RP: -> 2012-09-12 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9575
RP: -> 2012-09-12 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9574
RP: -> 2012-09-11 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9573
RP: -> 2012-09-11 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9572
RP: -> 2012-09-11 22:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9571
RP: -> 2012-09-11 20:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9570
RP: -> 2012-09-11 18:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9569
RP: -> 2012-09-11 16:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9568
RP: -> 2012-09-11 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9567
RP: -> 2012-09-11 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9566
RP: -> 2012-09-11 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9565
RP: -> 2012-09-11 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9564
RP: -> 2012-09-10 23:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9563
RP: -> 2012-09-10 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9562
RP: -> 2012-09-10 22:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9561
RP: -> 2012-09-10 20:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9560
RP: -> 2012-09-10 18:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9559
RP: -> 2012-09-10 16:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9558
RP: -> 2012-09-10 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9557
RP: -> 2012-09-10 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9556
RP: -> 2012-09-10 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9555
RP: -> 2012-09-10 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9554
RP: -> 2012-09-09 23:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9553
RP: -> 2012-09-09 23:01 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9552
RP: -> 2012-09-09 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9551
RP: -> 2012-09-09 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9550
RP: -> 2012-09-09 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9549
RP: -> 2012-09-09 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9548
RP: -> 2012-09-09 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9547
RP: -> 2012-09-09 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9546
RP: -> 2012-09-08 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9545
RP: -> 2012-09-08 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9544
RP: -> 2012-09-08 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9543
RP: -> 2012-09-08 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9542
RP: -> 2012-09-08 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9541
RP: -> 2012-09-08 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9540
RP: -> 2012-09-08 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9539
RP: -> 2012-09-08 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9538
RP: -> 2012-09-07 23:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9537
RP: -> 2012-09-07 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9536
RP: -> 2012-09-07 22:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9535
RP: -> 2012-09-07 20:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9534
RP: -> 2012-09-07 18:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9533
RP: -> 2012-09-07 16:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9532
RP: -> 2012-09-07 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9531
RP: -> 2012-09-07 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9530
RP: -> 2012-09-07 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9529
RP: -> 2012-09-07 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9528
RP: -> 2012-09-06 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9527
RP: -> 2012-09-06 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9526
RP: -> 2012-09-06 21:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9525
RP: -> 2012-09-06 19:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9524
RP: -> 2012-09-06 17:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9523
RP: -> 2012-09-06 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9522
RP: -> 2012-09-06 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9521
RP: -> 2012-09-06 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9520
RP: -> 2012-09-06 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9519
RP: -> 2012-09-05 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9518
RP: -> 2012-09-05 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9517
RP: -> 2012-09-05 22:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9516
RP: -> 2012-09-05 18:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9515
RP: -> 2012-09-05 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9514
RP: -> 2012-09-05 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9513
RP: -> 2012-09-05 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9512
RP: -> 2012-09-05 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9511
RP: -> 2012-09-05 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9510

==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 3037.17 MB
Available physical RAM: 2716.4 MB
Total Pagefile: 2862.02 MB
Available Pagefile: 2751.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.54 MB
==================== Partitions =============================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.05 GB) NTFS
2 Drive c: (Preload) (Fixed) (Total:229.47 GB) (Free:153.95 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 229 GB 1024 KB
Partition 2 OEM 3496 MB 229 GB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Preload NTFS Partition 229 GB Healthy
=========================================================
Disk: 0
Partition 2
Type : 12
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 SERVICEV001 FAT32 Partition 3496 MB Healthy
=========================================================
==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 23-11-2012
Ran by SYSTEM at 2012-11-26 15:05:24
Running from B:\Documents and Settings\Default User\Desktop
================== Search: "services.exe" ===================
C:\WINDOWS\system32\services.exe
[2008-07-21 17:50] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\system32\dllcache\services.exe
[2009-09-08 13:28] - [2009-02-06 06:11] - 0110592 ____C (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-09-08 13:36] - [2008-04-14 07:00] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-09-08 13:28] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
C:\RRbackups\FR\UF\WINDOWS\system32\services.exe
[2009-09-08 13:17] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\OLD PC\WINDOWS\system32\services.exe
[2009-09-08 16:38] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de
C:\OLD PC\WINDOWS\system32\dllcache\services.exe
[2009-09-08 16:39] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de
C:\OLD PC\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2009-09-08 16:40] - [2008-04-13 19:12] - 0108544 ____N (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\OLD PC\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-09-08 16:43] - [2004-08-04 06:00] - 0108032 ____N (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-09-08 16:44] - [2009-02-06 06:06] - 0110592 ____N (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009-09-08 16:44] - [2009-02-06 06:11] - 0110592 ____N (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009-09-08 16:44] - [2009-02-06 05:22] - 0110592 ____N (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd
=== End Of Search ===

Eric Witzling · Nov 26, 2012

Sorry about that. Showing up now. I guess the Preview pane didn't completely post from the last time.

I don't think anything has really changed from earlier reports. This is usually the point at which I cross my fingers and run a Windows Repair and hope it gets the system bootable again.

Jay Pfoutz · Nov 27, 2012

That's about the best thing to try at this point. Let me know what happens with that.

If you need help backing up your files, let me know.

Eric Witzling · Dec 2, 2012

Wow, so... what a crazy journey it's been. Slowed down a bit as my time turned to server migrating, but I was able to get back and see if Windows Update could take care of things.
It did. Slowly, and eventually, after some issues and having to go default the boot.ini, and get around some apparently corruption of a ui.dll process that a program was using that crashes in Normal mode but not in Safe...
Performed some normal cleanup (COmbofix, MBAM, Spybot, SAS...), but if you'd like to see the condition it's in now, running the initial five steps you ask...!

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.29.09
Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.2180
mike :: PAF-TC7269-001 [administrator]
11/29/2012 1:31:35 PM
mbam-log-2012-11-29 (13-31-35).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 424651
Time elapsed: 51 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\TDSSKiller_Quarantine\23.05.2012_15.55.37\rtkt0000\zafs0000\tsk0001.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by mike at 14:29:49 on 2012-12-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2365 [GMT -5:00]
.
AV: eTrust ITM *Enabled/Updated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
.
============== Running Processes ================
.
C:\windows\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe
C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtHlpDk.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtdrHlpDk.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\windows\System32\alg.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Realtime Monitor] "c:\program files\ca\etrustitm\realmon.exe" -s
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354220771578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354475141109
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 192.168.42.1
TCP: Interfaces\{4E8B27A3-4AE7-4BDF-809B-F9750F9836BA} : DHCPNameServer = 192.168.42.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\saazod\zrealtime\SAAZappr.exe [2011-7-11 82760]
R2 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\saazod\zrealtime\SAAZapsc.exe [2011-7-11 82760]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\saazod\SAAZDPMACTL.exe [2010-8-9 86856]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2010-8-9 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2009-4-30 77824]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\saazod\SAAZWatchDog.exe [2010-8-9 86856]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [2008-3-6 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-11-19 37184]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\mike\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\mike\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\mike\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\mike\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-9-15 188736]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-7-23 64064]
S4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S4 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2010-8-9 78664]
S4 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
S4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
.
=============== Created Last 30 ================
.
2012-12-02 19:05:29 -------- d-sh--w- c:\documents and settings\mike\IECompatCache
2012-12-02 19:05:05 -------- d-sh--w- c:\documents and settings\mike\PrivacIE
2012-11-29 22:41:37 -------- d-----w- c:\documents and settings\mike\local settings\application data\PCHealth
2012-11-29 22:37:29 -------- d-sh--w- c:\documents and settings\mike\IETldCache
2012-11-29 22:34:09 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-29 22:33:38 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-11-29 22:33:17 -------- d-----w- c:\windows\ie8updates
2012-11-29 22:33:12 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-11-29 22:33:12 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-11-29 22:33:12 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-11-29 22:33:12 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-11-29 22:33:12 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-11-29 22:33:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-11-29 22:33:12 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-11-29 22:31:43 -------- dc-h--w- c:\windows\ie8
2012-11-29 21:45:38 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-11-29 21:45:27 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-11-29 21:45:04 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-11-29 21:44:51 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-11-29 21:44:37 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-11-29 21:44:02 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-11-29 21:43:41 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-11-29 21:43:16 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-11-29 21:43:16 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-11-29 21:42:52 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-11-29 21:42:52 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-11-29 21:42:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-11-29 21:42:52 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-11-29 21:42:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-11-29 21:42:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-11-29 21:42:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-11-29 21:42:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-11-29 21:41:47 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-11-29 21:41:38 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-11-29 21:41:23 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-11-29 21:39:07 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2012-11-29 21:38:38 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-11-29 21:38:11 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-11-29 21:38:03 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-11-29 21:37:56 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-11-29 21:37:56 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-11-29 21:37:56 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-11-29 21:37:56 2069632 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-11-29 21:37:56 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-11-29 21:37:51 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-11-29 21:37:44 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-11-29 21:31:03 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-11-29 21:30:53 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-11-29 21:26:43 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-11-29 21:03:03 -------- d-----w- c:\windows\ServicePackFiles
2012-11-29 21:00:56 19569 ----a-w- c:\windows\003358_.tmp
2012-11-29 18:00:45 98816 ----a-w- c:\windows\sed.exe
2012-11-29 18:00:45 256000 ----a-w- c:\windows\PEV.exe
2012-11-29 18:00:45 208896 ----a-w- c:\windows\MBR.exe
2012-11-29 17:29:13 -------- d-----w- C:\df37febdd5368d193e66dcbd9fa8c14a
2012-11-29 17:24:58 16896 -c--a-w- c:\windows\system32\dllcache\status.dll
2012-11-29 17:23:59 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2012-11-29 17:21:52 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-11-29 17:21:52 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-11-29 17:20:09 44544 -c--a-w- c:\windows\system32\dllcache\tscupgrd.exe
2012-11-29 17:20:09 44544 ----a-w- c:\windows\system32\tscupgrd.exe
2012-11-29 17:10:14 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-11-29 17:10:14 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-11-29 17:10:14 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-11-29 17:10:14 13312 ----a-w- c:\windows\system32\irclass.dll
2012-11-29 17:10:01 13753 ----a-r- c:\windows\SET11D.tmp
2012-11-29 17:09:59 1086058 ----a-r- c:\windows\SET111.tmp
2012-11-29 17:09:58 1042903 ----a-r- c:\windows\SET110.tmp
2012-11-21 13:35:07 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-11-16 17:07:46 -------- d-----w- C:\FRST
2012-11-14 17:16:56 -------- d-----w- c:\documents and settings\mike\application data\Task Scheduler.bak
.
==================== Find3M ====================
.
2012-11-06 21:22:43 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-06 21:22:43 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-06 21:22:43 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 12:02:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 12:02:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:02:22 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:30:52.50 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2012 12:25:22 PM
System Uptime: 12/2/2012 2:19:39 PM (0 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Intel Pentium III Xeon processor | CPU 1 | 2593/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 157.425 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 11/29/2012 3:21:50 PM - System Checkpoint
RP2: 11/29/2012 3:24:23 PM - _29-Nov-2012 03:24:19 PM
RP3: 11/29/2012 3:25:53 PM - After malware cleanup, and no more ui.dll BSDs
RP4: 11/29/2012 5:04:47 PM - Software Distribution Service 3.0
RP5: 11/29/2012 5:46:23 PM - Software Distribution Service 3.0
RP6: 11/30/2012 6:19:29 PM - System Checkpoint
RP7: 12/2/2012 2:03:22 PM - Software Distribution Service 3.0
RP8: 12/2/2012 2:06:21 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Access Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.2
Business Contact Manager for Outlook 2007 SP2
CA eTrustITM Agent
CA iTechnology iGateway
Cisco WebEx Meetings
DirectXInstallService
Drag-to-Disc
FanSpeedControl
FileMaker Pro 8.5
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Books Uploader (Java Edition)
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToMyPC
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Color LaserJet CP1210 Series
HP Color LaserJet CP1210 Series Toolbox
HP LaserJet Toolbox
HP Software Update
HPCarePackCore
HPCarePackProducts
hppusgCP1215
HPSSupply
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
ITSupport247-DPMA
Java(TM) 6 Update 15
Lenovo System Toolbox
LiveUpdate 2.6 (Symantec Corporation)
LogMeIn
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Marvell Miniport Driver
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mouse Suite
MrvlUsgTracking
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nitro PDF Professional
OGA Notifier 2.0.0048.0
Online Data Backup
Productivity Center Supplement for ThinkCentre
QuickBooks Pro 2008
Realtek High Definition Audio Driver
Rescue and Recovery
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spelling Dictionaries Support For Adobe Reader 9
SupportSoft Assisted Service
System Update
ThinkVantage Power Manager
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WordPerfect Office 11
XML Paper Specification Shared Components Pack 1.0
XP Themes
.
==== Event Viewer Messages From Past Week ========
.
12/2/2012 2:05:24 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
12/2/2012 2:03:50 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
12/2/2012 2:01:34 PM, error: Dhcp [1002] - The IP address lease 192.168.2.120 for the Network Card with network address 00016C490F39 has been denied by the DHCP server 192.168.42.1 (The DHCP Server sent a DHCPNACK message).
11/29/2012 8:06:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
11/29/2012 5:26:16 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
11/29/2012 5:25:41 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).
11/29/2012 4:19:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
11/29/2012 4:19:44 PM, error: NETLOGON [5719] - No Domain Controller is available for domain CP due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
11/29/2012 4:18:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/29/2012 3:33:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL tvtumon
11/29/2012 3:32:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/29/2012 3:32:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service LMIGuardianSvc with arguments "" in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}
11/29/2012 3:07:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ACPIEC Pcmcia
11/29/2012 3:07:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVT Backup Service service to connect.
11/29/2012 3:07:15 PM, error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
11/29/2012 12:56:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
11/29/2012 12:47:04 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/29/2012 12:26:54 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
11/29/2012 12:22:44 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
.
==== End Of File ===========================

# AdwCleaner v2.010 - Logfile created 12/02/2012 at 14:18:33
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : mike - PAF-TC7269-001
# Boot Mode : Normal
# Running from : C:\download\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.64
File : C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [900 octets] - [02/12/2012 14:18:33]
########## EOF - C:\AdwCleaner[S1].txt - [959 octets] ##########

Jay Pfoutz · Dec 2, 2012

Hitman Pro

Please download Hitman Pro

After the download completes please double click the program to run it.

