Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirecting malware..redirecting to coupon mountain, lowprice.com


  • This topic is locked This topic is locked
10 replies to this topic

#1 ninobrn99

ninobrn99

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 23 December 2008 - 02:44 AM

I'm not sure when I got this problem, but when i do a google search, random coupon sites appear.
The first two logs are from RSIT. The last is Kaspersky.
info.txt logfile of random's system information tool 1.05 2008-12-22 20:20:17

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{0742B739-DCA3-4A21-AADD-B7CBF49C2058}
Adobe Premiere Pro CS3-->MsiExec.exe /I{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}
Adobe Setup-->MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.1.1-->"C:\Apps\Ares\uninstall.exe"
Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{39822393-2324-4705-9010-1AB76DA144A2}
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{39822393-2324-4705-9010-1AB76DA144A2}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Dell SK-8135 (Español)-->MsiExec.exe /I{D428F504-800E-43A3-904D-249A3BB2F22E}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy Thumbnails (Remove only)-->"C:\Program Files\Easy Thumbnails\unins000.exe"
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Intel ® Pro Alerting Agent-->MsiExec.exe /I{C3BAE6D2-0FAD-4C32-8138-8A226460C864}
Intel® PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Accounting 2008 Equifax Addin-->MsiExec.exe /X{0C2AF762-0565-4C91-9F55-B8B53BB82A38}
Microsoft Office Accounting 2008 Fixed Asset Manager-->MsiExec.exe /X{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}
Microsoft Office Accounting 2008 PayPal Addin-->MsiExec.exe /X{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}
Microsoft Office Accounting 2008-->"C:\Program Files\Microsoft Small Business\Office Accounting 2008\SetupBootstrap\Setup.exe" /remove {270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting 2008-->MsiExec.exe /X{270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting ADP Payroll Addin-->MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mouse Suite for Desktop Computers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448E2D77-E504-4221-B2C2-93646B344729}\Setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Premium-->MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_2_0_2\Setup.exe" /X
Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
NVIDIA Drivers-->C:\WINDOWS\System32\nvuninst.exe UninstallGUI
Opanda IExif 2.3-->"C:\Program Files\Opanda\IExif 2.3\unins000.exe"
Opanda PowerExif 1.2 Professional Trial-->"C:\Program Files\Opanda\PowerExif 1.2\unins000.exe"
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Roxio Media Manager-->MsiExec.exe /X{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sophos Anti-Rootkit 1.3.1-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Apps\Spybot - Search & Destroy\unins000.exe"
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: Norton 360
FW: Norton 360

System event log

Computer Name: BELLA2
Event Code: 6011
Message: The NetBIOS name and DNS host name of this machine have been changed from MACHINENAME to BELLA2.

Record Number: 5
Source Name: EventLog
Time Written: 20081209232024.000000-600
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 2
Message: While validating that \Device\Serial1 was really a serial port, a fifo was detected. The fifo will be used.

Record Number: 4
Source Name: Serial
Time Written: 20081209131812.000000-600
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: The Event log service was started.

Record Number: 3
Source Name: EventLog
Time Written: 20081209131746.000000-600
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 1 Multiprocessor Free.

Record Number: 2
Source Name: EventLog
Time Written: 20081209131746.000000-600
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 2
Message: While validating that \Device\Serial0 was really a serial port, a fifo was detected. The fifo will be used.

Record Number: 1
Source Name: Serial
Time Written: 20081209131812.000000-600
Event Type: information
User:

Application event log

Computer Name: BELLA2
Event Code: 101
Message: Information Level: success

Scheduler launched Automatic LiveUpdate.

Record Number: 1046
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081217002227.000000-600
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: BELLA2
Event Code: 17403
Message: Server resumed execution after being idle 1788 seconds. Reason: timer event.

Record Number: 1045
Source Name: MSSQL$MSSMLBIZ
Time Written: 20081216235543.000000-600
Event Type: information
User:

Computer Name: BELLA2
Event Code: 101
Message: Information Level: success

The next run has been scheduled to occur at approximately 12:22 AM.

Record Number: 1044
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081216232249.000000-600
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: BELLA2
Event Code: 101
Message: Information Level: success

Automatic LiveUpdate has terminated.

Record Number: 1043
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081216232249.000000-600
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: BELLA2
Event Code: 101
Message: Information Level: success

Scheduler launched Automatic LiveUpdate.

