Solved Not sure if I am infected

[cheesehead9099]

Today I found some suspicious folders in the C: drive - they are both random numbers and letters, and one has the files $shtdwn$.req, mrt.exe._p, and mrtstub.exe in it. When I try to open the files, it says "you do not have permission to open these files. contact the administrator or owner for permission." The other has spinstall.exe as well as another folder with a long name of numbers and letters, which opens up to reveal 20-25 folders with the name pt-br, pt-pt, ro-ro, etc. All of these folders have the same 4 files in them: acres.dll.mui, spcmsg.dll.mui, sperror.dll.mui, and spwizui.dll.mui. I need to know whether these files are viruses or not.. I've run all the required scans and have pasted the logs below. The computer has had virus problems in the past and I have found and removed some trojans and adware programs with MBAM, MSE, and more. Computer is running win 7 x32 and is sometimes glitchy (I.e. cursor jumps around, random programs 'not responding')

Please help me in determining whether or not this computer is infected

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by jatbai at 21:13:03 on 2012-07-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3033.2041 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Windows\System32\IgrsSvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\StikyNot.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://www.lenovo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GameXN GO] "c:\programdata\gamexn\GameXNGO.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-in.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\2454C4C4731393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\64255454023554C4543445023514E44475943484027594D26494 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\75C414E4 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CC6A505-9C22-4EF0-9789-F170B0606A81}\845627F6 : DhcpNameServer = 192.168.0.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-12-12 54800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-8-11 30152]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-1-20 23136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-6-19 374648]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2009-12-12 11792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-5 135664]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2009-12-12 63240]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-5 135664]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2009-12-12 414984]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2009-12-12 472328]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-22 81704]
.
=============== Created Last 30 ================
.
2012-07-25 18:45:126891424----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{fd054265-0189-42c1-aea2-17db5d9e967c}\mpengine.dll
2012-07-25 18:40:59766976----a-w-c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-07-25 18:36:40--------d-----w-c:\users\jatbai\appdata\local\{AC1AED8E-2441-438F-95B8-A4376366CFC1}
2012-07-25 18:35:42--------d-----w-c:\users\jatbai\appdata\local\{E72604DC-7FC1-4B47-8660-B3ABFF61CE9D}
2012-07-23 02:12:22--------d-----w-c:\users\jatbai\appdata\roaming\SUPERAntiSpyware.com
2012-07-23 02:12:11--------d-----w-c:\programdata\SUPERAntiSpyware.com
2012-07-23 02:12:11--------d-----w-c:\program files\SUPERAntiSpyware
2012-07-22 22:39:236891424----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-22 22:19:04--------d-----w-c:\program files\Microsoft
2012-07-22 22:18:236891424----a-w-c:\programdata\microsoft\windows defender\definition updates\{3da8dcec-e03a-4f6c-ab90-ecceb8dbdadd}\mpengine.dll
2012-07-22 22:15:53514560----a-w-c:\windows\system32\qdvd.dll
2012-07-22 22:15:39478720----a-w-c:\windows\system32\timedate.cpl
2012-07-22 22:15:03288256----a-w-c:\windows\system32\XpsGdiConverter.dll
2012-07-22 22:14:43442880----a-w-c:\windows\system32\ntshrui.dll
2012-07-22 22:14:4027008----a-w-c:\windows\system32\drivers\Diskdump.sys
2012-07-22 16:13:42--------d-----w-c:\program files\ESET
2012-07-22 16:10:531549312----a-w-c:\windows\system32\tquery.dll
2012-07-22 16:07:23219008----a-w-c:\windows\system32\drivers\dxgmms1.sys
2012-07-22 16:03:34--------d-----w-c:\users\jatbai\appdata\local\{48D5729A-2169-4CB6-91CF-90C03861011A}
2012-07-22 16:03:22--------d-----w-c:\users\jatbai\appdata\local\{948E9AE0-FE1A-46F6-9AB8-4ABA0535D399}
2012-07-21 21:31:37--------d-----w-c:\windows\system32\SPReview
2012-07-21 21:28:59744448----a-w-c:\windows\system32\ActionCenter.dll
2012-07-21 21:03:12--------d-----w-c:\users\jatbai\appdata\local\{485FBE4F-AEA4-4604-907E-8AEE3C29F09F}
2012-07-21 21:03:01--------d-----w-c:\users\jatbai\appdata\local\{5879D6F2-0CC1-4B19-91C7-51F5D04A4A49}
2012-07-21 20:41:306260088----a-w-c:\program files\common files\windows live\.cache\342afc661cd678109\Silverlight.4.0.exe
2012-07-21 20:41:15--------d-----w-c:\users\jatbai\appdata\local\Windows Live
2012-07-21 19:53:55--------d-----w-c:\program files\CCleaner
2012-07-21 19:00:33--------d-----w-C:\TDSSKiller_Quarantine