Accept the terms of the license agreement and click Next

Let the scan run. It will not take long

When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next

Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location

Upload log.xml here for review please

Eric Witzling · Dec 2, 2012

Sorry, I went through the "scan one time" path so that seems to have disrupted the rest. I saved the text log from it, if that's good enough. Seems to have not found anything, but if I need to install the full version for it to scan completely, let me know.

Code:

HitmanPro 3.6.2.174
[URL='http://www.hitmanpro.com']www.hitmanpro.com[/URL]
   Computer name . . . . : PAF-TC7269-001
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : CP\mike
   License . . . . . . . : Free
   Scan date . . . . . . : 2012-12-02 15:59:53
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 58s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 37
   Objects scanned . . . : 1,221,196
   Files scanned . . . . : 14,743
   Remnants scanned  . . : 213,204 files / 993,249 keys
Cookies _____________________________________________________________________
   C:\Documents and Settings\mike\Cookies\0HWV8OB6.txt
   C:\Documents and Settings\mike\Cookies\15TT4Q63.txt
   C:\Documents and Settings\mike\Cookies\50CQERX2.txt
   C:\Documents and Settings\mike\Cookies\5K40HPH5.txt
   C:\Documents and Settings\mike\Cookies\B35PVPDS.txt
   C:\Documents and Settings\mike\Cookies\EIODDX9U.txt
   C:\Documents and Settings\mike\Cookies\LK81N2TZ.txt
   C:\Documents and Settings\mike\Cookies\PI4QQU7P.txt
   C:\Documents and Settings\mike\Cookies\RQ2PD52Z.txt
   C:\Documents and Settings\mike\Cookies\VJYBO7PQ.txt
   C:\Documents and Settings\mike\Cookies\YOLK47M1.txt
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adbrite.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.al.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.cleveland.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.masslive.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.mlive.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.nj.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.nola.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.oregonlive.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.pennlive.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.profitsdeluxe.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.syracuse.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.yvmads.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:trafficmp.com

Eric Witzling · Dec 3, 2012

Oh, and something I forgot to mention earlier. Combofix identified and removed "Rootkit.ZeroAccess" on its run. TDSSKiller hadn't picked up anything before or afterward. None of that seems to be in evidence now, which is good. Windows Update was waffling a bit and there a few updates that still refuse to run (not important ones), so the only remaining thing seems to be whatever was making that ui.dll call that caused it to crash in Normal mode, that was probably infected and impacted by the cleanup.

I've been turning on startup items and services bit-by-bit, with only what they need to run with, and so far that hasn't crashed on my again yet either.

Jay Pfoutz · Dec 3, 2012

Please download a new copy of FRST and run a scan as we did in the beginning.

Eric Witzling · Dec 3, 2012

It's like we're getting the old band back together! Heck, I almost booted into OTLPE again, even though I no longer have to!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2012
Ran by mike at 03-12-2012 14:06:52
Running from C:\download
Service Pack 3 (X86) OS Language: English(US)
Attention: Could not load system hive.
Error: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========