Record Number: 1042
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081216232235.000000-600
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by bella at 2008-12-22 20:19:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 242 GB (79%) free of 305 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:13 PM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Apps\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Apps\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\bella\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bella.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Apps\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Apps\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Apps\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Apps\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228901502537
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228941447296
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Apps\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 14137 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Apps\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-12-10 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-09 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-09 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-09 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-09 251504]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-06-09 47104]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-10-07 86016]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-03-29 624248]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-26 236016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-09 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2008-12-01 89024]
"SpybotSD TeaTimer"=C:\Apps\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Apps\Ares\Ares.exe"="C:\Apps\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-22 20:19:57 ----D---- C:\rsit
2008-12-22 20:05:02 ----D---- C:\Program Files\Trend Micro
2008-12-22 19:49:44 ----N---- C:\WINDOWS\system32\DE.tmp
2008-12-22 19:49:37 ----D---- C:\Program Files\Sophos
2008-12-22 17:43:27 ----D---- C:\Documents and Settings\bella\Application Data\Yahoo!
2008-12-22 17:43:27 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-22 17:42:32 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-22 17:42:29 ----D---- C:\Program Files\Yahoo!
2008-12-21 22:49:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-12-21 22:47:00 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-21 22:46:59 ----D---- C:\Program Files\Roxio
2008-12-21 22:46:59 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-12-21 22:46:48 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-12-21 22:44:30 ----D---- C:\Program Files\Common Files\Research In Motion
2008-12-21 22:44:28 ----D---- C:\Program Files\Research In Motion
2008-12-21 22:44:25 ----SHD---- C:\Config.Msi
2008-12-21 17:35:01 ----D---- C:\Documents and Settings\bella\Application Data\Malwarebytes
2008-12-21 17:34:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-21 17:34:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-21 12:01:13 ----D---- C:\Documents and Settings\bella\Application Data\Easy Thumbnails
2008-12-19 23:44:07 ----D---- C:\Program Files\XVI32
2008-12-19 22:47:52 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-12-19 17:28:31 ----D---- C:\Documents and Settings\bella\Application Data\Windows Search
2008-12-18 18:52:35 ----A---- C:\WINDOWS\wininit.ini
2008-12-18 17:12:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 17:11:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-18 17:10:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-18 17:01:12 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-18 16:57:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-18 16:53:16 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-12-18 16:28:24 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-12-18 16:28:23 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-12-18 16:23:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-18 16:15:23 ----D---- C:\Program Files\Adobe
2008-12-18 16:13:18 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-12-18 16:09:15 ----D---- C:\Program Files\Common Files\Adobe
2008-12-18 04:12:17 ----D---- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-12-18 04:06:52 ----D---- C:\WINDOWS\SQL9_KB948109_ENU
2008-12-17 19:32:22 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-17 18:56:27 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-12-17 18:55:44 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-17 18:55:41 ----D---- C:\WINDOWS\VirtualEar
2008-12-17 18:55:41 ----D---- C:\Program Files\Analog Devices
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\virtear.dll
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\DSndUp.exe
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\CleanUp.exe
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\Audio3d.dll
2008-12-17 18:55:27 ----A---- C:\WINDOWS\system32\PostProc.dll
2008-12-17 18:55:27 ----A---- C:\WINDOWS\system32\Edcrypt.dll
2008-12-17 18:46:44 ----D---- C:\Program Files\Common Files\HP
2008-12-17 18:44:26 ----D---- C:\Program Files\Hewlett-Packard
2008-12-17 18:42:42 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-12-17 18:35:10 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-17 18:34:19 ----D---- C:\Program Files\HP
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\HPZc3212.dll
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\hpovst08.dll
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\hpotscl.dll
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\hpgwiamd.dll
2008-12-17 17:59:29 ----A---- C:\WINDOWS\system32\hpzcon12.dll
2008-12-17 17:59:28 ----A---- C:\WINDOWS\system32\hpzlnt12.dll
2008-12-17 17:59:28 ----A---- C:\WINDOWS\system32\hpzcoi12.dll
2008-12-17 17:57:39 ----D---- C:\temp
2008-12-17 17:56:23 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-12-17 15:54:52 ----D---- C:\04222f3a7ffb963b99861852df
2008-12-16 21:18:21 ----D---- C:\Apps
2008-12-16 18:01:05 ----D---- C:\WINDOWS\system32\Dell
2008-12-14 13:36:56 ----D---- C:\ADVANCED_CORE_TRAINING
2008-12-11 04:24:14 ----D---- C:\WINDOWS\SQLTools9_KB954606_ENU
2008-12-11 04:18:50 ----D---- C:\WINDOWS\SQL9_KB954606_ENU
2008-12-10 20:49:24 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-10 20:49:24 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-10 12:08:00 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-10 11:50:19 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-12-10 11:49:49 ----D---- C:\Program Files\DVD Decrypter
2008-12-10 11:47:44 ----D---- C:\Documents and Settings\bella\Application Data\Apple Computer
2008-12-10 11:47:18 ----D---- C:\Program Files\iPod
2008-12-10 11:47:17 ----D---- C:\Program Files\iTunes
2008-12-10 11:47:05 ----D---- C:\Program Files\Bonjour
2008-12-10 11:46:30 ----D---- C:\Program Files\QuickTime
2008-12-10 11:46:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-10 11:46:08 ----D---- C:\Program Files\Apple Software Update
2008-12-10 11:45:45 ----D---- C:\Program Files\Common Files\Apple
2008-12-10 11:45:45 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-10 11:44:41 ----D---- C:\Program Files\Opanda
2008-12-10 11:43:33 ----D---- C:\Program Files\Easy Thumbnails
2008-12-10 11:14:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-10 11:12:28 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-10 11:12:16 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-10 11:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-10 11:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-10 11:11:14 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-12-10 11:08:51 ----D---- C:\Program Files\SlySoft
2008-12-10 11:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-10 10:48:27 ----D---- C:\WINDOWS\Sun
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 10:47:38 ----D---- C:\Program Files\Java
2008-12-10 10:46:08 ----D---- C:\Documents and Settings\bella\Application Data\Sun
2008-12-10 10:39:32 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-12-10 10:39:30 ----D---- C:\Program Files\DVD Shrink
2008-12-10 09:18:35 ----A---- C:\WINDOWS\eqemohagiq.dll
2008-12-10 09:15:22 ----D---- C:\Documents and Settings\bella\Application Data\Ahead
2008-12-10 09:14:49 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-12-10 09:12:48 ----D---- C:\Program Files\Nero
2008-12-10 09:12:48 ----D---- C:\Program Files\Common Files\Ahead
2008-12-10 09:12:48 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-12-10 09:11:02 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-10 09:11:01 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-10 08:54:11 ----D---- C:\Documents and Settings\bella\Application Data\WinRAR
2008-12-10 08:54:00 ----D---- C:\Program Files\WinRAR
2008-12-10 08:09:16 ----D---- C:\Documents and Settings\bella\Application Data\Adobe
2008-12-10 01:42:19 ----D---- C:\Program Files\Microsoft Small Business
2008-12-10 01:34:32 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-10 01:06:42 ----D---- C:\Program Files\PC Inspector File Recovery
2008-12-10 01:06:08 ----D---- C:\Program Files\Microsoft Works
2008-12-10 01:05:48 ----D---- C:\Program Files\Microsoft Visual Studio
2008-12-10 01:05:48 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-10 01:05:01 ----D---- C:\Program Files\Microsoft.NET
2008-12-10 01:03:01 ----D---- C:\WINDOWS\SHELLNEW
2008-12-10 01:02:40 ----D---- C:\Program Files\Microsoft Office
2008-12-10 01:02:39 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-10 01:02:22 ----RHD---- C:\MSOCache
2008-12-10 00:57:26 ----D---- C:\Documents and Settings\bella\Application Data\Mozilla
2008-12-10 00:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-10 00:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-10 00:55:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-10 00:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-10 00:54:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-10 00:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-10 00:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-10 00:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-10 00:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-10 00:53:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-10 00:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-10 00:53:26 ----D---- C:\Documents and Settings\bella\Application Data\Windows Desktop Search
2008-12-10 00:52:48 ----D---- C:\Program Files\Windows Desktop Search
2008-12-10 00:52:47 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-12-10 00:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-12-10 00:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-12-10 00:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-10 00:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-10 00:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-10 00:51:00 ----D---- C:\WINDOWS\ie7updates
2008-12-10 00:50:25 ----D---- C:\WINDOWS\WBEM
2008-12-10 00:49:17 ----HDC---- C:\WINDOWS\ie7
2008-12-10 00:49:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-10 00:48:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-10 00:47:11 ----D---- C:\Documents and Settings\bella\Application Data\GetRightToGo
2008-12-10 00:46:22 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-10 00:46:21 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-10 00:46:04 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-10 00:45:55 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-10 00:45:17 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-10 00:44:53 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-10 00:44:48 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-10 00:41:42 ----D---- C:\Program Files\Mozilla Firefox
2008-12-10 00:31:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 00:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 00:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 00:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 00:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 00:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2008-12-10 00:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-10 00:30:13 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-10 00:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-10 00:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-10 00:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-10 00:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-10 00:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-10 00:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-10 00:28:14 ----RSD---- C:\WINDOWS\assembly
2008-12-10 00:28:14 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-10 00:28:12 ----D---- C:\WINDOWS\system32\URTTemp
2008-12-10 00:26:08 ----D---- C:\Program Files\Windows Sidebar
2008-12-10 00:26:03 ----D---- C:\Program Files\Norton 360
2008-12-10 00:24:59 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-10 00:24:54 ----D---- C:\Program Files\Symantec
2008-12-10 00:24:54 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-10 00:24:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-10 00:23:31 ----D---- C:\Documents and Settings\bella\Application Data\Symantec
2008-12-10 00:21:40 ----D---- C:\WINDOWS\Prefetch
2008-12-10 00:20:39 ----SHD---- C:\RECYCLER
2008-12-10 00:13:12 ----D---- C:\WINDOWS\system32\scripting
2008-12-10 00:13:12 ----D---- C:\WINDOWS\system32\en-us
2008-12-10 00:13:11 ----D---- C:\WINDOWS\system32\en
2008-12-10 00:13:11 ----D---- C:\WINDOWS\l2schemas
2008-12-10 00:10:21 ----D---- C:\WINDOWS\network diagnostic
2008-12-10 00:05:43 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-10 00:05:43 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-10 00:05:42 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-10 00:05:42 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-10 00:05:41 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-10 00:05:41 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-10 00:05:41 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-12-10 00:05:40 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-12-10 00:05:40 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-10 00:05:40 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-10 00:05:36 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-12-10 00:05:35 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-10 00:05:30 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-10 00:05:30 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-10 00:05:29 ----A---- C:\WINDOWS\005423_.tmp
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-10 00:05:26 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-10 00:05:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-10 00:05:25 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-09 23:47:02 ----D---- C:\WINDOWS\provisioning
2008-12-09 23:47:02 ----D---- C:\WINDOWS\peernet
2008-12-09 23:46:24 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 23:44:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 23:44:13 ----D---- C:\WINDOWS\EHome
2008-12-09 23:42:59 ----N---- C:\WINDOWS\system32\spnpinst.exe
2008-12-09 23:37:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 23:35:17 ----D---- C:\Documents and Settings\bella\Application Data\Google
2008-12-09 23:35:07 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 23:35:06 ----D---- C:\Program Files\Google
2008-12-09 23:35:06 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-09 23:35:06 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 23:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 23:35:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 23:34:53 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-09 23:34:52 ----D---- C:\Documents and Settings\bella\Application Data\Macromedia
2008-12-09 23:34:42 ----D---- C:\WINDOWS\system32\bits
2008-12-09 23:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-12-09 23:34:23 ----N---- C:\WINDOWS\system32\xpob2res.dll
2008-12-09 23:34:23 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 23:34:23 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 23:34:23 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-12-09 23:34:23 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 23:32:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 23:32:26 ----D---- C:\WINDOWS\nview
2008-12-09 23:32:26 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 23:32:23 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 23:32:23 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 23:32:16 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-12-09 23:31:46 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 23:31:32 ----D---- C:\NVIDIA
2008-12-09 23:30:47 ----D---- C:\drvrtmp
2008-12-09 23:30:47 ----A---- C:\WINDOWS\system32\Prounstl.exe
2008-12-09 23:30:47 ----A---- C:\WINDOWS\system32\IntelNic.dll
2008-12-09 23:30:47 ----A---- C:\WINDOWS\system32\e1000msg.dll
2008-12-09 23:30:35 ----D---- C:\Program Files\Intel
2008-12-09 23:29:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 23:29:41 ----A---- C:\WINDOWS\system32\ico.exe
2008-12-09 23:29:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-09 23:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-12-09 23:29:39 ----D---- C:\Program Files\Dell
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\UnInst.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxutil.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxscrll.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxmiced.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxhooks.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxcomm.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\Pelzoom.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\LaunHelp.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\iconspy.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\FontZoom.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\DellPM.ini
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\DellPM.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\ApSwitch.exe
2008-12-09 23:29:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 23:29:21 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-09 23:28:32 ----SHD---- C:\WINDOWS\Installer
2008-12-09 23:28:29 ----D---- C:\Documents and Settings\bella\Application Data\Identities
2008-12-09 23:28:25 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 23:28:22 ----ASH---- C:\Documents and Settings\bella\Application Data\desktop.ini
2008-12-09 23:28:21 ----SD---- C:\Documents and Settings\bella\Application Data\Microsoft
2008-12-09 23:27:50 ----SHD---- C:\System Volume Information
2008-12-09 23:27:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 23:26:01 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 23:26:01 ----D---- C:\Program Files\xerox
2008-12-09 23:26:01 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 23:25:52 ----D---- C:\DELL
2008-12-09 23:24:36 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2008-12-09 23:24:01 ----A---- C:\WINDOWS\control.ini
2008-12-09 23:24:01 ----A---- C:\AUTOEXEC.BAT
2008-12-09 23:23:56 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 23:23:55 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 23:23:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 23:23:22 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 23:23:22 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 23:23:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 23:23:05 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 23:22:43 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 23:22:43 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 23:22:38 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 23:22:38 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 23:22:38 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 23:22:37 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 23:22:36 ----D---- C:\Program Files\Common Files\Services
2008-12-09 23:22:36 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 23:22:33 ----SD---- C:\WINDOWS\Tasks
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 23:22:31 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 23:22:28 ----D---- C:\WINDOWS\srchasst
2008-12-09 23:22:27 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 23:22:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 23:22:26 ----D---- C:\Program Files\Movie Maker
2008-12-09 23:22:23 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 23:22:23 ----D---- C:\WINDOWS\PCHealth
2008-12-09 23:22:23 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 23:22:23 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 23:22:23 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 23:22:20 ----D---- C:\Program Files\NetMeeting
2008-12-09 23:22:20 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 23:22:20 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 23:22:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 23:22:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 23:22:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 23:22:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 23:22:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 23:22:17 ----D---- C:\Program Files\Internet Explorer
2008-12-09 23:22:17 ----D---- C:\Program Files\Common Files\System
2008-12-09 23:22:01 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 23:22:01 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 23:22:01 ----A---- C:\WINDOWS\vb.ini
2008-12-09 23:22:00 ----D---- C:\WINDOWS\Registration
2008-12-09 23:21:58 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 23:21:58 ----D---- C:\Program Files\Windows Media Player
2008-12-09 23:21:58 ----D---- C:\Program Files\Online Services
2008-12-09 23:21:56 ----D---- C:\Program Files\Messenger
2008-12-09 23:21:52 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 23:21:52 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 23:21:46 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 23:21:44 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 23:21:40 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 23:21:25 ----D---- C:\Program Files\Windows NT
2008-12-09 23:21:25 ----D---- C:\Program Files\MSN
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 23:21:23 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 23:21:22 ----D---- C:\WINDOWS\system32\Com
2008-12-09 23:21:22 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 23:21:22 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 23:21:20 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 13:20:15 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 13:18:59 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 13:18:27 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 13:18:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 13:18:24 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 13:18:24 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 13:18:22 ----RD---- C:\Program Files
2008-12-09 13:18:22 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 13:18:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 13:18:22 ----D---- C:\Program Files\Common Files
2008-12-09 13:18:20 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 13:18:20 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 13:18:20 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 13:18:18 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 13:18:18 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 13:18:18 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 13:18:16 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 13:18:12 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 13:18:11 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 13:18:11 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 13:18:11 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 13:18:11 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 13:18:08 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 13:18:06 ----RA---- C:\WINDOWS\SETD.tmp
2008-12-09 13:18:05 ----RA---- C:\WINDOWS\SET7.tmp
2008-12-09 13:18:03 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 13:18:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 13:18:00 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 13:17:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 13:17:46 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 13:17:44 ----D---- C:\Documents and Settings
2008-12-09 13:17:10 ----RASH---- C:\boot.ini
2008-12-09 13:14:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 13:14:36 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 13:14:36 ----RD---- C:\WINDOWS\Web
2008-12-09 13:14:36 ----HD---- C:\WINDOWS\inf
2008-12-09 13:14:36 ----D---- C:\WINDOWS\WinSxS
2008-12-09 13:14:36 ----D---- C:\WINDOWS\twain_32
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Temp
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\wins
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\spool
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\ras
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\npp
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\mui
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\IME
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\ias
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\export
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\config
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\3076
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\2052
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1054
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1042
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1041
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1037
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1033
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1031
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1028
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1025
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system
2008-12-09 13:14:36 ----D---- C:\WINDOWS\security
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Resources
2008-12-09 13:14:36 ----D---- C:\WINDOWS\repair
2008-12-09 13:14:36 ----D---- C:\WINDOWS\mui
2008-12-09 13:14:36 ----D---- C:\WINDOWS\msapps
2008-12-09 13:14:36 ----D---- C:\WINDOWS\msagent
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Media
2008-12-09 13:14:36 ----D---- C:\WINDOWS\java
2008-12-09 13:14:36 ----D---- C:\WINDOWS\ime
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Help
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Debug
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Cursors
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Config
2008-12-09 13:14:36 ----D---- C:\WINDOWS\AppPatch
2008-12-09 13:14:36 ----D---- C:\WINDOWS\addins
2008-12-09 13:14:36 ----AD---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-17 18:56:50 ----A---- C:\WINDOWS\win.ini
2008-12-12 20:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 23:45:37 ----RASH---- C:\NTDETECT.COM
2008-12-09 13:18:22 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 AsfAlrt;AsfAlrt; \??\C:\WINDOWS\System32\drivers\AsfAlrt.sys []
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-12-01 103360]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2005-06-29 163840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-06 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-06 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-06 21744]
R3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\DE.tmp []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081222.036\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081222.036\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-07-16 5888]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081220.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Apps\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2004-02-08 118784]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-21 55640]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-10-07 163908]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-12-10 1245064]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-18 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-26 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-26 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-26 1108464]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