2012-07-21 18:39:3722344----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-12 04:42:482345984----a-w-c:\windows\system32\win32k.sys
2012-07-11 13:49:501158656----a-w-c:\windows\system32\crypt32.dll
2012-07-11 13:49:49140288----a-w-c:\windows\system32\cryptsvc.dll
2012-07-11 13:49:49103936----a-w-c:\windows\system32\cryptnet.dll
2012-07-03 23:59:41713784------w-c:\programdata\microsoft\microsoft antimalware\definition updates\{42dea5b7-d546-4254-a630-fc4acb26b3f7}\gapaengine.dll
.
==================== Find3M ====================
.
2012-07-25 18:40:59420864----a-w-c:\windows\system32\vbscript.dll
2012-07-25 18:40:5935840----a-w-c:\windows\system32\imgutil.dll
2012-07-25 18:40:592382848----a-w-c:\windows\system32\mshtml.tlb
2012-07-25 18:40:591800192----a-w-c:\windows\system32\jscript9.dll
2012-07-25 18:40:59142848----a-w-c:\windows\system32\ieUnatt.exe
2012-07-25 18:40:5911776----a-w-c:\windows\system32\mshta.exe
2012-07-25 18:40:59101888----a-w-c:\windows\system32\admparse.dll
2012-07-21 21:39:05152576----a-w-c:\windows\system32\msclmd.dll
2012-06-19 04:32:12374648----a-w-c:\windows\system32\drivers\b57nd60x.sys
2012-06-06 05:05:521390080----a-w-c:\windows\system32\msxml6.dll
2012-06-06 05:05:521236992----a-w-c:\windows\system32\msxml3.dll
2012-06-06 05:03:06805376----a-w-c:\windows\system32\cdosys.dll
2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19:42171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:12:2033792----a-w-c:\windows\system32\wuapp.exe
2012-06-02 04:45:0467440----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59369336----a-w-c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39225280----a-w-c:\windows\system32\schannel.dll
2012-06-02 04:39:10219136----a-w-c:\windows\system32\ncrypt.dll
2012-05-01 04:44:12164352----a-w-c:\windows\system32\profsvc.dll
2012-04-28 03:17:07183808----a-w-c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 21:13:42.41 ===============
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/01/2010 12:45:45 AM
System Uptime: 25/07/2012 7:57:18 PM (2 hours ago)
.
Motherboard: LENOVO | | NITU1
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 1197/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 189 GiB total, 152.731 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 0.001 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.0.1
ALPS Touch Pad Driver
Bing Desktop
Broadcom 802.11 Wireless Driver
Broadcom Gigabit Integrated Controller
Canon MF Toolbox 4.9.1.1.mf03
Canon MF4100 Series
CCleaner
Conexant HD Audio
D3DX10
EasyCapture
Energy Management
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Application Error Reporting
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Power2Go
QuickBooks
QuickBooks Premier: Accountant Edition 2011
Realtek USB 2.0 Card Reader
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Skype Toolbars
Skype™ 4.2
SUPERAntiSpyware
SupportSoft Assisted Service
VeriFace
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual Studio 2005 Tools for Office Second Edition Runtime
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
21/07/2012 5:38:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows 7 Service Pack 1 (KB976932).
21/07/2012 4:59:57 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
21/07/2012 4:59:57 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
21/07/2012 4:51:43 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
21/07/2012 4:45:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 (KB976932).
.
==== End Of File ===========================
Malwarebytes Log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.21.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
jatbai :: JATBAI-PC [administrator]
25/07/2012 8:59:29 PM
mbam-log-2012-07-25 (20-59-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219713
Time elapsed: 9 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
And finally, the GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-25 21:54:10
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
Running: rcjoy6of.exe; Driver: C:\Users\jatbai\AppData\Local\Temp\uxdiqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C753C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9983FC9D 28 Bytes CALL CF083232
.text peauth.sys 9983FCC1 28 Bytes CALL CF083256
? C:\Users\jatbai\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72C124CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72BF562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72BF56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72C12546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72C085AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72C04D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72C05105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72C051DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [72C06707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72C08301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72C08850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72C090B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72C0E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [72C04C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Thanks for your help