2012-12-02 16:03 - 2012-12-02 16:03 - 00009110 ____A C:\Documents and Settings\mike\Desktop\HitmanPro_20121202_1603.log
2012-12-02 15:59 - 2012-12-02 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2012-12-02 14:31 - 2012-12-02 14:31 - 00016188 ____A C:\Documents and Settings\mike\Desktop\attach.txt
2012-12-02 14:31 - 2012-12-02 14:30 - 00014721 ____A C:\Documents and Settings\mike\Desktop\dds.txt
2012-12-02 14:18 - 2012-12-02 14:18 - 00001027 ____A C:\AdwCleaner[S1].txt
2012-12-02 14:16 - 2012-12-02 14:32 - 00033613 ____A C:\cleanup.txt
2012-12-02 14:12 - 2012-12-02 14:12 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2012-12-02 14:05 - 2012-12-02 14:05 - 00000000 __SHD C:\Documents and Settings\mike\PrivacIE
2012-12-02 14:05 - 2012-12-02 14:05 - 00000000 __SHD C:\Documents and Settings\mike\IECompatCache
2012-12-02 14:04 - 2012-12-02 14:04 - 00006912 ____A C:\Windows\KB2510531-IE8.log
2012-12-02 14:03 - 2012-12-02 14:04 - 00006818 ____A C:\Windows\KB2544521-IE8.log
2012-11-29 17:47 - 2012-11-29 17:47 - 00000000 __HDC C:\Windows\$NtUninstallKB970430$
2012-11-29 17:47 - 2012-11-29 17:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2345886$
2012-11-29 17:41 - 2012-11-29 17:41 - 00000000 ____D C:\Documents and Settings\mike\Local Settings\Application Data\PCHealth
2012-11-29 17:39 - 2012-11-29 17:47 - 00012345 ____A C:\Windows\KB2345886.log
2012-11-29 17:37 - 2012-11-29 17:37 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2012-11-29 17:37 - 2012-11-29 17:37 - 00000000 __SHD C:\Documents and Settings\mike\IETldCache
2012-11-29 17:34 - 2012-11-29 17:34 - 00101189 ____A C:\Windows\KB2744842-IE8.log
2012-11-29 17:34 - 2012-11-29 17:34 - 00000000 __HDC C:\Windows\$NtUninstallKB959426$
2012-11-29 17:34 - 2012-11-29 17:34 - 00000000 __HDC C:\Windows\$NtUninstallKB952954$
2012-11-29 17:34 - 2012-11-29 17:34 - 00000000 __HDC C:\Windows\$NtUninstallKB951376-v2$
2012-11-29 17:34 - 2012-08-28 10:14 - 00521728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
2012-11-29 17:33 - 2012-11-29 17:34 - 00103531 ____A C:\Windows\KB2618444-IE8.log
2012-11-29 17:33 - 2012-11-29 17:33 - 00109398 ____A C:\Windows\KB982381-IE8.log
2012-11-29 17:33 - 2012-11-29 17:33 - 00092956 ____A C:\Windows\KB2598845-IE8.log
2012-11-29 17:33 - 2012-11-29 17:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2467659$
2012-11-29 17:33 - 2012-11-29 17:33 - 00000000 ____D C:\Windows\ie8updates
2012-11-29 17:33 - 2012-08-28 20:44 - 11111424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2012-11-29 17:33 - 2012-08-28 10:14 - 02000384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2012-11-29 17:33 - 2012-08-28 10:14 - 00743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2012-11-29 17:33 - 2012-08-28 10:14 - 00630272 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2012-11-29 17:33 - 2012-08-28 10:14 - 00247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2012-11-29 17:33 - 2012-08-28 10:14 - 00055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2012-11-29 17:33 - 2012-08-28 10:14 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2012-11-29 17:33 - 2011-08-16 05:45 - 00006144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iecompat.dll
2012-11-29 17:31 - 2012-11-29 17:33 - 00105269 ____A C:\Windows\ie8.log
2012-11-29 17:31 - 2012-11-29 17:32 - 00000000 __HDC C:\Windows\ie8
2012-11-29 17:29 - 2012-11-29 17:34 - 00063268 ____A C:\Windows\ie8_main.log
2012-11-29 17:29 - 2012-11-29 17:29 - 00000000 __HDC C:\Windows\$NtUninstallKB960859$
2012-11-29 17:29 - 2012-11-29 17:29 - 00000000 __HDC C:\Windows\$NtUninstallKB946648$
2012-11-29 17:29 - 2012-11-29 17:29 - 00000000 __HDC C:\Windows\$NtUninstallKB2712808$
2012-11-29 17:29 - 2012-11-29 17:29 - 00000000 __HDC C:\Windows\$NtUninstallKB2387149$
2012-11-29 17:28 - 2012-11-29 17:28 - 00043910 ____A C:\Windows\KB2536276-v2.log
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2691442$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2659262$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2646524$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2631813$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2585542$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2564958$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2536276-v2$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2479943$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2478971$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2296011$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB974318$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB969059$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB955759$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB951978$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2443105$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2115168$
2012-11-29 17:26 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2655992$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB975713$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB950974$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2724197$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2598479$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2485663$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2481109$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2229593$
2012-11-29 17:25 - 2012-11-29 17:25 - 00039437 ____A C:\Windows\KB2736233.log
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB982132$
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB978338$
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB971657$
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB2736233$
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB2686509$
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB2440591$
2012-11-29 17:24 - 2012-11-29 17:24 - 00000000 __HDC C:\Windows\$NtUninstallKB961118$
2012-11-29 17:23 - 2012-11-29 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB972270$
2012-11-29 17:23 - 2012-11-29 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2510581$
2012-11-29 17:23 - 2012-11-29 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2507938$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB974112$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB956844$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB956572$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2483185$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2476490$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2347290$
2012-11-29 17:21 - 2012-11-29 17:21 - 00030086 ____A C:\Windows\KB2756822.log
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB979687$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB975560$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB975025$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB974571$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB973869$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB952004$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2756822$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2719985$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2624667$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2592799$
2012-11-29 17:20 - 2012-11-29 17:20 - 00000000 __HDC C:\Windows\$NtUninstallKB973507$
2012-11-29 17:20 - 2012-11-29 17:20 - 00000000 __HDC C:\Windows\$NtUninstallKB941569$
2012-11-29 17:20 - 2012-11-29 17:20 - 00000000 __HDC C:\Windows\$NtUninstallKB2535512$
2012-11-29 17:19 - 2012-11-29 17:19 - 00000000 __HDC C:\Windows\$NtUninstallKB977816$
2012-11-29 17:19 - 2012-11-29 17:19 - 00000000 __HDC C:\Windows\$NtUninstallKB950762$
2012-11-29 17:19 - 2012-11-29 17:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2570947$
2012-11-29 17:18 - 2012-11-29 17:18 - 00000000 __HDC C:\Windows\$NtUninstallKB981322$
2012-11-29 17:18 - 2012-11-29 17:18 - 00000000 __HDC C:\Windows\$NtUninstallKB973904$
2012-11-29 17:18 - 2012-11-29 17:18 - 00000000 __HDC C:\Windows\$NtUninstallKB952287$
2012-11-29 17:18 - 2012-11-29 17:18 - 00000000 __HDC C:\Windows\$NtUninstallKB2603381$
2012-11-29 17:18 - 2012-11-29 17:18 - 00000000 __HDC C:\Windows\$NtUninstallKB2507618$
2012-11-29 17:17 - 2012-11-29 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB974392$
2012-11-29 17:17 - 2012-11-29 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2012-11-29 17:17 - 2012-11-29 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2653956$
2012-11-29 17:17 - 2012-11-29 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2508429$
2012-11-29 17:17 - 2012-11-29 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2419632$
2012-11-29 17:16 - 2012-11-29 17:16 - 00000000 __HDC C:\Windows\$NtUninstallKB971029$
2012-11-29 17:16 - 2012-11-29 17:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2506212$
2012-11-29 17:12 - 2012-11-29 17:12 - 00023148 ____A C:\Windows\KB2698365.log
2012-11-29 17:12 - 2012-11-29 17:12 - 00000000 __HDC C:\Windows\$NtUninstallKB977914$
2012-11-29 17:12 - 2012-11-29 17:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2705219-v2$
2012-11-29 17:12 - 2012-11-29 17:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2698365$
2012-11-29 17:12 - 2012-11-29 17:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2619339$
2012-11-29 17:11 - 2012-11-29 17:11 - 00020858 ____A C:\Windows\KB2723135-v2.log
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB981997$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB979482$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB979309$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB978706$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB978542$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB973815$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB960803$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2723135-v2$
2012-11-29 17:10 - 2012-11-29 17:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
2012-11-29 17:10 - 2012-11-29 17:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2012-11-29 17:09 - 2012-11-29 17:09 - 00000000 __HDC C:\Windows\$NtUninstallKB956802$
2012-11-29 17:09 - 2012-11-29 17:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2676562$
2012-11-29 17:09 - 2012-11-29 17:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2509553$
2012-11-29 17:08 - 2012-11-29 17:08 - 00000000 __HDC C:\Windows\$NtUninstallKB982665$
2012-11-29 17:08 - 2012-11-29 17:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2744842$
2012-11-29 17:06 - 2012-11-29 17:06 - 00014428 ____A C:\Windows\KB2393802.log
2012-11-29 17:06 - 2012-11-29 17:06 - 00012689 ____A C:\Windows\KB2544521.log
2012-11-29 17:06 - 2012-11-29 17:06 - 00000000 __HDC C:\Windows\$NtUninstallKB923561$
2012-11-29 17:06 - 2012-11-29 17:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2620712$
2012-11-29 17:06 - 2012-11-29 17:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2544521$
2012-11-29 17:06 - 2012-11-29 17:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2478960$
2012-11-29 17:06 - 2012-11-29 17:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2393802$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB975467$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB968389$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2584146$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2566454$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2423089$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2360937$
2012-11-29 16:45 - 2011-07-15 08:29 - 00456320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mrxsmb.sys
2012-11-29 16:45 - 2010-09-18 01:53 - 00953856 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mfc40u.dll
2012-11-29 16:45 - 2008-06-13 06:05 - 00272128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthport.sys
2012-11-29 16:44 - 2012-11-29 17:28 - 00049537 ____A C:\Windows\KB2585542.log
2012-11-29 16:44 - 2012-11-29 17:26 - 00047815 ____A C:\Windows\KB2724197.log
2012-11-29 16:44 - 2010-08-23 11:12 - 00617472 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\comctl32.dll
2012-11-29 16:44 - 2010-06-14 09:31 - 00744448 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\helpsvc.exe
2012-11-29 16:44 - 2009-11-21 10:51 - 00471552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\aclayers.dll
2012-11-29 16:43 - 2010-11-02 10:17 - 00040960 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ndproxy.sys
2012-11-29 16:43 - 2010-08-27 03:02 - 00119808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\t2embed.dll
2012-11-29 16:43 - 2009-10-15 11:28 - 00081920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\fontsub.dll
2012-11-29 16:43 - 2009-01-09 14:19 - 01089593 ____C C:\Windows\System32\dllcache\ntprint.cat
2012-11-29 16:42 - 2009-07-27 17:27 - 00128512 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dhtmled.ocx
2012-11-29 16:42 - 2009-06-21 16:44 - 00153088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\triedit.dll
2012-11-29 16:42 - 2009-03-06 09:22 - 00284160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\pdh.dll
2012-11-29 16:42 - 2009-02-09 07:10 - 00617472 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\advapi32.dll
2012-11-29 16:42 - 2009-02-09 07:10 - 00473600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\fastprox.dll
2012-11-29 16:42 - 2009-02-09 07:10 - 00453120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmiprvsd.dll
2012-11-29 16:42 - 2009-02-09 07:10 - 00401408 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rpcss.dll
2012-11-29 16:42 - 2009-02-06 06:11 - 00110592 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\services.exe
2012-11-29 16:42 - 2009-02-06 05:10 - 00227840 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmiprvse.exe
2012-11-29 16:41 - 2011-04-21 08:37 - 00105472 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mup.sys
2012-11-29 16:41 - 2008-05-08 09:02 - 00203136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rmcast.sys
2012-11-29 16:41 - 2008-05-01 09:33 - 00331776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msadce.dll
2012-11-29 16:40 - 2012-11-29 17:17 - 00029248 ____A C:\Windows\KB2749655.log
2012-11-29 16:40 - 2012-11-29 17:17 - 00028933 ____A C:\Windows\KB971029.log
2012-11-29 16:39 - 2012-11-29 17:10 - 00025148 ____A C:\Windows\KB2761226.log
2012-11-29 16:39 - 2012-11-29 17:10 - 00024991 ____A C:\Windows\KB2661254-v2.log
2012-11-29 16:39 - 2012-11-29 17:09 - 00025064 ____A C:\Windows\KB2509553.log
2012-11-29 16:39 - 2012-11-29 17:08 - 00023483 ____A C:\Windows\KB2744842.log
2012-11-29 16:39 - 2011-04-29 22:01 - 00758784 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\vgx.dll
2012-11-29 16:38 - 2012-11-29 17:11 - 00024686 ____A C:\Windows\KB2727528.log
2012-11-29 16:38 - 2012-07-04 09:05 - 00139784 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rdpwd.sys
2012-11-29 16:38 - 2012-05-28 13:16 - 00536576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msado15.dll
2012-11-29 16:38 - 2010-06-18 08:36 - 03558912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\moviemk.exe
2012-11-29 16:37 - 2012-08-21 08:33 - 02148864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2012-11-29 16:37 - 2012-08-21 08:29 - 02192896 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
2012-11-29 16:37 - 2012-08-21 07:58 - 02069632 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
2012-11-29 16:37 - 2012-08-21 07:58 - 02027520 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
2012-11-29 16:37 - 2011-07-08 09:02 - 00010496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ndistapi.sys
2012-11-29 16:37 - 2010-12-09 10:15 - 00718336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntdll.dll
2012-11-29 16:37 - 2010-07-12 07:55 - 00218112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wordpad.exe
2012-11-29 16:37 - 2009-11-21 10:51 - 01206508 ____C C:\Windows\System32\dllcache\sysmain.sdb
2012-11-29 16:31 - 2010-10-11 09:59 - 00045568 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wab.exe
2012-11-29 16:30 - 2010-08-16 03:45 - 00590848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rpcrt4.dll
2012-11-29 16:26 - 2012-06-02 15:19 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll.mui
2012-11-29 16:19 - 2012-11-29 16:19 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2012-11-29 16:19 - 2012-11-29 16:19 - 00000090 ____A C:\Windows\System32\spupdwxp.log
2012-11-29 16:04 - 2012-11-29 16:04 - 00000000 ____D C:\Windows\System32\bits
2012-11-29 16:04 - 2012-06-05 10:50 - 01372672 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msxml6.dll
2012-11-29 16:04 - 2008-04-14 05:42 - 04274816 ____N (NVIDIA Corporation) C:\Windows\System32\nv4_disp.dll
2012-11-29 16:04 - 2008-04-14 05:42 - 01737856 ____N (Matrox Graphics Inc.) C:\Windows\System32\mtxparhd.dll
2012-11-29 16:04 - 2008-04-14 05:42 - 00397056 ____N (S3 Graphics, Inc.) C:\Windows\System32\s3gnb.dll
2012-11-29 16:04 - 2008-04-14 05:42 - 00286792 ____N (Smart Link) C:\Windows\System32\slextspk.dll
2012-11-29 16:04 - 2008-04-14 05:42 - 00188508 ____N (Smart Link) C:\Windows\System32\slgen.dll
2012-11-29 16:04 - 2008-04-14 05:42 - 00073832 ____N (Smart Link) C:\Windows\System32\slcoinst.dll
2012-11-29 16:04 - 2008-04-14 05:42 - 00073796 ____N (Smart Link) C:\Windows\System32\slserv.exe
2012-11-29 16:04 - 2008-04-14 05:42 - 00032866 ____N (Smart Link) C:\Windows\System32\slrundll.exe
2012-11-29 16:04 - 2008-04-14 05:42 - 00032866 ____N (Smart Link) C:\Windows\slrundll.exe
2012-11-29 16:04 - 2008-04-14 05:42 - 00028672 ____N (Microsoft Corporation) C:\Windows\System32\vidcap.ax
2012-11-29 16:04 - 2008-04-14 05:42 - 00023040 ____N (ATI Technologies Inc.) C:\Windows\System32\ativmvxx.ax
2012-11-29 16:04 - 2008-04-14 05:42 - 00010752 ____N (Microsoft Corporation) C:\Windows\System32\smtpapi.dll
2012-11-29 16:04 - 2008-04-14 05:42 - 00009728 ____N (Microsoft Corporation) C:\Windows\System32\rwnh.dll
2012-11-29 16:04 - 2008-04-14 05:42 - 00009728 ____N (ATI Technologies Inc.) C:\Windows\System32\ativdaxx.ax
2012-11-29 16:04 - 2008-04-14 05:41 - 01888992 ____N (ATI Technologies Inc. ) C:\Windows\System32\ati3duag.dll
2012-11-29 16:04 - 2008-04-14 05:41 - 00870784 ____N (ATI Technologies Inc. ) C:\Windows\System32\ati3d1ag.dll
2012-11-29 16:04 - 2008-04-14 05:41 - 00516768 ____N (ATI Technologies Inc. ) C:\Windows\System32\ativvaxx.dll
2012-11-29 16:04 - 2008-04-14 05:41 - 00377984 ____N (ATI Technologies Inc.) C:\Windows\System32\ati2dvaa.dll
2012-11-29 16:04 - 2008-04-14 05:41 - 00229376 ____N (ATI Technologies Inc.) C:\Windows\System32\ati2cqag.dll
2012-11-29 16:04 - 2008-04-14 05:41 - 00201728 ____N (ATI Technologies Inc.) C:\Windows\System32\ati2dvag.dll
2012-11-29 16:04 - 2008-04-14 05:41 - 00086016 ____N (Conexant) C:\Windows\System32\mdmxsdk.dll
2012-11-29 16:04 - 2008-04-14 05:41 - 00032768 ____N (ATI Technologies Inc.) C:\Windows\System32\ativtmxx.dll
2012-11-29 16:04 - 2008-04-14 05:41 - 00032285 ____N (Conexant Systems, Inc.) C:\Windows\System32\hsfcisp2.dll
2012-11-29 16:04 - 2008-04-14 00:15 - 00046592 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\irbus.sys
2012-11-29 16:04 - 2008-04-14 00:13 - 00009728 ____N (Microsoft Corporation) C:\Windows\System32\comsdupd.exe
2012-11-29 16:04 - 2008-04-13 22:57 - 00079872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msxml6r.dll
2012-11-29 16:03 - 2012-11-29 16:03 - 00000000 ____D C:\Windows\ServicePackFiles
2012-11-29 16:01 - 2008-04-14 05:42 - 00011325 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\vchnt5.dll
2012-11-29 16:01 - 2008-04-14 05:42 - 00003901 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\siint5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00025471 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\atv04nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00021183 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\atv01nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00017279 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\atv10nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00015423 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\ch7xxnt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00014143 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\atv06nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00011359 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\atv02nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00004255 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\adv01nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00003967 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\adv02nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00003775 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\adv11nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00003711 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\adv09nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00003647 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\adv07nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00003615 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\adv05nt5.dll
2012-11-29 16:01 - 2008-04-14 05:41 - 00003135 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\adv08nt5.dll
2012-11-29 16:01 - 2008-04-14 00:26 - 00030592 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys
2012-11-29 16:01 - 2008-04-14 00:26 - 00012800 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2012-11-29 16:01 - 2008-04-14 00:21 - 00101120 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys
2012-11-29 16:01 - 2008-04-14 00:16 - 00121984 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2012-11-29 16:01 - 2008-04-14 00:16 - 00059136 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys
2012-11-29 16:01 - 2008-04-14 00:16 - 00037888 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2012-11-29 16:01 - 2008-04-14 00:16 - 00036480 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\bthprint.sys
2012-11-29 16:01 - 2008-04-14 00:16 - 00025600 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2012-11-29 16:01 - 2008-04-14 00:16 - 00018944 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\bthusb.sys
2012-11-29 16:01 - 2008-04-14 00:16 - 00017024 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys
2012-11-29 16:01 - 2008-04-14 00:15 - 00019200 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2012-11-29 16:01 - 2008-04-14 00:13 - 00014208 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2012-11-29 16:01 - 2008-04-14 00:13 - 00012672 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\mutohpen.sys
2012-11-29 16:01 - 2008-04-14 00:06 - 00005888 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\smbali.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 01309184 ____N (Smart Link) C:\Windows\System32\Drivers\mtlstrm.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 01041536 ____N (Conexant Systems, Inc.) C:\Windows\System32\Drivers\hsfdpsp2.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 00685056 ____N (Conexant Systems, Inc.) C:\Windows\System32\Drivers\hsfcxts2.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 00404990 ____N (Smart Link) C:\Windows\System32\Drivers\slntamr.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 00220032 ____N (Conexant Systems, Inc.) C:\Windows\System32\Drivers\hsfbs2s2.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 00180360 ____N (Smart Link) C:\Windows\System32\Drivers\ntmtlfax.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 00129535 ____N (Smart Link) C:\Windows\System32\Drivers\slnt7554.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 00126686 ____N (Smart Link) C:\Windows\System32\Drivers\mtlmnt5.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 00095424 ____N (Smart Link) C:\Windows\System32\Drivers\slnthal.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 00013776 ____N (Smart Link) C:\Windows\System32\Drivers\recagent.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 00013240 ____N (Smart Link) C:\Windows\System32\Drivers\slwdmsup.sys
2012-11-29 16:01 - 2008-04-13 23:53 - 00011868 ____N (Conexant) C:\Windows\System32\Drivers\mdmxsdk.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 01897408 ____N (NVIDIA Corporation) C:\Windows\System32\Drivers\nv4_mini.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00701440 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati2mtag.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00452736 ____N (Matrox Graphics Inc.) C:\Windows\System32\Drivers\mtxparhm.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00327040 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati2mtaa.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00166912 ____N (S3 Graphics, Inc.) C:\Windows\System32\Drivers\s3gnbm.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00104960 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\atinrvxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00073216 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\atintuxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00063663 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati1rvxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00063488 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\atinxsxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00057856 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\atinbtxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00056623 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati1btxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00052224 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\atinraxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00036463 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati1tuxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00034735 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati1xsxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00031744 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\atinxbxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00030671 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati1raxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00029455 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati1xbxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00028672 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\atinsnxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00026367 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati1snxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00025471 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\watv10nt.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00022271 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\watv06nt.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00021343 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati1ttxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00014336 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\atinpdxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00013824 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\atinttxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00013824 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\atinmdxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00012047 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati1pdxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00011935 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\wadv11nt.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00011871 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\wadv09nt.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00011807 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\wadv07nt.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00011615 ____N (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati1mdxx.sys
2012-11-29 16:01 - 2008-04-13 22:04 - 00011295 ____N (Intel(R) Corporation) C:\Windows\System32\Drivers\wadv08nt.sys

