Hi,
I just joined, so I'm not sure if I am posting in the right place. I have had some problems with my computer recently: when looking at the task manager i saw that a lot of svchost.exe processes were running and taking up a lot of workspace. i then asked a friend (who knows more about computers than me) and he recommended me to get the tuneuputilities trial version, which i ran. i also got superantispyware and microsoft security essentials - i already had avir and malewarebytes on my computer. it found a couple of worms and deleted these, which was about a week ago. but when i tried to run defrag my computer screen would always at some point (usually when i wasn't around) turn black and i had to turn off the computer by pressing the button. the same happened when i did a full search with antispyware or even avira - i have now deinstalled avira and was able to run quick scans with all the other programms. i also followed the advise in your forum and will now post the log files. i don't know too much about all this, so please excuse my ignorance about certain things. hope i will do everything the way it should be done. all help would be greatly appreciated. i just saw that some of the log files are in german, hope that still makes sense.
p
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7764
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
23.09.2011 20:38:32
mbam-log-2011-09-23 (20-38-32).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 174496
Laufzeit: 6 Minute(n), 35 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-21 20:00:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0
Running: mxfsuutt.exe; Driver: C:\Users\peter\AppData\Local\Temp\kgloapow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_20
Run by peter at 19:04:01 on 2011-09-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3068.1763 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
uSearch Page = ${URL_SEARCHPAGE}
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyServer = 127.0.0.1:54323
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8FA6A89A-B6EF-4DD1-ABFA-8CB6B1BB1736} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{9E12E29A-4FA0-4FBC-9FC1-FF2C9F70DE48} : DhcpNameServer = 139.7.30.126 139.7.30.125
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
IFEO: image file execution options - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\peter\appdata\roaming\mozilla\firefox\profiles\rq19xamg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2096149&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2096149&SearchSource=2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54323
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslea07e285;MpKslea07e285;c:\programdata\microsoft\microsoft antimalware\definition updates\{92a1597b-9fd8-449a-9223-bdca48943639}\MpKslea07e285.sys [2011-9-22 28752]
R1 MpKslf8933b8f;MpKslf8933b8f;c:\programdata\microsoft\microsoft antimalware\definition updates\{92a1597b-9fd8-449a-9223-bdca48943639}\MpKslf8933b8f.sys [2011-9-23 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_030ac640\AEstSrv.exe [2008-9-27 73728]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-2-21 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-21 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-8 66616]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-7-1 298824]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-2 341328]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-9-1 1526080]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-1 81296]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-9-27 3658752]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-9-16 105576]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-7-7 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-4-9 7680]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-8-22 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-8-22 105344]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-2 193840]
.
=============== Created Last 30 ================
.
2011-09-23 17:04:21 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{92a1597b-9fd8-449a-9223-bdca48943639}\MpKslf8933b8f.sys
2011-09-22 19:55:44 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{92a1597b-9fd8-449a-9223-bdca48943639}\MpKslea07e285.sys
2011-09-22 19:55:14 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{92a1597b-9fd8-449a-9223-bdca48943639}\offreg.dll
2011-09-22 19:55:09 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{92a1597b-9fd8-449a-9223-bdca48943639}\mpengine.dll
2011-09-21 22:40:37 -------- d-----w- c:\users\peter\appdata\local\Adobe
2011-09-18 15:18:18 -------- d-----w- c:\windows\system32\SRSLabs
2011-09-18 12:26:49 -------- d-----w- c:\users\peter\appdata\roaming\HandBrake
2011-09-18 12:26:49 -------- d-----w- c:\users\peter\appdata\local\HandBrake
2011-09-14 11:28:55 -------- d-----w- C:\Hotspot Shield
2011-09-14 11:26:09 755016 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2011-09-14 11:26:08 756552 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-09-14 11:26:05 -------- d-----w- c:\program files\Hotspot Shield
2011-09-14 11:21:09 -------- d-----w- c:\users\peter\appdata\roaming\SUPERAntiSpyware.com
2011-09-14 11:20:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-14 11:20:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-14 11:09:18 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-09-13 23:46:09 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-09-13 22:01:31 -------- d-----w- c:\users\peter\appdata\local\Google
2011-09-13 22:01:02 -------- d-----w- c:\users\peter\appdata\local\Deployment
2011-09-13 22:01:02 -------- d-----w- c:\users\peter\appdata\local\Apps
2011-09-13 20:34:23 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{425195d5-8a29-40d4-bc99-815e5ceb4957}\gapaengine.dll
2011-09-13 20:00:17 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-13 19:59:19 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-09-13 19:00:19 -------- d-----w- c:\windows\CheckSur
2011-09-13 18:55:06 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-13 18:55:05 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-09-13 18:55:04 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-09-13 18:55:00 743424 ----a-w- c:\program files\internet explorer\iedvtool.dll
2011-09-13 18:53:42 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-09-13 18:51:53 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-13 18:51:52 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-09-13 18:44:55 276992 ----a-w- c:\windows\system32\schannel.dll
2011-09-13 14:07:23 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-09-13 14:07:22 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-09-13 14:07:22 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-09-13 14:06:48 -------- d-----w- c:\users\peter\appdata\roaming\TuneUp Software
2011-09-13 14:06:20 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-09-13 14:04:02 -------- d-----w- c:\programdata\TuneUp Software
2011-09-13 14:03:52 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-09-09 23:28:57 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6ff46e3c-3580-4c0b-a6f7-cd96d94086bc}\mpengine.dll
2011-09-07 16:03:16 -------- d-----w- c:\users\peter\appdata\local\Facebook
2011-09-02 14:08:49 -------- d-----w- C:\Downloads
2011-09-02 14:03:47 -------- d-----w- c:\program files\Cryptload 1.1.8
.
==================== Find3M ====================
.
2011-09-21 19:17:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-01 14:05:06 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
============= FINISH: 19:07:20,49 ===============
hope this helps clarify some things.
thanks so much in advance!!!!