Kaspersky:
No malware has been detected

Help is very much appreaciated!

BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:02 PM

Posted 27 December 2008 - 03:45 AM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal,ninobrn99. :thumbsup:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.
The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer. and please do in the following:

Step1
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Step2
  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.




In your next reply, please post back:

1.GooredFix log
2.RSIT log.txt and info.txt. (Before running RSIT, please delete the folder C:\rsit) Thanks.

#3 ninobrn99

ninobrn99
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 31 December 2008 - 02:14 AM

gooredfix. log
GooredFix v1.6 by jpshortstuff
Log created at 21:14 on 30/12/2008 running Option #1
Firefox version 3.0.5 (en-US)

=====Suspect Goored Entries=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{5B3E1361-03B4-4BCF-A0BC-16EB9871A91A}"="C:\Documents and Settings\bella\Local Settings\Application Data\{5B3E1361-03B4-4BCF-A0BC-16EB9871A91A}"

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{5B3E1361-03B4-4BCF-A0BC-16EB9871A91A}"="C:\Documents and Settings\bella\Local Settings\Application Data\{5B3E1361-03B4-4BCF-A0BC-16EB9871A91A}"


RSIT log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by bella at 2008-12-30 21:12:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 234 GB (77%) free of 305 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:45 PM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Apps\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Apps\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Apps\Ares\Ares.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bella\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bella.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://campus.hpu.edu/cp/home/displaylogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Apps\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Apps\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Apps\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Apps\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228901502537
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228941447296
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Apps\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 15706 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Apps\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-12-10 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-09 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-09 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-09 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-09 251504]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-06-09 47104]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-10-07 86016]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-03-29 624248]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-26 236016]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-09 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2008-12-01 89024]
"SpybotSD TeaTimer"=C:\Apps\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"Performance Center"=C:\Program Files\Ascentive\Performance Center\APCMain.exe -m []
"LogitechSetup"=D:\Setup\Setup.exe /start /restart /l:enu []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Apps\Ares\Ares.exe"="C:\Apps\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2008-12-30 21:12:36 ----D---- C:\rsit
2008-12-28 16:06:53 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-26 14:59:37 ----RA---- C:\WINDOWS\system32\lvci1051.dll
2008-12-26 14:53:02 ----R---- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-12-26 14:52:31 ----D---- C:\Documents and Settings\bella\Application Data\skypePM
2008-12-26 14:51:27 ----D---- C:\Documents and Settings\bella\Application Data\Skype
2008-12-26 14:51:12 ----D---- C:\Program Files\Skype
2008-12-26 14:51:11 ----D---- C:\Program Files\Common Files\Skype
2008-12-26 14:51:05 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-12-26 14:47:56 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-12-26 14:47:52 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2008-12-26 14:47:49 ----D---- C:\Program Files\Logitech
2008-12-26 14:45:45 ----D---- C:\Program Files\Common Files\logishrd
2008-12-26 14:45:44 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-25 20:43:49 ----D---- C:\Program Files\Buzzword
2008-12-25 20:43:16 ----D---- C:\Program Files\ReflexiveArcade
2008-12-24 17:49:48 ----D---- C:\Documents and Settings\bella\Application Data\InstallShield
2008-12-24 17:39:49 ----A---- C:\WINDOWS\system32\SysRestore.dll
2008-12-24 17:39:49 ----A---- C:\WINDOWS\system32\CreateLog.dll
2008-12-24 17:39:49 ----A---- C:\WINDOWS\system32\ConTest.dll
2008-12-24 17:39:49 ----A---- C:\WINDOWS\system32\ascbalon.dll
2008-12-22 20:05:02 ----D---- C:\Program Files\Trend Micro
2008-12-22 19:49:44 ----N---- C:\WINDOWS\system32\DE.tmp
2008-12-22 19:49:37 ----D---- C:\Program Files\Sophos
2008-12-22 17:43:27 ----D---- C:\Documents and Settings\bella\Application Data\Yahoo!
2008-12-22 17:43:27 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-22 17:42:32 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-22 17:42:29 ----D---- C:\Program Files\Yahoo!
2008-12-21 22:49:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-12-21 22:47:00 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-21 22:46:59 ----D---- C:\Program Files\Roxio
2008-12-21 22:46:59 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-12-21 22:46:48 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-12-21 22:44:30 ----D---- C:\Program Files\Common Files\Research In Motion
2008-12-21 22:44:28 ----D---- C:\Program Files\Research In Motion
2008-12-21 17:35:01 ----D---- C:\Documents and Settings\bella\Application Data\Malwarebytes
2008-12-21 17:34:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-21 17:34:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-21 12:01:13 ----D---- C:\Documents and Settings\bella\Application Data\Easy Thumbnails
2008-12-19 23:44:07 ----D---- C:\Program Files\XVI32
2008-12-19 22:47:52 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-12-19 17:28:31 ----D---- C:\Documents and Settings\bella\Application Data\Windows Search
2008-12-18 18:52:35 ----A---- C:\WINDOWS\wininit.ini
2008-12-18 17:12:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 17:11:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-18 17:10:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-18 17:01:12 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-18 16:57:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-18 16:53:16 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-12-18 16:28:24 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-12-18 16:28:23 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-12-18 16:23:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-18 16:15:23 ----D---- C:\Program Files\Adobe
2008-12-18 16:13:18 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-12-18 16:09:15 ----D---- C:\Program Files\Common Files\Adobe
2008-12-18 04:12:17 ----D---- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-12-18 04:06:52 ----D---- C:\WINDOWS\SQL9_KB948109_ENU
2008-12-17 19:32:22 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-17 18:56:27 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-12-17 18:55:44 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-17 18:55:41 ----D---- C:\WINDOWS\VirtualEar
2008-12-17 18:55:41 ----D---- C:\Program Files\Analog Devices
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\virtear.dll
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\DSndUp.exe
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\CleanUp.exe
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\Audio3d.dll
2008-12-17 18:55:27 ----A---- C:\WINDOWS\system32\PostProc.dll
2008-12-17 18:55:27 ----A---- C:\WINDOWS\system32\Edcrypt.dll
2008-12-17 18:46:44 ----D---- C:\Program Files\Common Files\HP
2008-12-17 18:44:26 ----D---- C:\Program Files\Hewlett-Packard
2008-12-17 18:42:42 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-12-17 18:35:10 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-17 18:34:19 ----D---- C:\Program Files\HP
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\HPZc3212.dll
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\hpovst08.dll
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\hpotscl.dll
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\hpgwiamd.dll
2008-12-17 17:59:29 ----A---- C:\WINDOWS\system32\hpzcon12.dll
2008-12-17 17:59:28 ----A---- C:\WINDOWS\system32\hpzlnt12.dll
2008-12-17 17:59:28 ----A---- C:\WINDOWS\system32\hpzcoi12.dll
2008-12-17 17:57:39 ----D---- C:\temp
2008-12-17 17:56:23 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-12-17 15:54:52 ----D---- C:\04222f3a7ffb963b99861852df
2008-12-16 21:18:21 ----D---- C:\Apps
2008-12-16 18:01:05 ----D---- C:\WINDOWS\system32\Dell
2008-12-14 13:36:56 ----D---- C:\ADVANCED_CORE_TRAINING
2008-12-11 04:24:14 ----D---- C:\WINDOWS\SQLTools9_KB954606_ENU
2008-12-11 04:18:50 ----D---- C:\WINDOWS\SQL9_KB954606_ENU
2008-12-10 20:49:24 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-10 20:49:24 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-10 12:08:00 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-10 11:50:19 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-12-10 11:49:49 ----D---- C:\Program Files\DVD Decrypter
2008-12-10 11:47:44 ----D---- C:\Documents and Settings\bella\Application Data\Apple Computer
2008-12-10 11:47:18 ----D---- C:\Program Files\iPod
2008-12-10 11:47:17 ----D---- C:\Program Files\iTunes
2008-12-10 11:47:05 ----D---- C:\Program Files\Bonjour
2008-12-10 11:46:30 ----D---- C:\Program Files\QuickTime
2008-12-10 11:46:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-10 11:46:08 ----D---- C:\Program Files\Apple Software Update
2008-12-10 11:45:45 ----D---- C:\Program Files\Common Files\Apple
2008-12-10 11:45:45 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-10 11:44:41 ----D---- C:\Program Files\Opanda
2008-12-10 11:43:33 ----D---- C:\Program Files\Easy Thumbnails
2008-12-10 11:14:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-10 11:12:28 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-10 11:12:16 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-10 11:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-10 11:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-10 11:11:14 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-12-10 11:08:51 ----D---- C:\Program Files\SlySoft
2008-12-10 11:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-10 10:48:27 ----D---- C:\WINDOWS\Sun
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 10:47:38 ----D---- C:\Program Files\Java
2008-12-10 10:46:08 ----D---- C:\Documents and Settings\bella\Application Data\Sun
2008-12-10 10:39:32 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-12-10 10:39:30 ----D---- C:\Program Files\DVD Shrink
2008-12-10 09:18:35 ----A---- C:\WINDOWS\eqemohagiq.dll
2008-12-10 09:15:22 ----D---- C:\Documents and Settings\bella\Application Data\Ahead
2008-12-10 09:14:49 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-12-10 09:12:48 ----D---- C:\Program Files\Nero
2008-12-10 09:12:48 ----D---- C:\Program Files\Common Files\Ahead
2008-12-10 09:12:48 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-12-10 09:11:02 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-10 09:11:01 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-10 08:54:11 ----D---- C:\Documents and Settings\bella\Application Data\WinRAR
2008-12-10 08:54:00 ----D---- C:\Program Files\WinRAR
2008-12-10 08:09:16 ----D---- C:\Documents and Settings\bella\Application Data\Adobe
2008-12-10 01:42:19 ----D---- C:\Program Files\Microsoft Small Business
2008-12-10 01:34:32 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-10 01:06:42 ----D---- C:\Program Files\PC Inspector File Recovery
2008-12-10 01:06:08 ----D---- C:\Program Files\Microsoft Works
2008-12-10 01:05:48 ----D---- C:\Program Files\Microsoft Visual Studio
2008-12-10 01:05:48 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-10 01:05:01 ----D---- C:\Program Files\Microsoft.NET
2008-12-10 01:03:01 ----D---- C:\WINDOWS\SHELLNEW
2008-12-10 01:02:40 ----D---- C:\Program Files\Microsoft Office
2008-12-10 01:02:39 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-10 01:02:22 ----RHD---- C:\MSOCache
2008-12-10 00:57:26 ----D---- C:\Documents and Settings\bella\Application Data\Mozilla
2008-12-10 00:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-10 00:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-10 00:55:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-10 00:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-10 00:54:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-10 00:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-10 00:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-10 00:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-10 00:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-10 00:53:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-10 00:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-10 00:53:26 ----D---- C:\Documents and Settings\bella\Application Data\Windows Desktop Search
2008-12-10 00:52:48 ----D---- C:\Program Files\Windows Desktop Search
2008-12-10 00:52:47 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-10 00:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-12-10 00:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-12-10 00:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-10 00:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-10 00:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-10 00:51:00 ----D---- C:\WINDOWS\ie7updates
2008-12-10 00:50:25 ----D---- C:\WINDOWS\WBEM
2008-12-10 00:49:17 ----HDC---- C:\WINDOWS\ie7
2008-12-10 00:49:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-10 00:48:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-10 00:47:11 ----D---- C:\Documents and Settings\bella\Application Data\GetRightToGo
2008-12-10 00:46:22 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-10 00:46:21 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-10 00:46:04 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-10 00:45:55 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-10 00:45:17 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-10 00:44:53 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-10 00:44:48 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-10 00:41:42 ----D---- C:\Program Files\Mozilla Firefox
2008-12-10 00:31:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 00:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 00:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 00:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 00:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 00:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2008-12-10 00:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-10 00:30:13 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-10 00:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-10 00:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-10 00:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-10 00:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-10 00:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-10 00:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-10 00:28:14 ----RSD---- C:\WINDOWS\assembly
2008-12-10 00:28:14 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-10 00:28:12 ----D---- C:\WINDOWS\system32\URTTemp
2008-12-10 00:26:08 ----D---- C:\Program Files\Windows Sidebar
