Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Researchers Turn Amazon Echo Into an Eavesdropping Device

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

HJT log

Started by Elfiero , Jan 01 2009 01:10 PM

  • This topic is locked This topic is locked
22 replies to this topic

#1 Elfiero

Elfiero

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Lierne, Norway
  • Local time:12:49 AM

Posted 01 January 2009 - 01:10 PM

Did a netstat -a and found some dodgy ports open to traffic?
Now, I did remove a virus last night (trojan.zlob) on a HD connected through USB with a HDD enclosure , and the removal was successful...

I am afraid (paranoia yes) the external connection also infected my PC aswell.


In advance TYVM
BR
Elfiero aka Trond

Heres my log:

Attached Files


BC AdBot (Login to Remove)

 

#2 Elfiero

Elfiero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Lierne, Norway
  • Local time:12:49 AM

Posted 06 January 2009 - 05:32 AM

May I ask whats the deal with no replies? Did I post this in wrong forum?

#3 SpotCheckBilly

SpotCheckBilly

  • Members
  • 81 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Twin Cities, MN
  • Local time:05:49 PM

Posted 12 January 2009 - 06:38 PM

Hi Elfiero,

Welcome to the BleepingComputer forums.

We apologize for the delay in responding to your request for assistance. Every one of our team members is a volunteer and unfortunately, there are often just not enough to keep up with demand. Thank you so much for your patience.

Please NOTE: Generally, helpers look for threads with zero replies. If you reply to your own post before a helper does, it will often go overlooked until discovered by a forum moderator.

If your issue has been resolved or you have received help elsewhere, please post a reply here and let us know so that we can close this thread.

If you still need assistance, my name is SpotCheckBilly (SCB for short) and I will be happy to help you.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.NOTE: Before scanning, make sure all other running programs are closed
    There shouldn't be any scheduled antivirus scans running while the scan is being performed.
    Do not use your computer for anything else during the scan.

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • >>Follow the instructions that pop up for posting the results.<<
  • Close the program window, and delete the program from your desktop.
I look forward to your response. -- SCB :thumbsup:
Posted ImagePosted Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat" - Delbert McClinton
Posted Image

#4 Elfiero

Elfiero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Lierne, Norway
  • Local time:12:49 AM

Posted 15 January 2009 - 07:22 PM

Thank you for replying,
I have used many of the sollutions in here chasing dodgy activity on computers...


I didn't mention it, but I'm running a Vista x64 Business edition...
When running DDS I had a cp window open with "This tool does not support your operating system"

Edited by Elfiero, 15 January 2009 - 07:25 PM.

#5 SpotCheckBilly

SpotCheckBilly

  • Members
  • 81 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Twin Cities, MN
  • Local time:05:49 PM

Posted 16 January 2009 - 03:04 PM

High Elfiero,

Fortunately, even though DDS doesn't run on 64-bit systems, HijackThis, as you know, does. Please rescan and post a fresh log file.

Please do not attach the file. Copy/paste it directly into the message body using either of these methods:

Edit=>Select All
Edit=>Copy
Edit=>Paste into message body of reply window.

or

Ctrl+a to select entire contents
Ctrl+c to copy an entire contents
Ctrl+v to paste entire contents into message body of reply window.

We will take it from there. -- SCB :thumbsup:
Posted ImagePosted Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat" - Delbert McClinton
Posted Image

#6 Elfiero

Elfiero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Lierne, Norway
  • Local time:12:49 AM

Posted 16 January 2009 - 03:06 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:10, on 16.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Trond\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


BR
~Elfie

#7 SpotCheckBilly

SpotCheckBilly

  • Members
  • 81 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Twin Cities, MN
  • Local time:05:49 PM