Eric Witzling · Dec 3, 2012

2012-11-29 16:01 - 2007-04-02 21:36 - 00129045 ____N C:\Windows\System32\Drivers\cxthsfs2.cty
2012-11-29 16:01 - 2006-12-29 20:21 - 00064352 ____N C:\Windows\System32\Drivers\ativmc20.cod
2012-11-29 16:01 - 2006-12-29 20:02 - 00067866 ____N C:\Windows\System32\Drivers\netwlan5.img
2012-11-29 16:00 - 2006-12-29 00:31 - 00019569 ____A C:\Windows\003358_.tmp
2012-11-29 15:58 - 2012-11-29 16:00 - 00000000 __HDC C:\Windows\$NtServicePackUninstall$
2012-11-29 15:56 - 2012-11-29 16:18 - 00506697 ____A C:\Windows\svcpack.log
2012-11-29 15:25 - 2012-11-29 15:25 - 00013724 ____A C:\Windows\System32\wpa.bak
2012-11-29 15:05 - 2012-12-03 14:06 - 02716480 ____A C:\Windows\System32\ICAutoUpdate.log
2012-11-29 15:05 - 2012-12-03 13:47 - 00000618 ____A C:\Windows\System32\gotomon.log
2012-11-29 13:27 - 2012-11-29 13:19 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20121129-132722.backup
2012-11-29 13:20 - 2012-11-29 13:20 - 00012712 ____A C:\ComboFix.txt
2012-11-29 13:00 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-29 13:00 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-29 13:00 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-29 13:00 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-29 13:00 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-29 13:00 - 2000-08-30 19:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-11-29 13:00 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-29 13:00 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-29 13:00 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-29 12:59 - 2012-11-29 13:20 - 00000000 ____D C:\Qoobox
2012-11-29 12:59 - 2012-11-29 13:19 - 00000000 ____D C:\Windows\erdnt
2012-11-29 12:46 - 2012-11-29 12:46 - 00065536 ____A C:\Windows\Minidump\Mini112912-02.dmp
2012-11-29 12:35 - 2012-11-29 12:35 - 00065536 ____A C:\Windows\Minidump\Mini112912-01.dmp
2012-11-29 12:35 - 2012-11-29 12:35 - 00000000 ____D C:\Windows\Minidump
2012-11-29 12:29 - 2012-11-29 12:29 - 00000052 ____A C:\Windows\oobeact.log
2012-11-29 12:29 - 2012-11-29 12:29 - 00000000 ____D C:\df37febdd5368d193e66dcbd9fa8c14a
2012-11-29 12:28 - 2012-12-03 13:46 - 00001768 ____A C:\Windows\System32\InoRpcInit.log
2012-11-29 12:28 - 2012-11-29 12:28 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-11-29 12:25 - 2008-04-14 05:41 - 00571392 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlgnt.ime
2012-11-29 12:25 - 2008-04-14 05:41 - 00426041 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicepad.dll
2012-11-29 12:25 - 2008-04-14 05:41 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winzm.ime
2012-11-29 12:25 - 2008-04-14 05:41 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winsp.ime
2012-11-29 12:25 - 2008-04-14 05:41 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winpy.ime
2012-11-29 12:25 - 2008-04-14 05:41 - 00086073 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicesub.dll
2012-11-29 12:25 - 2008-04-14 05:41 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winar30.ime
2012-11-29 12:25 - 2008-04-14 05:41 - 00076288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\uniime.dll
2012-11-29 12:25 - 2008-04-14 05:41 - 00072704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wingb.ime
2012-11-29 12:25 - 2008-04-14 05:41 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winime.ime
2012-11-29 12:25 - 2008-04-14 05:41 - 00065024 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\unicdime.ime
2012-11-29 12:25 - 2008-04-14 05:41 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tmigrate.dll
2012-11-29 12:25 - 2004-08-03 06:32 - 00455168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintsetp.exe
2012-11-29 12:25 - 2004-08-03 06:32 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlphr.exe
2012-11-29 12:25 - 2001-08-18 07:00 - 00185344 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\thawbrkr.dll
2012-11-29 12:25 - 2001-08-18 07:00 - 00073728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w3ext.dll
2012-11-29 12:25 - 2001-08-18 07:00 - 00048256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w32.dll
2012-11-29 12:25 - 2001-08-18 07:00 - 00041600 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.dll
2012-11-29 12:25 - 2001-08-18 07:00 - 00031232 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.sys
2012-11-29 12:25 - 2001-08-18 07:00 - 00028288 ___AC C:\Windows\System32\dllcache\xjis.nls
2012-11-29 12:25 - 2001-08-18 07:00 - 00021896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdipx.sys
2012-11-29 12:25 - 2001-08-18 07:00 - 00019464 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdspx.sys
2012-11-29 12:25 - 2001-08-18 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tsprof.exe
2012-11-29 12:25 - 2001-08-18 07:00 - 00013192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdasync.sys
2012-11-29 12:25 - 2001-08-18 07:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wamps51.dll
2012-11-29 12:25 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w3svapi.dll
2012-11-29 12:25 - 2001-08-18 07:00 - 00004608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w3ctrs51.dll
2012-11-29 12:24 - 2008-04-14 05:41 - 00482304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlgnt.ime
2012-11-29 12:24 - 2008-04-14 05:41 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\phon.ime
2012-11-29 12:24 - 2008-04-14 05:41 - 00078848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dayi.ime
2012-11-29 12:24 - 2008-04-14 05:41 - 00077824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quick.ime
2012-11-29 12:24 - 2008-04-14 05:41 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\romanime.ime
2012-11-29 12:24 - 2008-04-14 05:40 - 00175104 ___AC C:\Windows\System32\dllcache\pintlcsa.dll
2012-11-29 12:24 - 2008-04-14 05:40 - 00067584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmigrate.dll
2012-11-29 12:24 - 2008-04-14 05:40 - 00053760 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlcsd.dll
2012-11-29 12:24 - 2008-04-14 05:40 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs404.dll
2012-11-29 12:24 - 2008-04-14 05:40 - 00015360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs804.dll
2012-11-29 12:24 - 2008-04-14 05:39 - 13463552 ___AC C:\Windows\System32\dllcache\hwxjpn.dll
2012-11-29 12:24 - 2008-04-14 05:39 - 00811064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81k.dll
2012-11-29 12:24 - 2008-04-14 05:39 - 00716856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcus.dll
2012-11-29 12:24 - 2008-04-14 05:39 - 00368696 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcic.dll
2012-11-29 12:24 - 2008-04-14 05:39 - 00340023 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81.ime
2012-11-29 12:24 - 2008-04-14 05:39 - 00315455 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskf.dll
2012-11-29 12:24 - 2008-04-14 05:39 - 00274489 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputyc.dll
2012-11-29 12:24 - 2008-04-14 05:39 - 00106496 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrcic.dll
2012-11-29 12:24 - 2008-04-14 05:39 - 00102456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imlang.dll
2012-11-29 12:24 - 2008-04-14 05:39 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekr61.ime
2012-11-29 12:24 - 2008-04-14 05:39 - 00086016 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmbx.dll
2012-11-29 12:24 - 2008-04-14 05:39 - 00081976 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.dll
2012-11-29 12:24 - 2008-04-13 22:13 - 00070144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlphr.exe
2012-11-29 12:24 - 2004-08-03 06:32 - 00262200 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputy.exe
2012-11-29 12:24 - 2004-08-03 06:32 - 00233527 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjprw.exe
2012-11-29 12:24 - 2004-08-03 06:32 - 00208952 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpmig.exe
2012-11-29 12:24 - 2004-08-03 06:31 - 00307257 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.exe
2012-11-29 12:24 - 2004-08-03 06:31 - 00196665 ___AC C:\Windows\System32\dllcache\imjpinst.exe
2012-11-29 12:24 - 2004-08-03 06:31 - 00155705 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdsvr.exe
2012-11-29 12:24 - 2004-08-03 06:31 - 00059392 ___AC C:\Windows\System32\dllcache\imscinst.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 10129408 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxkor.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 10096640 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxcht.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 01875968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.lex
2012-11-29 12:24 - 2001-08-18 07:00 - 01158818 ___AC C:\Windows\System32\dllcache\korwbrkr.lex
2012-11-29 12:24 - 2001-08-18 07:00 - 00471102 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskdic.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00311359 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsv.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00229439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\multibox.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00143422 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\softkey.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00134339 ___AC C:\Windows\System32\dllcache\imekr.lex
2012-11-29 12:24 - 2001-08-18 07:00 - 00132608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclntr.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00131584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxviceo.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscfgwz.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00108827 ___AC C:\Windows\System32\dllcache\hanja.lex
2012-11-29 12:24 - 2001-08-18 07:00 - 00102463 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsm.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00101376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\srusbusd.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00092416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.sys
2012-11-29 12:24 - 2001-08-18 07:00 - 00092032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00083748 ___AC C:\Windows\System32\dllcache\prcp.nls
2012-11-29 12:24 - 2001-08-18 07:00 - 00083748 ___AC C:\Windows\System32\dllcache\prc.nls
2012-11-29 12:24 - 2001-08-18 07:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia330.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia001.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00070656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\korwbrkr.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00060928 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisclex4.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00059904 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imkrinst.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00057856 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimgd.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00057398 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdadm.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00053248 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\nextlink.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00047066 ___AC C:\Windows\System32\dllcache\ksc.nls
2012-11-29 12:24 - 2001-08-18 07:00 - 00045109 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpuex.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00045056 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunid.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmig.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm9aw.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00036927 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs411.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00036864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hanjadic.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00031744 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucmd.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smb6w.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sma3w.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pagecnt.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsroute.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm87w.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm81w.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00029184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8cw.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm93w.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm92w.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mdsync.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm90w.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8dw.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8aw.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm89w.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00025856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\et4000.sys
2012-11-29 12:24 - 2001-08-18 07:00 - 00025088 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm59w.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00022016 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\logscrpt.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00020992 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\permchk.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iiscrmap.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\simptcp.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cprofile.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00018432 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\jupiw.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00016896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\status.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quser.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsm.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\register.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\flattemp.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs412.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxmcro.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssend.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpstup.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\query.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecat.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iwrps.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\infoctrs.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecnt.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftpctrs2.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnec95.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isapips.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iissync.exe
2012-11-29 12:24 - 2001-08-18 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxgl.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth3.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth2.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinpun.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101a.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftlx041e.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smimsgif.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsy.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdvntc.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdusa.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdurdu.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth1.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth0.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdsyr2.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdsyr1.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdintel.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdintam.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinmar.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinkan.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinhin.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinguj.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdindev.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdheb.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdfa.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbddiv2.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbddiv1.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda3.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda2.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda1.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdgeo.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdarmw.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdarme.dll
2012-11-29 12:24 - 2001-08-18 07:00 - 00003584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iismui.dll
2012-11-29 12:24 - 2001-08-17 22:36 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_mailmsg.dll
2012-11-29 12:24 - 2001-08-17 22:36 - 00057856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_scripto.dll
2012-11-29 12:24 - 2001-08-17 22:36 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_fcachdll.dll
2012-11-29 12:24 - 2001-08-17 22:36 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_ntfsdrv.dll
2012-11-29 12:24 - 2001-08-17 22:36 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_seos.dll
2012-11-29 12:24 - 2001-08-17 22:36 - 00023040 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_regtrace.exe
2012-11-29 12:24 - 2001-08-17 22:36 - 00012288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_smtpctrs.dll
2012-11-29 12:24 - 2001-08-17 22:36 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_snprfdll.dll
2012-11-29 12:23 - 2012-11-29 12:23 - 00262144 ____A C:\Windows\System32\config\userdifr
2012-11-29 12:23 - 2012-11-29 12:23 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG
2012-11-29 12:23 - 2008-04-14 05:41 - 00078336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chajei.ime
2012-11-29 12:23 - 2008-04-14 05:41 - 00021504 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintlgnt.ime
2012-11-29 12:23 - 2008-04-14 05:39 - 00198656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintime.dll