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  

  :dir
  c:\

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[cheesehead9099]

Hi, thanks for the reply. Here is my systemlook log:
SystemLook 30.07.11 by jpshortstuff
Log created at 12:17 on 26/07/2012 by jatbai
Administrator - Elevation successful

========== dir ==========

c: - Parameters: "(none)"

---Files---
AtmApInit.txt--a---- 89 bytes[07:33 12/12/2009][07:50 12/12/2009]
autoexec.bat--a---- 24 bytes[02:04 14/07/2009][21:42 10/06/2009]
bootmgr-rahs-- 383786 bytes[07:03 12/12/2009][12:40 20/11/2010]
BOOTSECT.BAK-rahs-- 8192 bytes[07:03 12/12/2009][07:03 12/12/2009]
config.sys--a---- 10 bytes[02:04 14/07/2009][21:42 10/06/2009]
EasyCapture.log--a---- 32 bytes[07:37 12/12/2009][07:37 12/12/2009]
FaceProv.log--a---- 13042370 bytes[07:46 12/12/2009][16:13 26/07/2012]
hiberfil.sys--ahs-- -1910034432 bytes[21:37 09/01/2010][16:05 26/07/2012]
pagefile.sys--ahs-- -1115054080 bytes[21:37 09/01/2010][16:05 26/07/2012]
TDSSKiller.2.7.46.0_21.07.2012_14.59.21_log.txt--a---- 125650 bytes[18:59 21/07/2012][19:00 21/07/2012]
TDSSKiller.2.7.46.0_22.07.2012_23.38.25_log.txt--a---- 121742 bytes[03:38 23/07/2012][03:39 23/07/2012]

---Folders---
$RECYCLE.BINd--hs--[05:46 09/01/2010]
9109402f765c3bfd51c6d------[02:41 14/05/2010]
a6a0cc020b5c6777ed453e44976ec2d------[19:30 17/11/2011]
Bootd--hs--[07:03 12/12/2009]
CanonMFd--h---[03:37 13/05/2010]
Documents and Settingsd--hs--[04:53 14/07/2009]
Driversd------[07:19 12/12/2009]
found.000d--hs--[04:30 18/06/2011]
HP Universal Print Driverd------[13:17 02/04/2012]
Inteld------[07:21 12/12/2009]
MSOCachedr-h---[15:47 28/02/2010]
PerfLogsd------[02:37 14/07/2009]
Program Filesdr-----[02:37 14/07/2009]
ProgramDatad--h---[02:37 14/07/2009]
Recoveryd--hs--[05:44 09/01/2010]
System Volume Informationd--hs--[18:56 15/12/2009]
TDSSKiller_Quarantined------[19:00 21/07/2012]
Usersdr-----[02:37 14/07/2009]
Windowsd------[02:37 14/07/2009]

-= EOF =-

The computer has not gotten any worse, but there is still the periodic freezing in different programs. Also, I'd like to note that when I checked the properties of the mrtstub.exe file, there was NO 'digital signatures' tab - is this troubling? Also, when I tried to upload the file to virustotal, it said that I did not have permission to do so.

 

[Broni]

Are you talking about these folders?
a6a0cc020b5c6777ed453e44976ec2d
9109402f765c3bfd51c6d

Re-run System Look with this code:

:dir
c:\9109402f765c3bfd51c6d /s
c:\a6a0cc020b5c6777ed453e44976ec2d /s

 

[cheesehead9099]

It's not working..it says that it was unable to find the folder.