Posted 16 January 2009 - 08:16 PM

Hi Elfiero,

I don't see anything untoward in your HijackThis log. I'd like to get a little bit more information and I believe this tool will run on a 64-bit system.
  • Please download random's system information tool (RSIT) and save it to your desktop.
  • Right click on RSIT.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  • Select 3 months from the drop-down list and click on Continue.
  • RSIT will start running. When done, 2 logs will be produced. The first one, log.txt, will be maximized, the second one, info.txt, will be minimized.
  • Please post both logs in your next reply. The logs can get quite long so please use separate replies, one for each log. That way they won't get cut off.-- SCB :thumbsup:

Posted ImagePosted Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat" - Delbert McClinton
Posted Image

#8 Elfiero

Elfiero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Lierne, Norway
  • Local time:12:49 AM

Posted 16 January 2009 - 08:51 PM

LOG

Logfile of random's system information tool 1.05 (written by random/random)
Run by Trond at 2009-01-17 02:40:53
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 30 GB (43%) free of 71 GB
Total RAM: 3326 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:40:58, on 17.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Trond\Desktop\RSIT.exe
C:\Users\Trond\Desktop\Trond.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10816 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Internet Security Online - Kjør full systemskanning - Trond.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-25 316784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-12-15 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2009-01-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-01-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 316784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"=C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe /r []
"AsioThk32Reg"=REGSVR32.EXE /S CTASIO.DLL []
"ccApp"=C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-01-01 136600]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
"CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2008-10-07 23552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GammaTray.lnk - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Trond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-17 02:40:53 ----D---- C:\rsit
2009-01-16 11:46:43 ----D---- C:\ProgramData\FLEXnet
2009-01-16 11:33:34 ----D---- C:\Program Files (x86)\Bonjour
2009-01-16 11:31:52 ----D---- C:\Windows\system32\spool
2009-01-16 11:30:09 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared
2009-01-15 00:55:08 ----D---- C:\Users\Trond\AppData\Roaming\Xfire
2009-01-15 00:55:06 ----D---- C:\ProgramData\Xfire
2009-01-15 00:55:06 ----D---- C:\Program Files (x86)\Xfire
2009-01-14 12:31:12 ----D---- C:\Users\Trond\AppData\Roaming\WinRAR
2009-01-14 12:31:03 ----D---- C:\Program Files (x86)\WinRAR
2009-01-13 12:18:47 ----D---- C:\Users\Trond\AppData\Roaming\Download Manager
2009-01-13 12:08:17 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2009-01-06 23:50:33 ----D---- C:\Windows\system32\Futuremark
2009-01-06 11:10:41 ----D---- C:\Windows\Minidump