2012-11-29 12:23 - 2008-04-14 05:39 - 00173568 ___AC C:\Windows\System32\dllcache\chtskf.dll
2012-11-29 12:23 - 2008-04-14 05:39 - 00097792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtmbx.dll
2012-11-29 12:23 - 2008-04-14 05:39 - 00056320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtskdic.dll
2012-11-29 12:23 - 2004-08-03 06:31 - 00480256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintsetp.exe
2012-11-29 12:23 - 2004-08-03 06:31 - 00057399 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cplexe.exe
2012-11-29 12:23 - 2001-08-18 07:00 - 01677824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chsbrkr.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00838144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtbrkr.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00195618 ___AC C:\Windows\System32\dllcache\c_10002.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00189986 ___AC C:\Windows\System32\dllcache\c_1361.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00187938 ___AC C:\Windows\System32\dllcache\c_20005.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00186402 ___AC C:\Windows\System32\dllcache\c_20001.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00185378 ___AC C:\Windows\System32\dllcache\c_20003.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00180770 ___AC C:\Windows\System32\dllcache\c_20932.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20004.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20000.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_20949.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_10003.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20936.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20002.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_10008.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00169984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisui.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00162850 ___AC C:\Windows\System32\dllcache\c_10001.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\certmap.ocx
2012-11-29 12:23 - 2001-08-18 07:00 - 00082172 ___AC C:\Windows\System32\dllcache\bopomofo.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066728 ___AC C:\Windows\System32\dllcache\big5.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_864.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_862.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_858.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_720.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_870.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_708.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_28596.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21027.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21025.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20924.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20880.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20871.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20838.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20833.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20424.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20423.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20420.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20297.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20290.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20285.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20284.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20280.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20278.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20277.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20273.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20269.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20108.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20107.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20106.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20105.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1149.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1148.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1147.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1146.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1145.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1144.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1143.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1142.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1141.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1140.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1047.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10021.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10005.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10004.nls
2012-11-29 12:23 - 2001-08-18 07:00 - 00056320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\convlog.exe
2012-11-29 12:23 - 2001-08-18 07:00 - 00054528 ___AC (Philips Semiconductors GmbH) C:\Windows\System32\dllcache\cap7146.sys
2012-11-29 12:23 - 2001-08-18 07:00 - 00049664 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\adrot.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00045568 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\browscap.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00033792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\controt.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00029184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\asptxn.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00020480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\counters.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00019968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetsloc.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgport.exe
2012-11-29 12:23 - 2001-08-18 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisreset.exe
2012-11-29 12:23 - 2001-08-18 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgusr.exe
2012-11-29 12:23 - 2001-08-18 07:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chglogon.exe
2012-11-29 12:23 - 2001-08-18 07:00 - 00010752 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_iscii.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\aspperf.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\change.exe
2012-11-29 12:23 - 2001-08-18 07:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\authfilt.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetmgr.exe
2012-11-29 12:23 - 2001-08-18 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wamregps.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_is2022.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftpsapi2.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admxprox.dll
2012-11-29 12:23 - 2001-08-18 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisrstap.dll
2012-11-29 12:23 - 2001-08-17 22:36 - 00045056 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_aqadmin.dll
2012-11-29 12:23 - 2001-08-17 22:36 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_adsiisex.dll
2012-11-29 12:22 - 2012-11-29 12:22 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2012-11-29 12:22 - 2012-11-29 12:22 - 00000749 __RAH C:\Windows\System32\wuaucpl.cpl.manifest
2012-11-29 12:22 - 2012-11-29 12:22 - 00000749 __RAH C:\Windows\System32\sapi.cpl.manifest
2012-11-29 12:22 - 2012-11-29 12:22 - 00000749 __RAH C:\Windows\System32\nwc.cpl.manifest
2012-11-29 12:22 - 2012-11-29 12:22 - 00000749 __RAH C:\Windows\System32\ncpa.cpl.manifest
2012-11-29 12:22 - 2012-11-29 12:22 - 00000488 __RAH C:\Windows\System32\logonui.exe.manifest
2012-11-29 12:21 - 2001-08-18 07:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isignup.exe
2012-11-29 12:20 - 2012-11-29 12:20 - 00000793 ____A C:\Documents and Settings\Default User\Desktop\Windows Media Player.lnk
2012-11-29 12:20 - 2004-08-03 06:59 - 00044544 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tscupgrd.exe
2012-11-29 12:20 - 2004-08-03 06:59 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\tscupgrd.exe
2012-11-29 12:10 - 2004-08-03 10:03 - 01042903 ___AC C:\Windows\System32\dllcache\SP2.CAT
2012-11-29 12:10 - 2004-08-03 09:58 - 00013753 ___RA C:\Windows\SET11D.tmp
2012-11-29 12:10 - 2004-07-16 19:45 - 00007334 ___AC C:\Windows\System32\dllcache\wmerrenu.cat
2012-11-29 12:10 - 2001-08-18 07:00 - 00797189 ___AC C:\Windows\System32\dllcache\NT5IIS.CAT
2012-11-29 12:10 - 2001-08-18 07:00 - 00399645 ___AC C:\Windows\System32\dllcache\MAPIMIG.CAT
2012-11-29 12:10 - 2001-08-18 07:00 - 00037484 ___AC C:\Windows\System32\dllcache\MW770.CAT
2012-11-29 12:10 - 2001-08-18 07:00 - 00024661 ___AC (Perle Systems Ltd.) C:\Windows\System32\dllcache\spxcoins.dll
2012-11-29 12:10 - 2001-08-18 07:00 - 00024661 ____A (Perle Systems Ltd.) C:\Windows\System32\spxcoins.dll
2012-11-29 12:10 - 2001-08-18 07:00 - 00013472 ___AC C:\Windows\System32\dllcache\HPCRDP.CAT
2012-11-29 12:10 - 2001-08-18 07:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\irclass.dll
2012-11-29 12:10 - 2001-08-18 07:00 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\irclass.dll
2012-11-29 12:10 - 2001-08-18 07:00 - 00008574 ___AC C:\Windows\System32\dllcache\IASNT4.CAT
2012-11-29 12:09 - 2012-12-03 13:47 - 00410525 ____A C:\Windows\setupapi.log
2012-11-29 12:09 - 2004-08-03 10:03 - 01042903 ___RA C:\Windows\SET110.tmp
2012-11-29 12:09 - 2004-08-03 09:57 - 01086058 ___RA C:\Windows\SET111.tmp
2012-11-29 12:08 - 2012-11-29 15:31 - 2145386496 ____A C:\Windows\MEMORY.DMP
2012-11-29 12:08 - 2012-11-29 12:08 - 00065536 ____A C:\Windows\System32\config\ODiag.evt
2012-11-29 12:08 - 2012-11-29 12:08 - 00065536 ____A C:\Windows\System32\config\Lenovo-M.evt
2012-11-29 12:08 - 2012-11-29 12:08 - 00065536 ____A C:\Windows\System32\config\Internet.evt
2012-11-21 08:35 - 2012-11-21 10:13 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-11-16 12:07 - 2012-12-03 14:06 - 00000000 ____D C:\FRST
2012-11-15 11:38 - 2012-11-15 11:38 - 00000209 ____A C:\Documents and Settings\mike\Desktop\REATOGO.txt
2012-11-15 11:11 - 2012-11-15 11:11 - 00049454 ____A C:\OTL.Txt
2012-11-14 12:16 - 2012-11-21 10:12 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Task Scheduler.bak
2012-11-13 13:09 - 2012-11-13 13:09 - 00315072 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
==================== One Month Modified Files and Folders ========
2012-12-03 14:06 - 2012-11-29 15:05 - 02716480 ____A C:\Windows\System32\ICAutoUpdate.log
2012-12-03 14:06 - 2012-11-16 12:07 - 00000000 ____D C:\FRST
2012-12-03 14:06 - 2011-02-10 12:02 - 00000000 ____D C:\download
2012-12-03 14:06 - 2010-06-06 12:06 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-03 14:02 - 2012-07-03 08:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-03 13:52 - 2010-08-09 14:09 - 00000000 ____D C:\Program Files\SAAZOD
2012-12-03 13:48 - 2008-07-21 17:01 - 01170569 ____A C:\Windows\WindowsUpdate.log
2012-12-03 13:47 - 2012-11-29 15:05 - 00000618 ____A C:\Windows\System32\gotomon.log
2012-12-03 13:47 - 2012-11-29 12:09 - 00410525 ____A C:\Windows\setupapi.log
2012-12-03 13:47 - 2010-06-06 12:06 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-03 13:47 - 2009-09-09 13:36 - 00000062 __ASH C:\Documents and Settings\mike\Local Settings\desktop.ini
2012-12-03 13:47 - 2008-07-21 17:50 - 00013724 ____A C:\Windows\System32\wpa.dbl
2012-12-03 13:46 - 2012-11-29 12:28 - 00001768 ____A C:\Windows\System32\InoRpcInit.log
2012-12-03 13:46 - 2008-07-21 17:05 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-12-03 13:46 - 2008-07-21 17:05 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-12-03 13:46 - 2008-07-21 17:05 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-03 08:13 - 2009-09-09 15:53 - 00000000 ___AD C:\Documents and Settings\All Users\Application Data\LogMeIn
2012-12-03 08:13 - 2009-09-09 13:36 - 00000178 ___SH C:\Documents and Settings\mike\ntuser.ini
2012-12-03 08:13 - 2008-07-21 17:05 - 00032354 ____A C:\Windows\SchedLgU.Txt
2012-12-03 07:44 - 2009-09-08 13:16 - 00000254 ____A C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2012-12-03 07:35 - 2012-03-28 11:20 - 00000974 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2610266335-1772602443-367391177-1118UA.job
2012-12-03 00:15 - 2010-08-09 14:11 - 00001180 ____A C:\Windows\System32\ipstuffNew.txt
2012-12-02 16:03 - 2012-12-02 16:03 - 00009110 ____A C:\Documents and Settings\mike\Desktop\HitmanPro_20121202_1603.log
2012-12-02 15:59 - 2012-12-02 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2012-12-02 14:37 - 2012-03-28 11:21 - 00002284 ____A C:\Documents and Settings\mike\Desktop\Google Chrome.lnk
2012-12-02 14:32 - 2012-12-02 14:16 - 00033613 ____A C:\cleanup.txt
2012-12-02 14:31 - 2012-12-02 14:31 - 00016188 ____A C:\Documents and Settings\mike\Desktop\attach.txt
2012-12-02 14:30 - 2012-12-02 14:31 - 00014721 ____A C:\Documents and Settings\mike\Desktop\dds.txt
2012-12-02 14:18 - 2012-12-02 14:18 - 00001027 ____A C:\AdwCleaner[S1].txt
2012-12-02 14:12 - 2012-12-02 14:12 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2012-12-02 14:11 - 2008-07-21 17:50 - 00000607 ____A C:\Windows\win.ini
2012-12-02 14:11 - 2008-07-21 17:50 - 00000227 ____A C:\Windows\system.ini
2012-12-02 14:05 - 2012-12-02 14:05 - 00000000 __SHD C:\Documents and Settings\mike\PrivacIE
2012-12-02 14:05 - 2012-12-02 14:05 - 00000000 __SHD C:\Documents and Settings\mike\IECompatCache
2012-12-02 14:05 - 2008-07-21 09:55 - 00596768 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-02 14:04 - 2012-12-02 14:04 - 00006912 ____A C:\Windows\KB2510531-IE8.log
2012-12-02 14:04 - 2012-12-02 14:03 - 00006818 ____A C:\Windows\KB2544521-IE8.log
2012-12-02 14:04 - 2009-07-23 14:12 - 00000000 ___HD C:\Windows\$hf_mig$
2012-12-02 14:04 - 2008-07-21 09:55 - 02020450 ____A C:\Windows\FaxSetup.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00981501 ____A C:\Windows\ocgen.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00933863 ____A C:\Windows\tsoc.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00697895 ____A C:\Windows\comsetup.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00627974 ____A C:\Windows\msmqinst.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00419446 ____A C:\Windows\ntdtcsetup.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00353980 ____A C:\Windows\netfxocm.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00264894 ____A C:\Windows\iis6.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00140537 ____A C:\Windows\MedCtrOC.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00111713 ____A C:\Windows\ocmsn.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00102886 ____A C:\Windows\tabletoc.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00101140 ____A C:\Windows\msgsocm.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00001374 ____A C:\Windows\imsins.log
2012-12-02 14:04 - 2008-07-21 09:55 - 00001374 ____A C:\Windows\imsins.BAK
2012-12-02 14:02 - 2008-07-21 09:55 - 00301127 ____A C:\Windows\setupact.log
2012-11-30 08:35 - 2012-03-28 11:20 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2610266335-1772602443-367391177-1118Core.job
2012-11-29 17:47 - 2012-11-29 17:47 - 00000000 __HDC C:\Windows\$NtUninstallKB970430$
2012-11-29 17:47 - 2012-11-29 17:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2345886$
2012-11-29 17:47 - 2012-11-29 17:39 - 00012345 ____A C:\Windows\KB2345886.log
2012-11-29 17:47 - 2009-07-23 14:13 - 00291686 ____A C:\Windows\updspapi.log
2012-11-29 17:41 - 2012-11-29 17:41 - 00000000 ____D C:\Documents and Settings\mike\Local Settings\Application Data\PCHealth
2012-11-29 17:37 - 2012-11-29 17:37 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2012-11-29 17:37 - 2012-11-29 17:37 - 00000000 __SHD C:\Documents and Settings\mike\IETldCache
2012-11-29 17:37 - 2009-07-23 14:23 - 00050575 ____A C:\Windows\spupdsvc.log
2012-11-29 17:36 - 2008-07-21 09:55 - 00451680 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-29 17:36 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\Media
2012-11-29 17:36 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\Help
2012-11-29 17:34 - 2012-11-29 17:34 - 00101189 ____A C:\Windows\KB2744842-IE8.log
2012-11-29 17:34 - 2012-11-29 17:34 - 00000000 __HDC C:\Windows\$NtUninstallKB959426$
2012-11-29 17:34 - 2012-11-29 17:34 - 00000000 __HDC C:\Windows\$NtUninstallKB952954$
2012-11-29 17:34 - 2012-11-29 17:34 - 00000000 __HDC C:\Windows\$NtUninstallKB951376-v2$
2012-11-29 17:34 - 2012-11-29 17:33 - 00103531 ____A C:\Windows\KB2618444-IE8.log
2012-11-29 17:34 - 2012-11-29 17:29 - 00063268 ____A C:\Windows\ie8_main.log
2012-11-29 17:34 - 2009-09-08 13:35 - 00100283 ____A C:\Windows\KB951376-v2.log
2012-11-29 17:34 - 2009-09-08 13:28 - 00122305 ____A C:\Windows\KB959426.log
2012-11-29 17:34 - 2009-09-08 13:27 - 00114389 ____A C:\Windows\KB952954.log
2012-11-29 17:33 - 2012-11-29 17:33 - 00109398 ____A C:\Windows\KB982381-IE8.log
2012-11-29 17:33 - 2012-11-29 17:33 - 00092956 ____A C:\Windows\KB2598845-IE8.log
2012-11-29 17:33 - 2012-11-29 17:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2467659$
2012-11-29 17:33 - 2012-11-29 17:33 - 00000000 ____D C:\Windows\ie8updates
2012-11-29 17:33 - 2012-11-29 17:31 - 00105269 ____A C:\Windows\ie8.log
2012-11-29 17:33 - 2011-01-28 03:49 - 00097935 ____A C:\Windows\KB2467659.log
2012-11-29 17:32 - 2012-11-29 17:31 - 00000000 __HDC C:\Windows\ie8
2012-11-29 17:29 - 2012-11-29 17:29 - 00000000 __HDC C:\Windows\$NtUninstallKB960859$
2012-11-29 17:29 - 2012-11-29 17:29 - 00000000 __HDC C:\Windows\$NtUninstallKB946648$
2012-11-29 17:29 - 2012-11-29 17:29 - 00000000 __HDC C:\Windows\$NtUninstallKB2712808$
2012-11-29 17:29 - 2012-11-29 17:29 - 00000000 __HDC C:\Windows\$NtUninstallKB2387149$
2012-11-29 17:29 - 2012-10-17 23:19 - 00058366 ____A C:\Windows\KB2712808.log
2012-11-29 17:29 - 2010-11-13 00:42 - 00067606 ____A C:\Windows\KB2387149.log
2012-11-29 17:29 - 2009-09-08 13:35 - 00056361 ____A C:\Windows\KB946648.log
2012-11-29 17:29 - 2009-09-08 13:29 - 00116115 ____A C:\Windows\KB960859.log
2012-11-29 17:29 - 2009-07-23 14:38 - 00000000 ___AD C:\Documents and Settings\All Users\Application Data\Microsoft Help