2008-12-10 00:26:03 ----D---- C:\Program Files\Norton 360
2008-12-10 00:24:59 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-10 00:24:54 ----D---- C:\Program Files\Symantec
2008-12-10 00:24:54 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-10 00:24:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-10 00:23:31 ----D---- C:\Documents and Settings\bella\Application Data\Symantec
2008-12-10 00:21:40 ----D---- C:\WINDOWS\Prefetch
2008-12-10 00:20:39 ----SHD---- C:\RECYCLER
2008-12-10 00:13:12 ----D---- C:\WINDOWS\system32\scripting
2008-12-10 00:13:12 ----D---- C:\WINDOWS\system32\en-us
2008-12-10 00:13:11 ----D---- C:\WINDOWS\system32\en
2008-12-10 00:13:11 ----D---- C:\WINDOWS\l2schemas
2008-12-10 00:10:21 ----D---- C:\WINDOWS\network diagnostic
2008-12-10 00:05:43 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-10 00:05:43 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-10 00:05:42 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-10 00:05:42 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-10 00:05:41 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-10 00:05:41 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-10 00:05:41 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-12-10 00:05:40 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-12-10 00:05:40 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-10 00:05:40 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-10 00:05:36 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-12-10 00:05:35 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-10 00:05:30 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-10 00:05:30 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-10 00:05:29 ----A---- C:\WINDOWS\005423_.tmp
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-10 00:05:26 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-10 00:05:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-10 00:05:25 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-09 23:47:02 ----D---- C:\WINDOWS\provisioning
2008-12-09 23:47:02 ----D---- C:\WINDOWS\peernet
2008-12-09 23:46:24 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 23:44:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 23:44:13 ----D---- C:\WINDOWS\EHome
2008-12-09 23:42:59 ----N---- C:\WINDOWS\system32\spnpinst.exe
2008-12-09 23:37:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 23:35:17 ----D---- C:\Documents and Settings\bella\Application Data\Google
2008-12-09 23:35:07 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 23:35:06 ----D---- C:\Program Files\Google
2008-12-09 23:35:06 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-09 23:35:06 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 23:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 23:35:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 23:34:53 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-09 23:34:52 ----D---- C:\Documents and Settings\bella\Application Data\Macromedia
2008-12-09 23:34:42 ----D---- C:\WINDOWS\system32\bits
2008-12-09 23:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-12-09 23:34:23 ----N---- C:\WINDOWS\system32\xpob2res.dll
2008-12-09 23:34:23 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 23:34:23 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 23:34:23 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-12-09 23:34:23 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 23:32:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 23:32:26 ----D---- C:\WINDOWS\nview
2008-12-09 23:32:26 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 23:32:23 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 23:32:23 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 23:32:16 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-12-09 23:31:46 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 23:31:32 ----D---- C:\NVIDIA
2008-12-09 23:30:47 ----D---- C:\drvrtmp
2008-12-09 23:30:47 ----A---- C:\WINDOWS\system32\Prounstl.exe
2008-12-09 23:30:47 ----A---- C:\WINDOWS\system32\IntelNic.dll
2008-12-09 23:30:47 ----A---- C:\WINDOWS\system32\e1000msg.dll
2008-12-09 23:30:35 ----D---- C:\Program Files\Intel
2008-12-09 23:29:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 23:29:41 ----A---- C:\WINDOWS\system32\ico.exe
2008-12-09 23:29:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-09 23:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-12-09 23:29:39 ----D---- C:\Program Files\Dell
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\UnInst.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxutil.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxscrll.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxmiced.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxhooks.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxcomm.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\Pelzoom.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\LaunHelp.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\iconspy.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\FontZoom.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\DellPM.ini
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\DellPM.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\ApSwitch.exe
2008-12-09 23:29:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 23:29:21 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-09 23:28:32 ----SHD---- C:\WINDOWS\Installer
2008-12-09 23:28:29 ----D---- C:\Documents and Settings\bella\Application Data\Identities
2008-12-09 23:28:25 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 23:28:22 ----ASH---- C:\Documents and Settings\bella\Application Data\desktop.ini
2008-12-09 23:28:21 ----SD---- C:\Documents and Settings\bella\Application Data\Microsoft
2008-12-09 23:27:50 ----SHD---- C:\System Volume Information
2008-12-09 23:27:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 23:26:01 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 23:26:01 ----D---- C:\Program Files\xerox
2008-12-09 23:26:01 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 23:25:52 ----D---- C:\DELL
2008-12-09 23:24:36 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2008-12-09 23:24:01 ----A---- C:\WINDOWS\control.ini
2008-12-09 23:24:01 ----A---- C:\AUTOEXEC.BAT
2008-12-09 23:23:56 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 23:23:55 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 23:23:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 23:23:22 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 23:23:22 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 23:23:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 23:23:05 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 23:22:43 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 23:22:43 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 23:22:38 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 23:22:38 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 23:22:38 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 23:22:37 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 23:22:36 ----D---- C:\Program Files\Common Files\Services
2008-12-09 23:22:36 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 23:22:33 ----SD---- C:\WINDOWS\Tasks
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 23:22:31 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 23:22:28 ----D---- C:\WINDOWS\srchasst
2008-12-09 23:22:27 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 23:22:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 23:22:26 ----D---- C:\Program Files\Movie Maker
2008-12-09 23:22:23 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 23:22:23 ----D---- C:\WINDOWS\PCHealth
2008-12-09 23:22:23 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 23:22:23 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 23:22:23 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 23:22:20 ----D---- C:\Program Files\NetMeeting
2008-12-09 23:22:20 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 23:22:20 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 23:22:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 23:22:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 23:22:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 23:22:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 23:22:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 23:22:17 ----D---- C:\Program Files\Internet Explorer
2008-12-09 23:22:17 ----D---- C:\Program Files\Common Files\System
2008-12-09 23:22:01 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 23:22:01 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 23:22:01 ----A---- C:\WINDOWS\vb.ini
2008-12-09 23:22:00 ----D---- C:\WINDOWS\Registration
2008-12-09 23:21:58 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 23:21:58 ----D---- C:\Program Files\Windows Media Player
2008-12-09 23:21:58 ----D---- C:\Program Files\Online Services
2008-12-09 23:21:56 ----D---- C:\Program Files\Messenger
2008-12-09 23:21:52 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 23:21:52 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 23:21:46 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 23:21:44 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 23:21:40 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 23:21:25 ----D---- C:\Program Files\Windows NT
2008-12-09 23:21:25 ----D---- C:\Program Files\MSN
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 23:21:23 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 23:21:22 ----D---- C:\WINDOWS\system32\Com
2008-12-09 23:21:22 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 23:21:22 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 23:21:20 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 13:20:15 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 13:18:59 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 13:18:27 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 13:18:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 13:18:24 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 13:18:24 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 13:18:22 ----RD---- C:\Program Files
2008-12-09 13:18:22 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 13:18:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 13:18:22 ----D---- C:\Program Files\Common Files
2008-12-09 13:18:20 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 13:18:20 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 13:18:20 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 13:18:18 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 13:18:18 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 13:18:18 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 13:18:16 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 13:18:12 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 13:18:11 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 13:18:11 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 13:18:11 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 13:18:11 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 13:18:08 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 13:18:06 ----RA---- C:\WINDOWS\SETD.tmp
2008-12-09 13:18:05 ----RA---- C:\WINDOWS\SET7.tmp
2008-12-09 13:18:03 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 13:18:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 13:18:00 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 13:17:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 13:17:46 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 13:17:44 ----D---- C:\Documents and Settings
2008-12-09 13:17:10 ----RASH---- C:\boot.ini
2008-12-09 13:14:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 13:14:36 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 13:14:36 ----RD---- C:\WINDOWS\Web
2008-12-09 13:14:36 ----HD---- C:\WINDOWS\inf
2008-12-09 13:14:36 ----D---- C:\WINDOWS\WinSxS
2008-12-09 13:14:36 ----D---- C:\WINDOWS\twain_32
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Temp
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\wins
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\spool
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\ras
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\npp
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\mui
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\IME
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\ias
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\export
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\config
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\3076
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\2052
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1054
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1042
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1041
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1037
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1033
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1031
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1028
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1025
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system
2008-12-09 13:14:36 ----D---- C:\WINDOWS\security
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Resources
2008-12-09 13:14:36 ----D---- C:\WINDOWS\repair
2008-12-09 13:14:36 ----D---- C:\WINDOWS\mui
2008-12-09 13:14:36 ----D---- C:\WINDOWS\msapps
2008-12-09 13:14:36 ----D---- C:\WINDOWS\msagent
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Media
2008-12-09 13:14:36 ----D---- C:\WINDOWS\java
2008-12-09 13:14:36 ----D---- C:\WINDOWS\ime
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Help
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Debug
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Cursors
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Config
2008-12-09 13:14:36 ----D---- C:\WINDOWS\AppPatch
2008-12-09 13:14:36 ----D---- C:\WINDOWS\addins
2008-12-09 13:14:36 ----AD---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-17 18:56:50 ----A---- C:\WINDOWS\win.ini
2008-12-12 20:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 23:45:37 ----RASH---- C:\NTDETECT.COM
2008-12-09 13:18:22 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 AsfAlrt;AsfAlrt; \??\C:\WINDOWS\System32\drivers\AsfAlrt.sys []
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-12-01 103360]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2005-06-29 163840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-06 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-06 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-06 21744]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081230.024\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081230.024\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-07-16 5888]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081220.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\DE.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-02-03 14240]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-02-03 938272]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Apps\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2004-02-08 118784]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-21 55640]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-10-07 163908]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-12-10 1245064]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-18 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-26 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-26 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-26 1108464]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