2009-01-05 18:25:58 ----D---- C:\Users\Trond\AppData\Roaming\Mozilla
2009-01-05 18:25:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-01-05 17:17:49 ----D---- C:\Program Files (x86)\Teamspeak2_RC2
2009-01-05 15:21:19 ----D---- C:\Program Files (x86)\Common Files\Creative
2009-01-05 15:20:27 ----D---- C:\Windows\system32\Data
2009-01-05 15:20:00 ----D---- C:\Program Files (x86)\Creative
2009-01-05 15:19:36 ----A---- C:\Windows\system32\AppSetup.exe
2009-01-05 15:04:36 ----D---- C:\Windows\system32\AGEIA
2009-01-05 15:04:36 ----D---- C:\Program Files (x86)\AGEIA Technologies
2009-01-05 15:01:17 ----D---- C:\ProgramData\NVIDIA
2009-01-05 14:50:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2009-01-05 14:49:56 ----A---- C:\Windows\system32\nvoglv32.dll
2009-01-05 14:49:55 ----A---- C:\Windows\system32\nvd3dum.dll
2009-01-05 14:49:55 ----A---- C:\Windows\system32\nvcuda.dll
2009-01-05 14:49:54 ----A---- C:\Windows\system32\nvapi.dll
2009-01-04 19:03:59 ----D---- C:\Windows\pss
2009-01-01 19:33:06 ----D---- C:\Windows\Sun
2009-01-01 19:32:44 ----A---- C:\Windows\system32\javaws.exe
2009-01-01 19:32:44 ----A---- C:\Windows\system32\javaw.exe
2009-01-01 19:32:44 ----A---- C:\Windows\system32\java.exe
2009-01-01 19:32:44 ----A---- C:\Windows\system32\deploytk.dll
2009-01-01 19:32:36 ----D---- C:\Program Files (x86)\Java
2008-12-29 16:54:13 ----D---- C:\ProgramData\TrackMania
2008-12-29 16:51:35 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-12-29 16:51:34 ----A---- C:\Windows\system32\xinput1_1.dll
2008-12-29 16:51:33 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-12-29 16:51:28 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-12-29 16:51:28 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-12-29 16:51:27 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-12-29 16:51:25 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-12-29 16:51:24 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-12-29 16:51:23 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-12-29 16:51:22 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-12-29 16:49:46 ----D---- C:\Program Files (x86)\TmNationsForever
2008-12-25 13:05:24 ----D---- C:\Users\Trond\AppData\Roaming\teamspeak2
2008-12-23 20:01:35 ----D---- C:\Users\Trond\AppData\Roaming\Creative
2008-12-23 17:39:16 ----A---- C:\Windows\NeroDigital.ini
2008-12-23 10:15:03 ----D---- C:\ProgramData\Adobe
2008-12-23 10:15:00 ----D---- C:\Program Files (x86)\Common Files\Adobe
2008-12-23 10:15:00 ----D---- C:\Program Files (x86)\Adobe
2008-12-23 10:01:51 ----D---- C:\ProgramData\NOS
2008-12-23 10:01:51 ----D---- C:\Program Files (x86)\NOS
2008-12-22 01:48:56 ----D---- C:\ProgramData\gslist
2008-12-22 01:48:11 ----D---- C:\Program Files (x86)\PBSSCollector2.8.1
2008-12-20 00:17:47 ----A---- C:\Windows\ntbtlog.txt
2008-12-20 00:14:18 ----D---- C:\Program Files (x86)\Driver Sweeper
2008-12-19 21:37:29 ----A---- C:\Windows\system32\msshooks.dll
2008-12-19 21:37:29 ----A---- C:\Windows\system32\msscb.dll
2008-12-19 21:37:29 ----A---- C:\Windows\system32\mimefilt.dll
2008-12-19 21:37:26 ----A---- C:\Windows\system32\thawbrkr.dll
2008-12-19 21:37:26 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-12-19 21:37:26 ----A---- C:\Windows\system32\propsys.dll