Eric Witzling · Dec 3, 2012

2012-11-29 17:29 - 2008-07-21 16:59 - 00000000 ____D C:\Program Files\Messenger
2012-11-29 17:28 - 2012-11-29 17:28 - 00043910 ____A C:\Windows\KB2536276-v2.log
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2691442$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2659262$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2646524$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2631813$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2585542$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2564958$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2536276-v2$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2479943$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2478971$
2012-11-29 17:28 - 2012-11-29 17:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2296011$
2012-11-29 17:28 - 2012-11-29 16:44 - 00049537 ____A C:\Windows\KB2585542.log
2012-11-29 17:28 - 2012-08-17 23:08 - 00056552 ____A C:\Windows\KB2691442.log
2012-11-29 17:28 - 2012-06-15 23:35 - 00047789 ____A C:\Windows\KB2659262.log
2012-11-29 17:28 - 2012-02-16 00:27 - 00057105 ____A C:\Windows\KB2646524.log
2012-11-29 17:28 - 2012-02-16 00:24 - 00055261 ____A C:\Windows\KB2631813.log
2012-11-29 17:28 - 2011-11-18 00:25 - 00056971 ____A C:\Windows\KB2544893-v2.log
2012-11-29 17:28 - 2011-11-18 00:24 - 00048672 ____A C:\Windows\KB2564958.log
2012-11-29 17:28 - 2011-04-15 23:16 - 00057250 ____A C:\Windows\KB2479943.log
2012-11-29 17:28 - 2011-03-16 23:01 - 00056909 ____A C:\Windows\KB2478971.log
2012-11-29 17:28 - 2010-11-13 00:31 - 00047732 ____A C:\Windows\KB2296011.log
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB974318$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB969059$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB955759$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB951978$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2443105$
2012-11-29 17:27 - 2012-11-29 17:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2115168$
2012-11-29 17:27 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2655992$
2012-11-29 17:27 - 2012-08-17 23:09 - 00054700 ____A C:\Windows\KB2655992.log
2012-11-29 17:27 - 2011-01-16 00:14 - 00052795 ____A C:\Windows\KB2443105.log
2012-11-29 17:27 - 2010-11-13 00:41 - 00060573 ____A C:\Windows\KB2378111.log
2012-11-29 17:27 - 2010-11-13 00:29 - 00048736 ____A C:\Windows\KB975558.log
2012-11-29 17:27 - 2010-09-15 23:31 - 00054391 ____A C:\Windows\KB2115168.log
2012-11-29 17:27 - 2010-01-13 03:01 - 00055764 ____A C:\Windows\KB955759.log
2012-11-29 17:27 - 2009-12-09 01:11 - 00070529 ____A C:\Windows\KB974318.log
2012-11-29 17:27 - 2009-10-13 15:34 - 00070533 ____A C:\Windows\KB969059.log
2012-11-29 17:27 - 2009-09-08 13:26 - 00065257 ____A C:\Windows\KB951978.log
2012-11-29 17:27 - 2008-07-21 16:59 - 00082846 ____A C:\Windows\wmsetup.log
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB975713$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB950974$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2724197$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2598479$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2485663$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2481109$
2012-11-29 17:26 - 2012-11-29 17:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2229593$
2012-11-29 17:26 - 2012-11-29 16:44 - 00047815 ____A C:\Windows\KB2724197.log
2012-11-29 17:26 - 2012-02-16 00:26 - 00053097 ____A C:\Windows\KB2598479.log
2012-11-29 17:26 - 2011-05-18 23:25 - 00046401 ____A C:\Windows\KB2485663.log
2012-11-29 17:26 - 2011-05-04 23:19 - 00054571 ____A C:\Windows\KB2481109.log
2012-11-29 17:26 - 2011-01-16 00:15 - 00047008 ____A C:\Windows\KB2440591.log
2012-11-29 17:26 - 2010-07-15 02:02 - 00049977 ____A C:\Windows\KB2229593.log
2012-11-29 17:26 - 2010-02-09 18:20 - 00058122 ____A C:\Windows\KB975713.log
2012-11-29 17:26 - 2009-09-08 13:27 - 00065058 ____A C:\Windows\KB950974.log
2012-11-29 17:26 - 2008-07-21 09:55 - 02000175 ____A C:\Windows\iis6.BAK
2012-11-29 17:25 - 2012-11-29 17:25 - 00039437 ____A C:\Windows\KB2736233.log
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB982132$
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB978338$
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB971657$
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB2736233$
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB2686509$
2012-11-29 17:25 - 2012-11-29 17:25 - 00000000 __HDC C:\Windows\$NtUninstallKB2440591$
2012-11-29 17:25 - 2012-06-15 23:36 - 00047256 ____A C:\Windows\KB2686509.log
2012-11-29 17:25 - 2010-11-13 00:43 - 00065190 ____A C:\Windows\KB982132.log
2012-11-29 17:25 - 2010-04-14 04:34 - 00069401 ____A C:\Windows\KB978338.log
2012-11-29 17:25 - 2009-09-08 14:22 - 00043079 ____A C:\Windows\KB961118.log
2012-11-29 17:25 - 2009-09-08 13:28 - 00109941 ____A C:\Windows\KB971657.log
2012-11-29 17:24 - 2012-11-29 17:24 - 00000000 __HDC C:\Windows\$NtUninstallKB961118$
2012-11-29 17:23 - 2012-11-29 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB972270$
2012-11-29 17:23 - 2012-11-29 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2510581$
2012-11-29 17:23 - 2012-11-29 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2507938$
2012-11-29 17:23 - 2011-08-17 23:11 - 00052503 ____A C:\Windows\KB2507938.log
2012-11-29 17:23 - 2011-05-18 23:31 - 00056353 ____A C:\Windows\KB2510581.log
2012-11-29 17:23 - 2009-10-14 02:04 - 00056926 ____A C:\Windows\KB954155.log
2012-11-29 17:23 - 2009-09-08 13:49 - 00093216 ____A C:\Windows\KB956744.log
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB974112$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB956844$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB956572$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2483185$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2476490$
2012-11-29 17:22 - 2012-11-29 17:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2347290$
2012-11-29 17:22 - 2011-03-16 23:02 - 00048277 ____A C:\Windows\KB2483185.log
2012-11-29 17:22 - 2009-10-13 15:34 - 00066419 ____A C:\Windows\KB974112.log
2012-11-29 17:22 - 2009-09-08 13:50 - 00089052 ____A C:\Windows\KB956844.log
2012-11-29 17:22 - 2009-09-08 13:36 - 00059929 ____A C:\Windows\KB956572.log
2012-11-29 17:21 - 2012-11-29 17:21 - 00030086 ____A C:\Windows\KB2756822.log
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB979687$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB975560$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB975025$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB974571$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB973869$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB952004$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2756822$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2719985$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2624667$
2012-11-29 17:21 - 2012-11-29 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2592799$
2012-11-29 17:21 - 2012-08-17 23:11 - 00047611 ____A C:\Windows\KB2719985.log
2012-11-29 17:21 - 2012-01-19 00:23 - 00048777 ____A C:\Windows\KB2624667.log
2012-11-29 17:21 - 2011-11-18 00:23 - 00040042 ____A C:\Windows\KB2592799.log
2012-11-29 17:21 - 2010-11-13 00:30 - 00049153 ____A C:\Windows\KB979687.log
2012-11-29 17:21 - 2009-10-13 15:34 - 00062333 ____A C:\Windows\KB975025.log
2012-11-29 17:21 - 2009-10-13 15:34 - 00052895 ____A C:\Windows\KB974571.log
2012-11-29 17:21 - 2009-09-08 13:49 - 00088115 ____A C:\Windows\KB973869.log
2012-11-29 17:21 - 2009-09-08 13:49 - 00018942 ____A C:\Windows\System32\TZLog.log
2012-11-29 17:21 - 2009-09-08 13:28 - 00064440 ____A C:\Windows\KB952004.log
2012-11-29 17:21 - 2009-07-23 14:38 - 00000000 ____D C:\Program Files\Microsoft Office
2012-11-29 17:20 - 2012-11-29 17:20 - 00000000 __HDC C:\Windows\$NtUninstallKB973507$
2012-11-29 17:20 - 2012-11-29 17:20 - 00000000 __HDC C:\Windows\$NtUninstallKB941569$
2012-11-29 17:20 - 2012-11-29 17:20 - 00000000 __HDC C:\Windows\$NtUninstallKB2535512$
2012-11-29 17:20 - 2011-07-16 23:31 - 00041254 ____A C:\Windows\KB2535512.log
2012-11-29 17:20 - 2009-09-08 13:34 - 00042721 ____A C:\Windows\KB941569.log
2012-11-29 17:20 - 2009-09-08 13:28 - 00102242 ____A C:\Windows\KB973507.log
2012-11-29 17:19 - 2012-11-29 17:19 - 00000000 __HDC C:\Windows\$NtUninstallKB977816$
2012-11-29 17:19 - 2012-11-29 17:19 - 00000000 __HDC C:\Windows\$NtUninstallKB950762$
2012-11-29 17:19 - 2012-11-29 17:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2570947$
2012-11-29 17:19 - 2011-10-16 23:26 - 00038344 ____A C:\Windows\KB2570947.log
2012-11-29 17:19 - 2010-04-14 04:34 - 00061416 ____A C:\Windows\KB977816.log
2012-11-29 17:19 - 2009-09-08 13:35 - 00041362 ____A C:\Windows\KB950762.log
2012-11-29 17:18 - 2012-11-29 17:18 - 00000000 __HDC C:\Windows\$NtUninstallKB981322$
2012-11-29 17:18 - 2012-11-29 17:18 - 00000000 __HDC C:\Windows\$NtUninstallKB973904$
2012-11-29 17:18 - 2012-11-29 17:18 - 00000000 __HDC C:\Windows\$NtUninstallKB952287$
2012-11-29 17:18 - 2012-11-29 17:18 - 00000000 __HDC C:\Windows\$NtUninstallKB2603381$
2012-11-29 17:18 - 2012-11-29 17:18 - 00000000 __HDC C:\Windows\$NtUninstallKB2507618$
2012-11-29 17:18 - 2012-02-16 00:25 - 00037150 ____A C:\Windows\KB2603381.log
2012-11-29 17:18 - 2011-05-18 23:30 - 00045609 ____A C:\Windows\KB2507618.log
2012-11-29 17:18 - 2010-10-15 23:24 - 00044867 ____A C:\Windows\KB981322.log
2012-11-29 17:18 - 2010-06-09 02:07 - 00049809 ____A C:\Windows\KB978695.log
2012-11-29 17:18 - 2009-12-09 03:02 - 00048947 ____A C:\Windows\KB973904.log
2012-11-29 17:18 - 2009-09-08 13:35 - 00042109 ____A C:\Windows\KB952287.log
2012-11-29 17:17 - 2012-11-29 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB974392$
2012-11-29 17:17 - 2012-11-29 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2012-11-29 17:17 - 2012-11-29 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2653956$
2012-11-29 17:17 - 2012-11-29 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2508429$
2012-11-29 17:17 - 2012-11-29 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2419632$
2012-11-29 17:17 - 2012-11-29 16:40 - 00029248 ____A C:\Windows\KB2749655.log
2012-11-29 17:17 - 2012-11-29 16:40 - 00028933 ____A C:\Windows\KB971029.log
2012-11-29 17:17 - 2012-05-16 23:26 - 00038182 ____A C:\Windows\KB2653956.log
2012-11-29 17:17 - 2011-05-18 23:26 - 00037945 ____A C:\Windows\KB2508429.log
2012-11-29 17:17 - 2011-02-18 00:23 - 00050980 ____A C:\Windows\KB2419632.log
2012-11-29 17:17 - 2009-12-09 01:11 - 00042093 ____A C:\Windows\KB974392.log
2012-11-29 17:17 - 2008-07-21 17:06 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-29 17:16 - 2012-11-29 17:16 - 00000000 __HDC C:\Windows\$NtUninstallKB971029$
2012-11-29 17:16 - 2012-11-29 17:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2506212$
2012-11-29 17:16 - 2011-05-18 23:27 - 00035865 ____A C:\Windows\KB2506212.log
2012-11-29 17:16 - 2009-09-08 13:36 - 00039513 ____A C:\Windows\KB952069.log
2012-11-29 17:15 - 2008-07-21 09:55 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-11-29 17:12 - 2012-11-29 17:12 - 00023148 ____A C:\Windows\KB2698365.log
2012-11-29 17:12 - 2012-11-29 17:12 - 00000000 __HDC C:\Windows\$NtUninstallKB977914$
2012-11-29 17:12 - 2012-11-29 17:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2705219-v2$
2012-11-29 17:12 - 2012-11-29 17:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2698365$
2012-11-29 17:12 - 2012-11-29 17:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2619339$
2012-11-29 17:12 - 2012-10-17 23:20 - 00034461 ____A C:\Windows\KB2705219-v2.log
2012-11-29 17:12 - 2012-01-19 00:26 - 00033985 ____A C:\Windows\KB2619339.log
2012-11-29 17:12 - 2010-05-12 05:30 - 00036626 ____A C:\Windows\KB978542.log
2012-11-29 17:12 - 2010-02-09 18:19 - 00040129 ____A C:\Windows\KB977914.log
2012-11-29 17:12 - 2008-07-21 17:00 - 00000000 ____D C:\Program Files\Outlook Express
2012-11-29 17:11 - 2012-11-29 17:11 - 00020858 ____A C:\Windows\KB2723135-v2.log
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB981997$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB979482$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB979309$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB978706$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB978542$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB973815$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB960803$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2012-11-29 17:11 - 2012-11-29 17:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2723135-v2$
2012-11-29 17:11 - 2012-11-29 16:38 - 00024686 ____A C:\Windows\KB2727528.log
2012-11-29 17:11 - 2010-09-15 23:33 - 00027138 ____A C:\Windows\KB981997.log
2012-11-29 17:11 - 2010-06-08 17:20 - 00048656 ____A C:\Windows\KB979482.log
2012-11-29 17:11 - 2010-04-14 04:34 - 00048176 ____A C:\Windows\KB979309.log
2012-11-29 17:11 - 2010-02-09 18:19 - 00035600 ____A C:\Windows\KB978706.log
2012-11-29 17:11 - 2009-09-08 13:28 - 00088446 ____A C:\Windows\KB973815.log
2012-11-29 17:11 - 2009-09-08 13:28 - 00049302 ____A C:\Windows\KB960803.log
2012-11-29 17:11 - 2008-07-21 17:01 - 00000000 ____D C:\Program Files\Movie Maker
2012-11-29 17:10 - 2012-11-29 17:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
2012-11-29 17:10 - 2012-11-29 17:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2012-11-29 17:10 - 2012-11-29 16:39 - 00025148 ____A C:\Windows\KB2761226.log
2012-11-29 17:10 - 2012-11-29 16:39 - 00024991 ____A C:\Windows\KB2661254-v2.log
2012-11-29 17:09 - 2012-11-29 17:09 - 00000000 __HDC C:\Windows\$NtUninstallKB956802$
2012-11-29 17:09 - 2012-11-29 17:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2676562$
2012-11-29 17:09 - 2012-11-29 17:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2509553$
2012-11-29 17:09 - 2012-11-29 16:39 - 00025064 ____A C:\Windows\KB2509553.log
2012-11-29 17:09 - 2012-06-15 23:34 - 00034534 ____A C:\Windows\KB2676562.log
2012-11-29 17:09 - 2009-09-08 13:27 - 00041518 ____A C:\Windows\KB956802.log
2012-11-29 17:08 - 2012-11-29 17:08 - 00000000 __HDC C:\Windows\$NtUninstallKB982665$
2012-11-29 17:08 - 2012-11-29 17:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2744842$
2012-11-29 17:08 - 2012-11-29 16:39 - 00023483 ____A C:\Windows\KB2744842.log