SystemLook 30.07.11 by jpshortstuff
Log created at 19:20 on 26/07/2012 by jatbai
Administrator - Elevation successful

========== dir ==========

9109402f765c3bfd51c6d - Unable to find folder.

a6a0cc020b5c6777ed453e44976ec2d - Unable to find folder.

-= EOF =-

Should I try and delete these folders? I'd also like to add that I found a file called _rglp in my documents, and I deleted that along with a folder from a leftover game that my kid installed - EscapetheMuseum.

By the way, is there anything that seems wrong with the computer, or does it seem fine other than the folders I mentioned? I'd also like to ask if it is ok for me to download Windows updates

 

[Broni]

Ooops...my fault.
I just edited my script.
Try again.

 

[cheesehead9099]

Same thing:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:53 on 26/07/2012 by jatbai
Administrator - Elevation successful

========== dir ==========

c:\9109402f765c3bfd51c6d - Unable to find folder.

c:\a6a0cc020b5c6777ed453e44976ec2d - Unable to find folder.

-= EOF =-

Also wanted to let you know that I went ahead and installed the Windows updates - they were important security updates so I didn't want to take a chance. Is that ok or did I just screw up big time?

 

[cheesehead9099]

Hello, I ran systemlook again, but I took away the 'd' at the end of the file names that you added - the files on my computer do not have a d there (they end as c6 and c2)
This is what it gave me:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:57 on 26/07/2012 by jatbai
Administrator - Elevation successful

========== dir ==========

c:\9109402f765c3bfd51c6 - Parameters: "/s"

---Files---
$shtdwn$.req--ah--- 788 bytes[02:41 14/05/2010][02:41 14/05/2010]
mrt.exe._p--a---- 1198499 bytes[16:09 30/04/2010][16:09 30/04/2010]
mrtstub.exe--a---- 58312 bytes[15:51 30/04/2010][15:51 30/04/2010]

No folders found.

c:\a6a0cc020b5c6777ed453e44976ec2 - Parameters: "/s"