2008-12-19 21:37:26 ----A---- C:\Windows\system32\propdefs.dll
2008-12-19 21:37:26 ----A---- C:\Windows\system32\offfilt.dll
2008-12-19 21:37:26 ----A---- C:\Windows\system32\msstrc.dll
2008-12-19 21:37:26 ----A---- C:\Windows\system32\mssprxy.dll
2008-12-19 21:37:26 ----A---- C:\Windows\system32\mssitlb.dll
2008-12-19 21:37:26 ----A---- C:\Windows\system32\msshsq.dll
2008-12-19 21:37:26 ----A---- C:\Windows\system32\korwbrkr.dll
2008-12-19 21:37:26 ----A---- C:\Windows\system32\chsbrkr.dll
2008-12-19 21:37:25 ----A---- C:\Windows\system32\xmlfilter.dll
2008-12-19 21:37:25 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-12-19 21:37:25 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-12-19 21:37:25 ----A---- C:\Windows\system32\rtffilt.dll
2008-12-19 21:37:25 ----A---- C:\Windows\system32\nlhtml.dll
2008-12-19 21:37:25 ----A---- C:\Windows\system32\mssvp.dll
2008-12-19 21:37:25 ----A---- C:\Windows\system32\mssrch.dll
2008-12-19 21:37:25 ----A---- C:\Windows\system32\mssphtb.dll
2008-12-19 21:37:25 ----A---- C:\Windows\system32\mssph.dll
2008-12-19 21:37:25 ----A---- C:\Windows\system32\msscntrs.dll
2008-12-19 21:37:25 ----A---- C:\Windows\system32\chtbrkr.dll
2008-12-19 21:37:24 ----A---- C:\Windows\system32\tquery.dll
2008-12-19 21:29:39 ----D---- C:\hotfix
2008-12-19 18:16:04 ----D---- C:\Program Files (x86)\aLeX^rS
2008-12-19 18:15:46 ----D---- C:\Windows\Downloaded Installations
2008-12-18 23:42:09 ----D---- C:\Program Files (x86)\MSXML 4.0
2008-12-18 21:07:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-18 18:39:38 ----D---- C:\Program Files (x86)\Microsoft Works
2008-12-18 18:39:11 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2008-12-18 18:39:10 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2008-12-18 18:38:46 ----D---- C:\Program Files (x86)\Microsoft.NET
2008-12-18 18:36:48 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2008-12-18 18:36:09 ----D---- C:\ProgramData\Microsoft Help
2008-12-18 18:36:09 ----D---- C:\Program Files (x86)\Microsoft Office
2008-12-18 18:35:51 ----RHD---- C:\MSOCache
2008-12-18 17:35:13 ----D---- C:\Users\Trond\AppData\Roaming\Nero
2008-12-18 17:35:06 ----A---- C:\Windows\Irremote.ini
2008-12-18 17:34:49 ----A---- C:\Windows\system32\MsiExec.exe.log
2008-12-18 17:33:50 ----D---- C:\ProgramData\Nero
2008-12-18 17:33:50 ----D---- C:\Program Files (x86)\Nero
2008-12-18 17:33:50 ----D---- C:\Program Files (x86)\Common Files\Nero
2008-12-18 17:32:25 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-12-18 17:32:25 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-12-17 23:29:34 ----A---- C:\Windows\system32\mshtml.dll
2008-12-15 20:59:47 ----A---- C:\Windows\system32\vbscript.dll
2008-12-15 20:59:46 ----A---- C:\Windows\system32\wshext.dll
2008-12-15 20:59:46 ----A---- C:\Windows\system32\wscript.exe
2008-12-15 20:59:46 ----A---- C:\Windows\system32\scrrun.dll
2008-12-15 20:59:46 ----A---- C:\Windows\system32\scrobj.dll
2008-12-15 20:59:46 ----A---- C:\Windows\system32\jscript.dll
2008-12-15 20:59:46 ----A---- C:\Windows\system32\dataclen.dll
2008-12-15 20:59:46 ----A---- C:\Windows\system32\cscript.exe
2008-12-15 20:59:44 ----A---- C:\Windows\system32\wshqos.dll
2008-12-15 20:59:44 ----A---- C:\Windows\system32\traffic.dll