2012-11-29 17:08 - 2010-09-15 23:32 - 00027504 ____A C:\Windows\KB982665.log
2012-11-29 17:06 - 2012-11-29 17:06 - 00014428 ____A C:\Windows\KB2393802.log
2012-11-29 17:06 - 2012-11-29 17:06 - 00012689 ____A C:\Windows\KB2544521.log
2012-11-29 17:06 - 2012-11-29 17:06 - 00000000 __HDC C:\Windows\$NtUninstallKB923561$
2012-11-29 17:06 - 2012-11-29 17:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2620712$
2012-11-29 17:06 - 2012-11-29 17:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2544521$
2012-11-29 17:06 - 2012-11-29 17:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2478960$
2012-11-29 17:06 - 2012-11-29 17:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2393802$
2012-11-29 17:06 - 2012-01-19 00:28 - 00024204 ____A C:\Windows\KB2620712.log
2012-11-29 17:06 - 2009-09-08 13:36 - 00027312 ____A C:\Windows\KB923561.log
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB975467$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB968389$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2584146$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2566454$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2423089$
2012-11-29 17:05 - 2012-11-29 17:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2360937$
2012-11-29 17:05 - 2012-02-16 00:22 - 00021321 ____A C:\Windows\KB2584146.log
2012-11-29 17:05 - 2011-09-16 23:22 - 00027890 ____A C:\Windows\KB2566454.log
2012-11-29 17:05 - 2011-01-16 00:13 - 00014024 ____A C:\Windows\KB2423089.log
2012-11-29 17:05 - 2010-11-18 00:20 - 00016323 ____A C:\Windows\KB2360937.log
2012-11-29 17:05 - 2009-10-13 15:33 - 00027937 ____A C:\Windows\KB975467.log
2012-11-29 17:05 - 2009-09-08 13:34 - 00080252 ____A C:\Windows\KB968389.log
2012-11-29 16:19 - 2012-11-29 16:19 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2012-11-29 16:19 - 2012-11-29 16:19 - 00000090 ____A C:\Windows\System32\spupdwxp.log
2012-11-29 16:19 - 2008-07-21 17:02 - 00316640 ____A C:\Windows\WMSysPr9.prx
2012-11-29 16:19 - 2008-07-21 17:00 - 00000972 ____A C:\Windows\DtcInstall.log
2012-11-29 16:18 - 2012-11-29 15:56 - 00506697 ____A C:\Windows\svcpack.log
2012-11-29 16:18 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\security
2012-11-29 16:04 - 2012-11-29 16:04 - 00000000 ____D C:\Windows\System32\bits
2012-11-29 16:04 - 2008-07-21 17:00 - 00006439 ____A C:\Windows\sessmgr.setup.log
2012-11-29 16:04 - 2008-07-21 16:59 - 00000546 ____A C:\Windows\cmsetacl.log
2012-11-29 16:04 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\System32\inetsrv
2012-11-29 16:04 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\PeerNet
2012-11-29 16:04 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\ime
2012-11-29 16:03 - 2012-11-29 16:03 - 00000000 ____D C:\Windows\ServicePackFiles
2012-11-29 16:02 - 2008-07-21 17:01 - 00000000 ____D C:\Windows\srchasst
2012-11-29 16:02 - 2008-07-21 17:00 - 00000000 ____D C:\Windows\System32\Restore
2012-11-29 16:02 - 2008-07-21 17:00 - 00000000 ____D C:\Program Files\NetMeeting
2012-11-29 16:02 - 2008-07-21 17:00 - 00000000 ____D C:\Program Files\Common Files\System
2012-11-29 16:02 - 2008-07-21 16:59 - 00000000 ____D C:\Windows\System32\Com
2012-11-29 16:02 - 2008-07-21 16:59 - 00000000 ____D C:\Program Files\Windows NT
2012-11-29 16:02 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\System32\usmt
2012-11-29 16:02 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\System32\npp
2012-11-29 16:02 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\system
2012-11-29 16:02 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\mui
2012-11-29 16:02 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\msagent
2012-11-29 16:00 - 2012-11-29 15:58 - 00000000 __HDC C:\Windows\$NtServicePackUninstall$
2012-11-29 15:31 - 2012-11-29 12:08 - 2145386496 ____A C:\Windows\MEMORY.DMP
2012-11-29 15:31 - 2009-09-09 13:42 - 00000000 __SHD C:\Windows\CSC
2012-11-29 15:25 - 2012-11-29 15:25 - 00013724 ____A C:\Windows\System32\wpa.bak
2012-11-29 14:24 - 2010-08-09 14:21 - 00000000 ___AD C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-11-29 13:34 - 2011-02-10 11:34 - 00000000 ____D C:\Windows\pss
2012-11-29 13:24 - 2011-02-10 12:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-29 13:23 - 2012-05-15 08:24 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2012-11-29 13:20 - 2012-11-29 13:20 - 00012712 ____A C:\ComboFix.txt
2012-11-29 13:20 - 2012-11-29 12:59 - 00000000 ____D C:\Qoobox
2012-11-29 13:19 - 2012-11-29 13:27 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20121129-132722.backup
2012-11-29 13:19 - 2012-11-29 12:59 - 00000000 ____D C:\Windows\erdnt
2012-11-29 12:46 - 2012-11-29 12:46 - 00065536 ____A C:\Windows\Minidump\Mini112912-02.dmp
2012-11-29 12:35 - 2012-11-29 12:35 - 00065536 ____A C:\Windows\Minidump\Mini112912-01.dmp
2012-11-29 12:35 - 2012-11-29 12:35 - 00000000 ____D C:\Windows\Minidump
2012-11-29 12:29 - 2012-11-29 12:29 - 00000052 ____A C:\Windows\oobeact.log
2012-11-29 12:29 - 2012-11-29 12:29 - 00000000 ____D C:\df37febdd5368d193e66dcbd9fa8c14a
2012-11-29 12:28 - 2012-11-29 12:28 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-11-29 12:23 - 2012-11-29 12:23 - 00262144 ____A C:\Windows\System32\config\userdifr
2012-11-29 12:23 - 2012-11-29 12:23 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG
2012-11-29 12:23 - 2008-07-21 17:02 - 00023392 ____A C:\Windows\System32\nscompat.tlb
2012-11-29 12:23 - 2008-07-21 17:02 - 00016832 ____A C:\Windows\System32\amcompat.tlb
2012-11-29 12:23 - 2008-07-21 17:01 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2012-11-29 12:23 - 2008-07-21 17:00 - 00000000 ____D C:\Windows\Registration
2012-11-29 12:22 - 2012-11-29 12:22 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2012-11-29 12:22 - 2012-11-29 12:22 - 00000749 __RAH C:\Windows\System32\wuaucpl.cpl.manifest
2012-11-29 12:22 - 2012-11-29 12:22 - 00000749 __RAH C:\Windows\System32\sapi.cpl.manifest
2012-11-29 12:22 - 2012-11-29 12:22 - 00000749 __RAH C:\Windows\System32\nwc.cpl.manifest
2012-11-29 12:22 - 2012-11-29 12:22 - 00000749 __RAH C:\Windows\System32\ncpa.cpl.manifest
2012-11-29 12:22 - 2012-11-29 12:22 - 00000488 __RAH C:\Windows\System32\logonui.exe.manifest
2012-11-29 12:22 - 2008-07-21 17:01 - 00000749 __RAH C:\Windows\System32\cdplayer.exe.manifest
2012-11-29 12:22 - 2008-07-21 17:01 - 00000488 __RAH C:\Windows\System32\WindowsLogon.manifest
2012-11-29 12:22 - 2008-07-21 09:55 - 00004161 ____A C:\Windows\ODBCINST.INI
2012-11-29 12:22 - 2008-07-21 09:51 - 00000000 ___RD C:\Windows\Web
2012-11-29 12:21 - 2008-07-21 09:55 - 00000332 ____A C:\Windows\setuperr.log
2012-11-29 12:20 - 2012-11-29 12:20 - 00000793 ____A C:\Documents and Settings\Default User\Desktop\Windows Media Player.lnk
2012-11-29 12:20 - 2008-07-21 17:00 - 00023444 ____A C:\Windows\System32\emptyregdb.dat
2012-11-29 12:15 - 2008-07-21 09:58 - 00000613 ____A C:\Windows\wiadebug.log
2012-11-29 12:15 - 2008-07-21 09:58 - 00000050 ____A C:\Windows\wiaservc.log
2012-11-29 12:10 - 2008-07-21 09:55 - 00004266 ____A C:\Windows\regopt.log
2012-11-29 12:10 - 2008-07-21 09:55 - 00000062 __ASH C:\Documents and Settings\Default User\Local Settings\desktop.ini
2012-11-29 12:10 - 2008-07-21 09:55 - 00000062 __ASH C:\Documents and Settings\Default User\Application Data\desktop.ini
2012-11-29 12:10 - 2008-07-21 09:55 - 00000062 __ASH C:\Documents and Settings\All Users\Application Data\desktop.ini
2012-11-29 12:08 - 2012-11-29 12:08 - 00065536 ____A C:\Windows\System32\config\ODiag.evt
2012-11-29 12:08 - 2012-11-29 12:08 - 00065536 ____A C:\Windows\System32\config\Lenovo-M.evt
2012-11-29 12:08 - 2012-11-29 12:08 - 00065536 ____A C:\Windows\System32\config\Internet.evt
2012-11-29 11:45 - 2008-07-21 09:55 - 00262144 ____A C:\Windows\System32\config\security.sav
2012-11-29 06:55 - 2008-07-21 17:50 - 00000228 _RASH C:\boot.ini.bak
2012-11-29 06:55 - 2008-07-21 09:54 - 38305792 ____A C:\Windows\System32\config\software.sav
2012-11-29 06:55 - 2008-07-21 09:54 - 02621440 ____A C:\Windows\System32\config\system.sav
2012-11-29 06:55 - 2008-07-21 09:54 - 00262144 ____A C:\Windows\System32\config\userdiff
2012-11-29 06:55 - 2008-07-21 09:54 - 00001024 ___AH C:\Windows\System32\config\userdiff.LOG
2012-11-29 06:52 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\twain_32
2012-11-29 06:51 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\System32\icsxml
2012-11-29 06:51 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\System32\ias
2012-11-29 06:51 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\System32\1033
2012-11-29 06:50 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\Driver Cache
2012-11-29 06:41 - 2008-07-21 09:54 - 00303104 ____A C:\Windows\System32\config\default.sav
2012-11-21 10:13 - 2012-11-21 08:35 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-11-21 10:12 - 2012-11-14 12:16 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Task Scheduler.bak
2012-11-15 11:38 - 2012-11-15 11:38 - 00000209 ____A C:\Documents and Settings\mike\Desktop\REATOGO.txt
2012-11-15 11:11 - 2012-11-15 11:11 - 00049454 ____A C:\OTL.Txt
2012-11-14 13:32 - 2009-09-09 14:32 - 00000178 __ASH C:\Documents and Settings\administrator.CP\ntuser.ini
2012-11-14 13:11 - 2009-09-09 14:32 - 00000062 __ASH C:\Documents and Settings\administrator.CP\Local Settings\desktop.ini
2012-11-14 13:09 - 2009-09-08 13:17 - 00000520 ____A C:\Windows\System32\ICAutoUpdate.log.bak
2012-11-14 12:14 - 2009-09-28 08:11 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Nitro PDF
2012-11-14 10:32 - 2011-09-15 08:18 - 00001615 ____A C:\Documents and Settings\mike\Desktop\MGP SCANS - Shortcut.lnk
2012-11-14 08:39 - 2009-09-09 15:51 - 00002341 ____A C:\Documents and Settings\mike\Desktop\WordPerfect.lnk
2012-11-14 08:09 - 2009-09-09 14:11 - 00002521 ____A C:\Documents and Settings\mike\Desktop\Microsoft Office Outlook 2007.lnk
2012-11-13 13:09 - 2012-11-13 13:09 - 00315072 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-11-10 20:00 - 2009-07-23 14:32 - 00000436 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-11-06 16:23 - 2010-08-09 15:26 - 00000000 ____D C:\Program Files\LogMeIn
2012-11-06 16:22 - 2009-09-09 15:53 - 00092072 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-11-06 16:22 - 2009-09-09 15:53 - 00031144 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
RP: -> 2012-12-02 15:06 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9
RP: -> 2012-12-02 14:06 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP8
RP: -> 2012-12-02 14:03 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP7
RP: -> 2012-11-30 18:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP6
RP: -> 2012-11-29 17:46 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP5
RP: -> 2012-11-29 17:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP4
RP: -> 2012-11-29 15:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP3
RP: -> 2012-11-29 15:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP2
RP: -> 2012-12-03 03:00 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP11
RP: -> 2012-12-03 00:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP10
RP: -> 2012-11-29 15:21 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP1
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 3037.17 MB
Available physical RAM: 2425.75 MB
Total Pagefile: 4923.06 MB
Available Pagefile: 4492.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1986.26 MB
==================== Partitions =============================
1 Drive c: (Preload) (Fixed) (Total:229.47 GB) (Free:157.15 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 229 GB 1024 KB
Partition 2 OEM 3496 MB 229 GB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Preload NTFS Partition 229 GB Healthy System (partition with boot components)
=========================================================
Disk: 0
Partition 2
Type : 12
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
==================== End Of Log ============================
Farbar Recovery Scan Tool (x86) Version: 02-12-2012
Ran by mike at 2012-12-03 14:07:53
Running from C:\download
================== Search: "services.exe" ===================
C:\WINDOWS\system32\services.exe
[2004-08-03 08:56] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\system32\dllcache\services.exe
[2012-11-29 16:42] - [2009-02-06 06:11] - 0110592 ____C (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[2012-11-29 16:42] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[2012-11-29 16:42] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[2012-11-29 16:42] - [2009-02-06 05:22] - 0110592 ____A (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd
C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[2012-11-29 16:42] - [2009-02-06 12:14] - 0110592 ____A (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de
C:\WINDOWS\ServicePackFiles\i386\services.exe
[2012-11-29 16:03] - [2008-04-14 05:42] - 0108544 ____N (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\WINDOWS\erdnt\cache\services.exe
[2012-11-29 13:19] - [2004-08-03 08:56] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2012-11-29 17:22] - [2008-04-14 05:42] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2012-11-29 15:58] - [2004-08-03 08:56] - 0108032 ____C (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-09-08 13:28] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
C:\RRbackups\FR\UF\WINDOWS\system32\services.exe
[2009-09-08 13:17] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\OLD PC\WINDOWS\system32\services.exe
[2009-09-08 16:38] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de
C:\OLD PC\WINDOWS\system32\dllcache\services.exe
[2009-09-08 16:39] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de
C:\OLD PC\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2009-09-08 16:40] - [2008-04-13 19:12] - 0108544 ____N (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\OLD PC\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-09-08 16:43] - [2004-08-04 06:00] - 0108032 ____N (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-09-08 16:44] - [2009-02-06 06:06] - 0110592 ____N (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009-09-08 16:44] - [2009-02-06 06:11] - 0110592 ____N (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009-09-08 16:44] - [2009-02-06 05:22] - 0110592 ____N (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd
=== End Of Search ===