info.txt
info.txt logfile of random's system information tool 1.05 2008-12-30 21:12:48

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{0742B739-DCA3-4A21-AADD-B7CBF49C2058}
Adobe Premiere Pro CS3-->MsiExec.exe /I{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}
Adobe Setup-->MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.1.1-->"C:\Apps\Ares\uninstall.exe"
Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{39822393-2324-4705-9010-1AB76DA144A2}
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{39822393-2324-4705-9010-1AB76DA144A2}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Buzzword-->"C:\Program Files\Buzzword\ReflexiveArcade\unins000.exe"
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Dell SK-8135 (Español)-->MsiExec.exe /I{D428F504-800E-43A3-904D-249A3BB2F22E}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy Thumbnails (Remove only)-->"C:\Program Files\Easy Thumbnails\unins000.exe"
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Intel ® Pro Alerting Agent-->MsiExec.exe /I{C3BAE6D2-0FAD-4C32-8138-8A226460C864}
Intel® PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Accounting 2008 Equifax Addin-->MsiExec.exe /X{0C2AF762-0565-4C91-9F55-B8B53BB82A38}
Microsoft Office Accounting 2008 Fixed Asset Manager-->MsiExec.exe /X{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}
Microsoft Office Accounting 2008 PayPal Addin-->MsiExec.exe /X{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}
Microsoft Office Accounting 2008-->"C:\Program Files\Microsoft Small Business\Office Accounting 2008\SetupBootstrap\Setup.exe" /remove {270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting 2008-->MsiExec.exe /X{270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting ADP Payroll Addin-->MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mouse Suite for Desktop Computers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448E2D77-E504-4221-B2C2-93646B344729}\Setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 7 Premium-->MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_2_0_2\Setup.exe" /X
Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
NVIDIA Drivers-->C:\WINDOWS\System32\nvuninst.exe UninstallGUI
Opanda IExif 2.3-->"C:\Program Files\Opanda\IExif 2.3\unins000.exe"
Opanda PowerExif 1.2 Professional Trial-->"C:\Program Files\Opanda\PowerExif 1.2\unins000.exe"
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Roxio Media Manager-->MsiExec.exe /X{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Apps\Spybot - Search & Destroy\unins000.exe"
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: Norton 360
FW: Norton 360

System event log

Computer Name: BELLA2
Event Code: 7035
Message: The NMIndexingService service was successfully sent a start control.