2008-12-15 20:59:44 ----A---- C:\Windows\system32\rpcrt4.dll
2008-12-15 20:59:44 ----A---- C:\Windows\system32\pacerprf.dll
2008-12-15 20:59:43 ----A---- C:\Windows\system32\Faultrep.dll
2008-12-15 18:25:16 ----D---- C:\Users\Trond\AppData\Roaming\nHancer
2008-12-15 18:24:02 ----D---- C:\ProgramData\nHancer
2008-12-15 14:52:12 ----D---- C:\Users\Trond\AppData\Roaming\Symantec
2008-12-15 14:50:49 ----D---- C:\Program Files (x86)\Norton Internet Security
2008-12-15 14:50:13 ----D---- C:\Program Files (x86)\Symantec
2008-12-15 14:47:43 ----D---- C:\ProgramData\Symantec
2008-12-15 14:47:43 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2008-12-15 14:34:37 ----D---- C:\PerfLogs
2008-12-15 13:55:12 ----A---- C:\Windows\system32\onex.dll
2008-12-15 13:55:01 ----A---- C:\Windows\system32\imagesp1.dll
2008-12-15 13:54:56 ----A---- C:\Windows\system32\WsmSvc.dll
2008-12-15 13:54:56 ----A---- C:\Windows\system32\winrscmd.dll
2008-12-15 13:54:55 ----A---- C:\Windows\system32\pidgenx.dll
2008-12-15 13:54:55 ----A---- C:\Windows\system32\iesetup.dll
2008-12-15 13:54:54 ----A---- C:\Windows\system32\mstscax.dll
2008-12-15 13:54:52 ----A---- C:\Windows\system32\RMActivate.exe
2008-12-15 13:54:51 ----A---- C:\Windows\system32\vssapi.dll
2008-12-15 13:54:50 ----A---- C:\Windows\system32\secproc.dll
2008-12-15 13:54:50 ----A---- C:\Windows\system32\RMActivate_isv.exe
2008-12-15 13:54:50 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2008-12-15 13:54:50 ----A---- C:\Windows\bfsvc.exe
2008-12-15 13:54:48 ----A---- C:\Windows\system32\secproc_isv.dll
2008-12-15 13:54:46 ----A---- C:\Windows\system32\xpssvcs.dll
2008-12-15 13:54:46 ----A---- C:\Windows\system32\wecutil.exe
2008-12-15 13:54:46 ----A---- C:\Windows\system32\ntdll.dll
2008-12-15 13:54:46 ----A---- C:\Windows\system32\icardagt.exe
2008-12-15 13:54:46 ----A---- C:\Windows\system32\drmv2clt.dll
2008-12-15 13:54:46 ----A---- C:\Windows\system32\blackbox.dll
2008-12-15 13:54:44 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2008-12-15 13:54:44 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2008-12-15 13:54:44 ----A---- C:\Windows\system32\RacEngn.dll
2008-12-15 13:54:44 ----A---- C:\Windows\system32\kernel32.dll
2008-12-15 13:54:43 ----A---- C:\Windows\system32\spwizimg.dll
2008-12-15 13:54:43 ----A---- C:\Windows\system32\rdpencom.dll
2008-12-15 13:54:41 ----A---- C:\Windows\system32\msjet40.dll
2008-12-15 13:54:41 ----A---- C:\Windows\system32\localspl.dll
2008-12-15 13:54:39 ----A---- C:\Windows\system32\wcncsvc.dll
2008-12-15 13:54:39 ----A---- C:\Windows\system32\user32.dll
2008-12-15 13:54:39 ----A---- C:\Windows\system32\mscoree.dll
2008-12-15 13:54:36 ----A---- C:\Windows\system32\wmp.dll
2008-12-15 13:54:36 ----A---- C:\Windows\system32\wcnwiz.dll
2008-12-15 13:54:36 ----A---- C:\Windows\system32\SMBHelperClass.dll
2008-12-15 13:54:36 ----A---- C:\Windows\system32\msvbvm60.dll
2008-12-15 13:54:36 ----A---- C:\Windows\system32\mstsc.exe
2008-12-15 13:54:34 ----A---- C:\Windows\system32\nlmgp.dll
2008-12-15 13:54:34 ----A---- C:\Windows\system32\DfsShlEx.dll
2008-12-15 13:54:34 ----A---- C:\Windows\system32\advapi32.dll
2008-12-15 13:54:33 ----A---- C:\Windows\system32\mmcndmgr.dll
2008-12-15 13:54:33 ----A---- C:\Windows\system32\kerberos.dll