---Files---
spinstall.exe--a---- 463120 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8fd------[19:30 17/11/2011]
acres.dll--a---- 2560 bytes[19:30 17/11/2011][19:30 17/11/2011]
drvmain.sdb--a---- 151630 bytes[19:30 17/11/2011][19:30 17/11/2011]
sdbapiu.dll--a---- 103424 bytes[19:30 17/11/2011][19:30 17/11/2011]
spc.cat--a---- 10052 bytes[19:30 17/11/2011][19:30 17/11/2011]
spc.xml--a---- 3721 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcinstrumentation.man--a---- 8280 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll--a---- 12288 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll--a---- 190464 bytes[19:30 17/11/2011][19:30 17/11/2011]
spreview.exe--a---- 280576 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll--a---- 253952 bytes[19:30 17/11/2011][19:30 17/11/2011]
sysmain.sdb--a---- 4075336 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\ar-sad------[19:30 17/11/2011]
acres.dll.mui--a---- 271360 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 4608 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 126464 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\bg-bgd------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 22016 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\cs-czd------[19:30 17/11/2011]
acres.dll.mui--a---- 314368 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 20992 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\da-dkd------[19:30 17/11/2011]
acres.dll.mui--a---- 306688 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 20992 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\de-ded------[19:30 17/11/2011]
acres.dll.mui--a---- 343040 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4608 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5632 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 23040 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\el-grd------[19:30 17/11/2011]
acres.dll.mui--a---- 359424 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4608 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5632 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 23552 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\en-usd------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 4608 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 19968 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\es-esd------[19:30 17/11/2011]
acres.dll.mui--a---- 338432 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4608 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 22016 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\et-eed------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 20992 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eulad------[19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\ar-sad------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 34885 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\bg-bgd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 2479 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\cs-czd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1399 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\da-dkd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1136 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\de-ded------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1380 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\el-grd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 2771 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\en-usd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1055 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\es-esd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1322 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\et-eed------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1199 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\fi-fid------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1315 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\fr-frd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1398 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\he-ild------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 35066 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\hr-hrd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1357 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\hu-hud------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1285 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\it-itd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1383 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\ja-jpd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 3349 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\ko-krd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 4164 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\lt-ltd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1604 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\lv-lvd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1696 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\nb-nod------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1124 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\nl-nld------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1235 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\pl-pld------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1499 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\pt-brd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1286 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\pt-ptd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1261 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\ro-rod------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1512 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\ru-rud------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 3441 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\sk-skd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1338 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\sl-sid------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1211 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\sr-latn-csd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1277 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\sv-sed------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1285 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\th-thd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 3025 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\tr-trd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 1367 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\uk-uad------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 2999 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\zh-cnd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 2234 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\zh-hkd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 2089 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\eula\zh-twd------[19:30 17/11/2011]
server_license_addendum_1.rtf--a---- 2089 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\fi-fid------[19:30 17/11/2011]
acres.dll.mui--a---- 309248 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 20992 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\fr-frd------[19:30 17/11/2011]
acres.dll.mui--a---- 340992 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4608 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 22528 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\he-ild------[19:30 17/11/2011]
acres.dll.mui--a---- 258560 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 3584 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 4608 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 18432 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\hr-hrd------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 22016 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\hu-hud------[19:30 17/11/2011]
acres.dll.mui--a---- 335872 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 22016 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\it-itd------[19:30 17/11/2011]
acres.dll.mui--a---- 342528 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 22016 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\ja-jpd------[19:30 17/11/2011]
acres.dll.mui--a---- 210944 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 3584 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 15360 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\ko-krd------[19:30 17/11/2011]
acres.dll.mui--a---- 199680 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 3584 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 3584 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 14336 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\lt-ltd------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 20992 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\lv-lvd------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 21504 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\nb-nod------[19:30 17/11/2011]
acres.dll.mui--a---- 307712 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 20992 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\nl-nld------[19:30 17/11/2011]
acres.dll.mui--a---- 347648 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 22016 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\pl-pld------[19:30 17/11/2011]
acres.dll.mui--a---- 348160 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 22528 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\pt-brd------[19:30 17/11/2011]
acres.dll.mui--a---- 323584 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 21504 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\pt-ptd------[19:30 17/11/2011]
acres.dll.mui--a---- 326144 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 22016 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\ro-rod------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5632 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 21504 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\ru-rud------[19:30 17/11/2011]
acres.dll.mui--a---- 321536 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 21504 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\sk-skd------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 21504 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\sl-sid------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 22016 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\sr-latn-csd------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 21504 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\sv-sed------[19:30 17/11/2011]
acres.dll.mui--a---- 316928 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 20992 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\th-thd------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 4608 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 19968 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\tr-trd------[19:30 17/11/2011]
acres.dll.mui--a---- 303616 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 20480 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\uk-uad------[19:30 17/11/2011]
acres.dll.mui--a---- 292352 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 4096 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 5120 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 21504 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\zh-cnd------[19:30 17/11/2011]
acres.dll.mui--a---- 161280 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 3072 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 3584 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 12288 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\zh-hkd------[19:30 17/11/2011]
acres.dll.mui--a---- 160256 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 3072 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 3584 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 12800 bytes[19:30 17/11/2011][19:30 17/11/2011]

c:\a6a0cc020b5c6777ed453e44976ec2\2649b0be4342043f7dbf5fd2ecfb8f\zh-twd------[19:30 17/11/2011]
acres.dll.mui--a---- 160256 bytes[19:30 17/11/2011][19:30 17/11/2011]
spcmsg.dll.mui--a---- 3072 bytes[19:30 17/11/2011][19:30 17/11/2011]
sperror.dll.mui--a---- 3584 bytes[19:30 17/11/2011][19:30 17/11/2011]
spwizui.dll.mui--a---- 12800 bytes[19:30 17/11/2011][19:30 17/11/2011]

-= EOF =-

I thought this might be helpful.

 

[Broni]

Those are temporary folders (leftovers) from various MS updates.
You can safely delete those folders.

 

[cheesehead9099]

I deleted the folders, thanks!

I just wanted to ask: Is there anything else wrong with the computer that you found in the logs? Or am I clean?

 

[Broni]

I don't see anything suspicious.