Record Number: 762
Source Name: Service Control Manager
Time Written: 20081210134401.000000-600
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: BELLA2
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 761
Source Name: Service Control Manager
Time Written: 20081210134400.000000-600
Event Type: information
User:

Computer Name: BELLA2
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 760
Source Name: Service Control Manager
Time Written: 20081210134359.000000-600
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: BELLA2
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 759
Source Name: Service Control Manager
Time Written: 20081210134359.000000-600
Event Type: information
User:

Computer Name: BELLA2
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 758
Source Name: Service Control Manager
Time Written: 20081210134358.000000-600
Event Type: information
User:

Application event log

Computer Name: BELLA2
Event Code: 0
Message:
Record Number: 2306
Source Name: gusvc
Time Written: 20081224004059.000000-600
Event Type: information
User:

Computer Name: BELLA2
Event Code: 17403
Message: Server resumed execution after being idle 1792 seconds. Reason: timer event.

Record Number: 2305
Source Name: MSSQL$MSSMLBIZ
Time Written: 20081224001746.000000-600
Event Type: information
User:

Computer Name: BELLA2
Event Code: 101
Message: Information Level: success

Automatic LiveUpdate has terminated.

Record Number: 2304
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081223234747.000000-600
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: BELLA2
Event Code: 101
Message: Information Level: success

Scheduler launched Automatic LiveUpdate.

Record Number: 2303
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081223234733.000000-600
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: BELLA2
Event Code: 17403
Message: Server resumed execution after being idle 1792 seconds. Reason: timer event.

Record Number: 2302
Source Name: MSSQL$MSSMLBIZ
Time Written: 20081223233241.000000-600
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:02 PM

Posted 31 December 2008 - 11:18 AM

Hi ninobrn99,


I notice there are sign of one P2P (Person to Person) File Sharing Programs on your computer. Even if you are using a "safe" P2P program, it is only the program that is safe.
You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
You are well advised to remove it via Control Panel > Add/Remove Programs.

Ares 2.1.1


After that, Please do the following:

Step1

Please disable Spybot S&D's protection,or it will interfere.

You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm



Step2

GooredFix - Option 2
Ensure all instances of Firefox are closed
  • Double-click Goored.exe on your Desktop to run it
  • Select 2. Fix Goored by typing 2 & pressing Enter.
  • Type y at the prompt then press Enter. The removal process will begin.
  • A log will open, post the contents of that log in your next reply.

Step3

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy&Paste the entire report in your next reply

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


In your next reply, please post back:


1.RSIT log.txt
2.GooredFix log
3.MBAM log.

Tell me how your pc is running now.

#5 ninobrn99

ninobrn99
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 02 January 2009 - 12:59 AM

GooredLog.txt
GooredFix v1.6 by jpshortstuff
Log created at 19:52 on 01/01/2009 running Option #2
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{5B3E1361-03B4-4BCF-A0BC-16EB9871A91A}"="C:\Documents and Settings\bella\Local Settings\Application Data\{5B3E1361-03B4-4BCF-A0BC-16EB9871A91A}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\bella\Local Settings\Application Data\{5B3E1361-03B4-4BCF-A0BC-16EB9871A91A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


Mbam-log
Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

1/1/2009 7:58:15 PM
mbam-log-2009-01-01 (19-58-15).txt

Scan type: Quick Scan
Objects scanned: 59594
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Performance Center (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.