Jay Pfoutz · Dec 4, 2012

Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

Select Start > All Programs > Accessories > System tools > System Restore.

On the dialogue box that appears select Create a Restore Point

Click NEXT

Enter a name e.g. Clean

Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.

In the Drop down box that appears select your main drive e.g. C

Click OK

The System will do some calculation and the display a dialogue box with TABS

Select the More Options Tab.

At the bottom will be a system restore box with a CLEANUP button click this

Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.

Double click OTC.exe.

Click the CleanUp! button.

If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.

A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.

On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.

Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Eric Witzling · Dec 4, 2012

Looks good indeed. Which I am honestly very surprised about.

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
I
s
p
l
a
y
N
a
m
e
ECHO is off.
e
T
r
u
s
t
ECHO is off.
I
T
M
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java(TM) 6 Update 15
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
CA eTrustITM InoRT.exe
CA eTrustITM realmon.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

Eric Witzling · Dec 4, 2012

Windows Security Center is always off, as that's controlled by the Continuum remote management suite.

Java, Flash, and Reader I'll go ahead and update, as I always do after infections. ^_^

Eric Witzling · Dec 4, 2012

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
eTrust ITM
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 9
Adobe Reader 9
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
CA eTrustITM InoRT.exe
CA eTrustITM realmon.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

Jay Pfoutz · Dec 5, 2012

Good job! Now, make sure to remove Adobe Reader 9 from the programs.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

Eric Witzling · Dec 5, 2012

No other questions. Everything looks good from here. ^_^

Thanks for all the help!

Jay Pfoutz · Dec 5, 2012

You're welcome.

Topic solved. √

TechSpot

Welcome to TechSpot

FBI warning malware straight to boot-looping

Eric Witzling Newcomer, in training Posts: 72

Eric Witzling Newcomer, in training Posts: 72

Jay Pfoutz Malware Helper Posts: 4,286 +49

Eric Witzling Newcomer, in training Posts: 72

Jay Pfoutz Malware Helper Posts: 4,286 +49

Eric Witzling Newcomer, in training Posts: 72

Eric Witzling Newcomer, in training Posts: 72

Jay Pfoutz Malware Helper Posts: 4,286 +49

Eric Witzling Newcomer, in training Posts: 72

Eric Witzling Newcomer, in training Posts: 72

Eric Witzling Newcomer, in training Posts: 72

Jay Pfoutz Malware Helper Posts: 4,286 +49

Eric Witzling Newcomer, in training Posts: 72

Eric Witzling Newcomer, in training Posts: 72

Eric Witzling Newcomer, in training Posts: 72

Jay Pfoutz Malware Helper Posts: 4,286 +49

Eric Witzling Newcomer, in training Posts: 72

Jay Pfoutz Malware Helper Posts: 4,286 +49

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.