 

[cheesehead9099]

Hi, thanks for all your help. I know I seem really paranoid but I just ran a scan with aswMBR and this file was highlighted in yellow:

21:28:07.217 Service MpKslfd9daf5a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B47B4F54-803B-4438-8991-368FB18A8121}\MpKslfd9daf5a.sys **LOCKED** 32

Here is the log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 21:23:25
-----------------------------
21:23:25.627 OS Version: Windows 6.1.7601 Service Pack 1
21:23:25.627 Number of processors: 2 586 0x170A
21:23:25.627 ComputerName: JATBAI-PC UserName: jatbai
21:24:00.590 Initialize success
21:25:51.946 AVAST engine defs: 12072602
21:27:21.949 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:27:21.954 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
21:27:21.986 Disk 0 MBR read successfully
21:27:21.991 Disk 0 MBR scan
21:27:22.004 Disk 0 Windows 7 default MBR code
21:27:22.022 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 193468 MB offset 2048
21:27:22.093 Disk 0 Partition - 00 0F Extended LBA 30150 MB offset 396224512
21:27:22.135 Disk 0 Partition 2 00 12 Compaq diag NTFS 14856 MB offset 457971712
21:27:22.187 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30149 MB offset 396226560
21:27:22.216 Disk 0 scanning sectors +488397168
21:27:22.665 Disk 0 scanning C:\Windows\system32\drivers
21:27:49.043 Service scanning
21:28:07.217 Service MpKslfd9daf5a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B47B4F54-803B-4438-8991-368FB18A8121}\MpKslfd9daf5a.sys **LOCKED** 32
21:28:34.180 Modules scanning
21:28:45.436 Disk 0 trace - called modules:
21:28:45.451 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
21:28:45.482 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ca2948]
21:28:45.482 3 CLASSPNP.SYS[8b77759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85e65028]
21:28:46.871 AVAST engine scan C:\Windows
21:28:50.896 AVAST engine scan C:\Windows\system32
21:33:58.720 AVAST engine scan C:\Windows\system32\drivers
21:34:12.261 AVAST engine scan C:\Users\jatbai
21:34:51.245 Disk 0 MBR has been saved successfully to "C:\Users\jatbai\Desktop\MBR.dat"
21:34:51.245 The log file has been saved successfully to "C:\Users\jatbai\Desktop\aswMBR.txt"
21:35:40.212 AVAST engine scan C:\ProgramData
21:36:47.339 Scan finished successfully
21:37:18.607 Disk 0 MBR has been saved successfully to "C:\Users\jatbai\Desktop\MBR.dat"
21:37:18.623 The log file has been saved successfully to "C:\Users\jatbai\Desktop\aswMBR.txt"

Is this something to be worried about? I know I seem really really paranoid but I just want to be completely sure because I have one other computer that will need to be formatted completely with a reinstall of Windows due to viruses.

Thank you so much for all your help

 

[Broni]

There is nothing to worry about.

 

[cheesehead9099]

Okay, thank you so much

 

[Broni]

Any time

 

[cheesehead9099]

Hi, I'm back. I'm just wondering - what does the yellow line on the aswMBR scan mean if it's nothing to worry about? Why would the program highlight that file in yellow if it's safe?

I'm just wondering because the computer is still sort of slow, and I'm worried that I could have an MBR rootkit.

Thanks for any clarification you can provide

 

[Broni]

There is nothing to worry about.

 

[cheesehead9099]

Hello,
I understand that it is nothing, but I was just looking for some clarification as to what it actually is..I realize that you guys are really busy here but I'm just looking for some peace of mind

 

[Broni]

It's a safe file belonging to Microsoft Antimalware\Definition Updates.

 

[cheesehead9099]

Okay, so it's locked because MS tries to ensure that the files aren't tampered with?

Thank you so much, I love this site

 

[Broni]

Most likely.

 

[cheesehead9099]

Hello Broni,

I am really not contented with this file; I tried to find it in the specified folder and it is not there. Can we please do some more investigative work to see if this file is really as safe as it seems..?

 

[Broni]

Well, I told you three times already it's a safe file so I'm saying this for the forth time....and last.