RSIT log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by bella at 2009-01-01 19:59:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 230 GB (75%) free of 305 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:26 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Apps\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Apps\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\bella\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bella.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://campus.hpu.edu/cp/home/displaylogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Apps\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Apps\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Apps\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Apps\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228901502537
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228941447296
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Apps\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 15410 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Apps\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-12-10 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-09 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-09 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-09 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-09 251504]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-06-09 47104]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-10-07 86016]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-03-29 624248]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-26 236016]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-09 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2008-12-01 89024]
"SpybotSD TeaTimer"=C:\Apps\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"LogitechSetup"=D:\Setup\Setup.exe /start /restart /l:enu []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Apps\Ares\Ares.exe"="C:\Apps\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2008-12-31 16:41:32 ----D---- C:\Documents and Settings\bella\Application Data\Research In Motion
2008-12-30 21:12:36 ----D---- C:\rsit
2008-12-28 16:06:53 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-26 14:59:37 ----RA---- C:\WINDOWS\system32\lvci1051.dll
2008-12-26 14:53:02 ----R---- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-12-26 14:52:31 ----D---- C:\Documents and Settings\bella\Application Data\skypePM
2008-12-26 14:51:27 ----D---- C:\Documents and Settings\bella\Application Data\Skype
2008-12-26 14:51:12 ----D---- C:\Program Files\Skype
2008-12-26 14:51:11 ----D---- C:\Program Files\Common Files\Skype
2008-12-26 14:51:05 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-12-26 14:47:56 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-12-26 14:47:52 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2008-12-26 14:47:49 ----D---- C:\Program Files\Logitech
2008-12-26 14:45:45 ----D---- C:\Program Files\Common Files\logishrd
2008-12-26 14:45:44 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-25 20:43:49 ----D---- C:\Program Files\Buzzword
2008-12-25 20:43:16 ----D---- C:\Program Files\ReflexiveArcade
2008-12-24 17:49:48 ----D---- C:\Documents and Settings\bella\Application Data\InstallShield
2008-12-24 17:39:49 ----A---- C:\WINDOWS\system32\CreateLog.dll
2008-12-24 17:39:49 ----A---- C:\WINDOWS\system32\ConTest.dll
2008-12-24 17:39:49 ----A---- C:\WINDOWS\system32\ascbalon.dll
2008-12-22 20:05:02 ----D---- C:\Program Files\Trend Micro
2008-12-22 19:49:44 ----N---- C:\WINDOWS\system32\DE.tmp
2008-12-22 19:49:37 ----D---- C:\Program Files\Sophos
2008-12-22 17:43:27 ----D---- C:\Documents and Settings\bella\Application Data\Yahoo!
2008-12-22 17:43:27 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-22 17:42:32 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-22 17:42:29 ----D---- C:\Program Files\Yahoo!
2008-12-21 22:49:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-12-21 22:47:00 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-21 22:46:59 ----D---- C:\Program Files\Roxio
2008-12-21 22:46:59 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-12-21 22:46:48 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-12-21 22:44:30 ----D---- C:\Program Files\Common Files\Research In Motion
2008-12-21 22:44:28 ----D---- C:\Program Files\Research In Motion
2008-12-21 17:35:01 ----D---- C:\Documents and Settings\bella\Application Data\Malwarebytes
2008-12-21 17:34:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-21 17:34:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-21 12:01:13 ----D---- C:\Documents and Settings\bella\Application Data\Easy Thumbnails
2008-12-19 23:44:07 ----D---- C:\Program Files\XVI32
2008-12-19 22:47:52 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-12-19 17:28:31 ----D---- C:\Documents and Settings\bella\Application Data\Windows Search
2008-12-18 18:52:35 ----A---- C:\WINDOWS\wininit.ini
2008-12-18 17:12:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 17:11:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-18 17:10:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-18 17:01:12 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-18 16:57:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-18 16:53:16 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-12-18 16:28:24 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-12-18 16:28:23 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-12-18 16:23:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-18 16:15:23 ----D---- C:\Program Files\Adobe
2008-12-18 16:13:18 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-12-18 16:09:15 ----D---- C:\Program Files\Common Files\Adobe
2008-12-18 04:12:17 ----D---- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-12-18 04:06:52 ----D---- C:\WINDOWS\SQL9_KB948109_ENU
2008-12-17 19:32:22 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-17 18:56:27 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-12-17 18:55:44 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-17 18:55:41 ----D---- C:\WINDOWS\VirtualEar
2008-12-17 18:55:41 ----D---- C:\Program Files\Analog Devices
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\virtear.dll
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\DSndUp.exe
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\CleanUp.exe
2008-12-17 18:55:41 ----A---- C:\WINDOWS\system32\Audio3d.dll
2008-12-17 18:55:27 ----A---- C:\WINDOWS\system32\PostProc.dll
2008-12-17 18:55:27 ----A---- C:\WINDOWS\system32\Edcrypt.dll
2008-12-17 18:46:44 ----D---- C:\Program Files\Common Files\HP
2008-12-17 18:44:26 ----D---- C:\Program Files\Hewlett-Packard
2008-12-17 18:42:42 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-12-17 18:35:25 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-12-17 18:35:10 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-17 18:34:19 ----D---- C:\Program Files\HP
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\HPZc3212.dll
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\hpovst08.dll
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\hpotscl.dll
2008-12-17 18:00:26 ----A---- C:\WINDOWS\system32\hpgwiamd.dll
2008-12-17 17:59:29 ----A---- C:\WINDOWS\system32\hpzcon12.dll
2008-12-17 17:59:28 ----A---- C:\WINDOWS\system32\hpzlnt12.dll
2008-12-17 17:59:28 ----A---- C:\WINDOWS\system32\hpzcoi12.dll
2008-12-17 17:57:39 ----D---- C:\temp
2008-12-17 17:56:23 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-12-17 15:54:52 ----D---- C:\04222f3a7ffb963b99861852df
2008-12-16 21:18:21 ----D---- C:\Apps
2008-12-16 18:01:05 ----D---- C:\WINDOWS\system32\Dell
2008-12-14 13:36:56 ----D---- C:\ADVANCED_CORE_TRAINING
2008-12-11 04:24:14 ----D---- C:\WINDOWS\SQLTools9_KB954606_ENU
2008-12-11 04:18:50 ----D---- C:\WINDOWS\SQL9_KB954606_ENU
2008-12-10 20:49:24 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-10 20:49:24 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-10 12:08:00 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-10 11:50:19 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-12-10 11:49:49 ----D---- C:\Program Files\DVD Decrypter
2008-12-10 11:47:44 ----D---- C:\Documents and Settings\bella\Application Data\Apple Computer
2008-12-10 11:47:18 ----D---- C:\Program Files\iPod
2008-12-10 11:47:17 ----D---- C:\Program Files\iTunes
2008-12-10 11:47:05 ----D---- C:\Program Files\Bonjour
2008-12-10 11:46:30 ----D---- C:\Program Files\QuickTime
2008-12-10 11:46:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-10 11:46:08 ----D---- C:\Program Files\Apple Software Update
2008-12-10 11:45:45 ----D---- C:\Program Files\Common Files\Apple
2008-12-10 11:45:45 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-10 11:44:41 ----D---- C:\Program Files\Opanda
2008-12-10 11:43:33 ----D---- C:\Program Files\Easy Thumbnails
2008-12-10 11:14:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-10 11:12:28 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-10 11:12:16 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-10 11:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-10 11:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-10 11:11:14 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-12-10 11:08:51 ----D---- C:\Program Files\SlySoft
2008-12-10 11:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-10 10:48:27 ----D---- C:\WINDOWS\Sun
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 10:47:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 10:47:38 ----D---- C:\Program Files\Java
2008-12-10 10:46:08 ----D---- C:\Documents and Settings\bella\Application Data\Sun
2008-12-10 10:39:32 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-12-10 10:39:30 ----D---- C:\Program Files\DVD Shrink
2008-12-10 09:18:35 ----A---- C:\WINDOWS\eqemohagiq.dll
2008-12-10 09:15:22 ----D---- C:\Documents and Settings\bella\Application Data\Ahead
2008-12-10 09:14:49 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-12-10 09:12:48 ----D---- C:\Program Files\Nero
2008-12-10 09:12:48 ----D---- C:\Program Files\Common Files\Ahead
2008-12-10 09:12:48 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-12-10 09:11:02 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-10 09:11:01 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-10 08:54:11 ----D---- C:\Documents and Settings\bella\Application Data\WinRAR
2008-12-10 08:54:00 ----D---- C:\Program Files\WinRAR
2008-12-10 08:09:16 ----D---- C:\Documents and Settings\bella\Application Data\Adobe
2008-12-10 01:42:19 ----D---- C:\Program Files\Microsoft Small Business
2008-12-10 01:34:32 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-10 01:06:42 ----D---- C:\Program Files\PC Inspector File Recovery
2008-12-10 01:06:08 ----D---- C:\Program Files\Microsoft Works
2008-12-10 01:05:48 ----D---- C:\Program Files\Microsoft Visual Studio
2008-12-10 01:05:48 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-10 01:05:01 ----D---- C:\Program Files\Microsoft.NET
2008-12-10 01:03:01 ----D---- C:\WINDOWS\SHELLNEW
2008-12-10 01:02:40 ----D---- C:\Program Files\Microsoft Office
2008-12-10 01:02:39 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-10 01:02:22 ----RHD---- C:\MSOCache
2008-12-10 00:57:26 ----D---- C:\Documents and Settings\bella\Application Data\Mozilla
2008-12-10 00:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-10 00:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-10 00:55:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-10 00:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-10 00:54:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-10 00:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-10 00:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-10 00:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-10 00:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-10 00:53:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-10 00:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-10 00:53:26 ----D---- C:\Documents and Settings\bella\Application Data\Windows Desktop Search
2008-12-10 00:52:48 ----D---- C:\Program Files\Windows Desktop Search
2008-12-10 00:52:47 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-10 00:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-12-10 00:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-12-10 00:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-10 00:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-10 00:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-10 00:51:00 ----D---- C:\WINDOWS\ie7updates
2008-12-10 00:50:25 ----D---- C:\WINDOWS\WBEM
2008-12-10 00:49:17 ----HDC---- C:\WINDOWS\ie7
2008-12-10 00:49:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-10 00:48:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-10 00:47:11 ----D---- C:\Documents and Settings\bella\Application Data\GetRightToGo
2008-12-10 00:46:22 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-10 00:46:21 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-10 00:46:04 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-10 00:45:55 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-10 00:45:17 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-10 00:44:53 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-10 00:44:48 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-10 00:41:42 ----D---- C:\Program Files\Mozilla Firefox
2008-12-10 00:31:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 00:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 00:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 00:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 00:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 00:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2008-12-10 00:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-10 00:30:13 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-10 00:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-10 00:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-10 00:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-10 00:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-10 00:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-10 00:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-10 00:28:14 ----RSD---- C:\WINDOWS\assembly
2008-12-10 00:28:14 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-10 00:28:12 ----D---- C:\WINDOWS\system32\URTTemp
2008-12-10 00:26:08 ----D---- C:\Program Files\Windows Sidebar
2008-12-10 00:26:03 ----D---- C:\Program Files\Norton 360
2008-12-10 00:24:59 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-10 00:24:54 ----D---- C:\Program Files\Symantec
2008-12-10 00:24:54 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-10 00:24:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-10 00:23:31 ----D---- C:\Documents and Settings\bella\Application Data\Symantec
2008-12-10 00:21:40 ----D---- C:\WINDOWS\Prefetch
2008-12-10 00:20:39 ----SHD---- C:\RECYCLER
2008-12-10 00:13:12 ----D---- C:\WINDOWS\system32\scripting
2008-12-10 00:13:12 ----D---- C:\WINDOWS\system32\en-us
2008-12-10 00:13:11 ----D---- C:\WINDOWS\system32\en
2008-12-10 00:13:11 ----D---- C:\WINDOWS\l2schemas
2008-12-10 00:10:21 ----D---- C:\WINDOWS\network diagnostic
2008-12-10 00:05:43 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-10 00:05:43 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-10 00:05:42 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-10 00:05:42 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-10 00:05:41 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-10 00:05:41 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-10 00:05:41 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-12-10 00:05:40 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-12-10 00:05:40 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-10 00:05:40 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-10 00:05:38 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-10 00:05:37 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-10 00:05:36 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-10 00:05:36 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-12-10 00:05:35 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-10 00:05:33 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-10 00:05:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-10 00:05:30 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-10 00:05:30 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-10 00:05:29 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-10 00:05:29 ----A---- C:\WINDOWS\005423_.tmp
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-10 00:05:28 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-10 00:05:27 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-10 00:05:26 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-10 00:05:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-10 00:05:25 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-09 23:47:02 ----D---- C:\WINDOWS\provisioning
2008-12-09 23:47:02 ----D---- C:\WINDOWS\peernet
2008-12-09 23:46:24 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 23:44:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 23:44:13 ----D---- C:\WINDOWS\EHome
2008-12-09 23:42:59 ----N---- C:\WINDOWS\system32\spnpinst.exe
2008-12-09 23:37:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 23:35:17 ----D---- C:\Documents and Settings\bella\Application Data\Google
2008-12-09 23:35:07 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 23:35:06 ----D---- C:\Program Files\Google
2008-12-09 23:35:06 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-09 23:35:06 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 23:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 23:35:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 23:34:53 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-09 23:34:52 ----D---- C:\Documents and Settings\bella\Application Data\Macromedia
2008-12-09 23:34:42 ----D---- C:\WINDOWS\system32\bits
2008-12-09 23:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-12-09 23:34:23 ----N---- C:\WINDOWS\system32\xpob2res.dll
2008-12-09 23:34:23 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 23:34:23 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 23:34:23 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-12-09 23:34:23 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 23:32:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 23:32:26 ----D---- C:\WINDOWS\nview
2008-12-09 23:32:26 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 23:32:24 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 23:32:23 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 23:32:23 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 23:32:16 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-12-09 23:31:46 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 23:31:32 ----D---- C:\NVIDIA
2008-12-09 23:30:47 ----D---- C:\drvrtmp
2008-12-09 23:30:47 ----A---- C:\WINDOWS\system32\Prounstl.exe
2008-12-09 23:30:47 ----A---- C:\WINDOWS\system32\IntelNic.dll
2008-12-09 23:30:47 ----A---- C:\WINDOWS\system32\e1000msg.dll
2008-12-09 23:30:35 ----D---- C:\Program Files\Intel
2008-12-09 23:29:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 23:29:41 ----A---- C:\WINDOWS\system32\ico.exe
2008-12-09 23:29:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-09 23:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-12-09 23:29:39 ----D---- C:\Program Files\Dell
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\UnInst.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxutil.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxscrll.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxmiced.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxhooks.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\pmxcomm.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\Pelzoom.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\LaunHelp.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\iconspy.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\FontZoom.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\DellPM.ini
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\DellPM.exe
2008-12-09 23:29:39 ----A---- C:\WINDOWS\system32\ApSwitch.exe
2008-12-09 23:29:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 23:29:21 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-09 23:28:32 ----SHD---- C:\WINDOWS\Installer
2008-12-09 23:28:29 ----D---- C:\Documents and Settings\bella\Application Data\Identities
2008-12-09 23:28:25 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 23:28:22 ----ASH---- C:\Documents and Settings\bella\Application Data\desktop.ini
2008-12-09 23:28:21 ----SD---- C:\Documents and Settings\bella\Application Data\Microsoft
2008-12-09 23:27:50 ----SHD---- C:\System Volume Information
2008-12-09 23:27:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 23:26:01 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 23:26:01 ----D---- C:\Program Files\xerox
2008-12-09 23:26:01 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 23:25:52 ----D---- C:\DELL
2008-12-09 23:24:36 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2008-12-09 23:24:01 ----A---- C:\WINDOWS\control.ini
2008-12-09 23:24:01 ----A---- C:\AUTOEXEC.BAT
2008-12-09 23:23:56 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 23:23:55 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 23:23:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 23:23:22 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 23:23:22 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 23:23:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 23:23:05 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 23:22:45 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 23:22:43 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 23:22:43 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 23:22:38 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 23:22:38 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 23:22:38 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 23:22:37 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 23:22:36 ----D---- C:\Program Files\Common Files\Services
2008-12-09 23:22:36 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 23:22:33 ----SD---- C:\WINDOWS\Tasks
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 23:22:33 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 23:22:31 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 23:22:28 ----D---- C:\WINDOWS\srchasst
2008-12-09 23:22:27 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 23:22:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 23:22:26 ----D---- C:\Program Files\Movie Maker
2008-12-09 23:22:23 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 23:22:23 ----D---- C:\WINDOWS\PCHealth
2008-12-09 23:22:23 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 23:22:23 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 23:22:23 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 23:22:22 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 23:22:20 ----D---- C:\Program Files\NetMeeting
2008-12-09 23:22:20 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 23:22:20 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 23:22:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 23:22:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 23:22:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 23:22:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 23:22:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 23:22:17 ----D---- C:\Program Files\Internet Explorer
2008-12-09 23:22:17 ----D---- C:\Program Files\Common Files\System
2008-12-09 23:22:01 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 23:22:01 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 23:22:01 ----A---- C:\WINDOWS\vb.ini
2008-12-09 23:22:00 ----D---- C:\WINDOWS\Registration
2008-12-09 23:21:58 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 23:21:58 ----D---- C:\Program Files\Windows Media Player
2008-12-09 23:21:58 ----D---- C:\Program Files\Online Services
2008-12-09 23:21:56 ----D---- C:\Program Files\Messenger
2008-12-09 23:21:52 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 23:21:52 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 23:21:46 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 23:21:45 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 23:21:44 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 23:21:40 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 23:21:39 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 23:21:38 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 23:21:37 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 23:21:36 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 23:21:35 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 23:21:29 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 23:21:25 ----D---- C:\Program Files\Windows NT
2008-12-09 23:21:25 ----D---- C:\Program Files\MSN
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 23:21:25 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 23:21:24 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 23:21:23 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 23:21:23 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 23:21:22 ----D---- C:\WINDOWS\system32\Com
2008-12-09 23:21:22 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 23:21:22 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 23:21:20 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 13:20:15 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 13:18:59 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 13:18:27 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 13:18:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 13:18:24 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 13:18:24 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 13:18:22 ----RD---- C:\Program Files
2008-12-09 13:18:22 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 13:18:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 13:18:22 ----D---- C:\Program Files\Common Files
2008-12-09 13:18:20 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 13:18:20 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 13:18:20 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 13:18:19 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 13:18:18 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 13:18:18 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 13:18:18 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 13:18:17 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 13:18:16 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 13:18:15 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 13:18:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 13:18:12 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 13:18:11 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 13:18:11 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 13:18:11 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 13:18:11 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 13:18:08 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 13:18:06 ----RA---- C:\WINDOWS\SETD.tmp
2008-12-09 13:18:05 ----RA---- C:\WINDOWS\SET7.tmp
2008-12-09 13:18:03 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 13:18:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 13:18:00 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 13:17:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 13:17:46 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 13:17:44 ----D---- C:\Documents and Settings
2008-12-09 13:17:10 ----RASH---- C:\boot.ini
2008-12-09 13:14:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 13:14:36 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 13:14:36 ----RD---- C:\WINDOWS\Web
2008-12-09 13:14:36 ----HD---- C:\WINDOWS\inf
2008-12-09 13:14:36 ----D---- C:\WINDOWS\WinSxS
2008-12-09 13:14:36 ----D---- C:\WINDOWS\twain_32
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Temp
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\wins
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\spool
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\ras
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\npp
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\mui
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\IME
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\ias
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\export
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\config
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\3076
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\2052
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1054
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1042
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1041
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1037
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1033
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1031
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1028
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32\1025
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system32
2008-12-09 13:14:36 ----D---- C:\WINDOWS\system
2008-12-09 13:14:36 ----D---- C:\WINDOWS\security
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Resources
2008-12-09 13:14:36 ----D---- C:\WINDOWS\repair
2008-12-09 13:14:36 ----D---- C:\WINDOWS\mui
2008-12-09 13:14:36 ----D---- C:\WINDOWS\msapps
2008-12-09 13:14:36 ----D---- C:\WINDOWS\msagent
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Media
2008-12-09 13:14:36 ----D---- C:\WINDOWS\java
2008-12-09 13:14:36 ----D---- C:\WINDOWS\ime
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Help
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Debug
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Cursors
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 13:14:36 ----D---- C:\WINDOWS\Config
2008-12-09 13:14:36 ----D---- C:\WINDOWS\AppPatch
2008-12-09 13:14:36 ----D---- C:\WINDOWS\addins
2008-12-09 13:14:36 ----AD---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-17 18:56:50 ----A---- C:\WINDOWS\win.ini
2008-12-12 20:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 23:45:37 ----RASH---- C:\NTDETECT.COM
2008-12-09 13:18:22 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 AsfAlrt;AsfAlrt; \??\C:\WINDOWS\System32\drivers\AsfAlrt.sys []
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-12-01 103360]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2005-06-29 163840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-06 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-06 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-06 21744]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090101.022\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090101.022\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-07-16 5888]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081220.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\DE.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-02-03 14240]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-02-03 938272]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Apps\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2004-02-08 118784]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-21 55640]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-10-07 163908]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-12-10 1245064]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-18 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-26 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-26 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-26 1108464]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------
Ill reboot and see how the computer is now. Thank you!

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:02 PM

Posted 02 January 2009 - 12:40 PM

Hi ninobrn99,


You're doing well. :thumbsup: How is your browser acting now? Is the serarching function normal? Please specify that info in your next reply. Thanks


Step1.

Use Windows Explorer to find and delete this file(if found):


C:\WINDOWS\system32\ascbalon.dll


Step2.

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step3

Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
You can refer to this animation

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.






Please post back the logs in your next reply.


1.KAS Scan log
2.New HJT log.

Tell me how things are going now.

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:02 PM

Posted 04 January 2009 - 02:43 PM

Hi ninobrn99,


How are things going now? Are you still with us? :thumbsup:

#8 ninobrn99

ninobrn99
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 04 January 2009 - 02:48 PM

Yes, sorry about the delay. Everything seems to be fine thus far. i haven't had any redirections since the last clean.

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:02 PM

Posted 06 January 2009 - 12:25 AM

Hi ninobrn99,

Do you still need help? :thumbsup:

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:02 PM

Posted 07 January 2009 - 06:49 AM

Hi ninobrn99,


Since your issue appears resolved. Let's do some tidyup. Please delete RSIT and all the reg, bat, and log files we have used.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:


  • Flush System Restore---Don't forget it.

    Please go to Windows XP System Restore Guide

    Flush system restore points as instructed on Windows XP System Restore Guide. The infected files in SR would be removed automatically

    NOTE: only do this ONCE,not on a regular basis

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Keep your system updated

    Visit Microsoft's Windows Update Site Frequently.

  • Make your Internet Explorer more secure


    Please referring this thread to configure Internet Explorer 7 properly.

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#11 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:02 PM

Posted 09 January 2009 - 03:20 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users