2008-12-15 13:54:33 ----A---- C:\Windows\system32\IMJP10K.DLL
2008-12-15 13:54:32 ----A---- C:\Windows\system32\schtasks.exe
2008-12-15 13:54:32 ----A---- C:\Windows\system32\CertEnroll.dll
2008-12-15 13:54:31 ----A---- C:\Windows\system32\Query.dll
2008-12-15 13:54:30 ----A---- C:\Windows\system32\xolehlp.dll
2008-12-15 13:54:28 ----A---- C:\Windows\system32\ole32.dll
2008-12-15 13:54:28 ----A---- C:\Windows\system32\msdtcprx.dll
2008-12-15 13:54:27 ----A---- C:\Windows\system32\netlogon.dll
2008-12-15 13:54:27 ----A---- C:\Windows\system32\bcrypt.dll
2008-12-15 13:54:26 ----A---- C:\Windows\system32\msvcrt.dll
2008-12-15 13:54:25 ----A---- C:\Windows\system32\shlwapi.dll
2008-12-15 13:54:25 ----A---- C:\Windows\system32\IasMigPlugin.dll
2008-12-15 13:54:24 ----A---- C:\Windows\system32\wer.dll
2008-12-15 13:54:24 ----A---- C:\Windows\system32\milcore.dll
2008-12-15 13:54:24 ----A---- C:\Windows\system32\clusapi.dll
2008-12-15 13:54:23 ----A---- C:\Windows\system32\WSDApi.dll
2008-12-15 13:54:23 ----A---- C:\Windows\system32\vdsdyn.dll
2008-12-15 13:54:23 ----A---- C:\Windows\system32\d3d9.dll
2008-12-15 13:54:22 ----A---- C:\Windows\system32\winrsmgr.dll
2008-12-15 13:54:22 ----A---- C:\Windows\system32\mtxclu.dll
2008-12-15 13:54:22 ----A---- C:\Windows\system32\mmc.exe
2008-12-15 13:54:21 ----A---- C:\Windows\system32\vdsbas.dll
2008-12-15 13:54:21 ----A---- C:\Windows\system32\SLC.dll
2008-12-15 13:54:20 ----A---- C:\Windows\system32\msi.dll
2008-12-15 13:54:20 ----A---- C:\Windows\system32\comctl32.dll
2008-12-15 13:54:19 ----A---- C:\Windows\system32\MSVidCtl.dll
2008-12-15 13:54:18 ----A---- C:\Windows\system32\XPSSHHDR.dll
2008-12-15 13:54:18 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2008-12-15 13:54:17 ----A---- C:\Windows\system32\sbe.dll
2008-12-15 13:54:17 ----A---- C:\Windows\system32\mfc42u.dll
2008-12-15 13:54:16 ----A---- C:\Windows\system32\usp10.dll
2008-12-15 13:54:16 ----A---- C:\Windows\system32\esent.dll
2008-12-15 13:54:15 ----A---- C:\Windows\system32\mfc42.dll
2008-12-15 13:54:15 ----A---- C:\Windows\system32\gpresult.exe
2008-12-15 13:54:15 ----A---- C:\Windows\system32\cmipnpinstall.dll
2008-12-15 13:54:15 ----A---- C:\Windows\system32\cmicryptinstall.dll
2008-12-15 13:54:14 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2008-12-15 13:54:14 ----A---- C:\Windows\system32\crypt32.dll
2008-12-15 13:54:14 ----A---- C:\Windows\system32\comsvcs.dll
2008-12-15 13:54:14 ----A---- C:\Windows\system32\certutil.exe
2008-12-15 13:54:13 ----A---- C:\Windows\system32\wmdrmsdk.dll
2008-12-15 13:54:13 ----A---- C:\Windows\system32\oleaut32.dll
2008-12-15 13:54:13 ----A---- C:\Windows\system32\mswsock.dll
2008-12-15 13:54:13 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-12-15 13:54:12 ----A---- C:\Windows\system32\sqlceqp30.dll
2008-12-15 13:54:12 ----A---- C:\Windows\system32\setupapi.dll
2008-12-15 13:54:12 ----A---- C:\Windows\system32\sdohlp.dll
2008-12-15 13:54:12 ----A---- C:\Windows\system32\lsm.exe
2008-12-15 13:54:11 ----A---- C:\Windows\system32\schannel.dll
2008-12-15 13:54:11 ----A---- C:\Windows\system32\p2psvc.dll
2008-12-15 13:54:11 ----A---- C:\Windows\system32\msv1_0.dll
2008-12-15 13:54:11 ----A---- C:\Windows\system32\eapp3hst.dll
2008-12-15 13:54:11 ----A---- C:\Windows\HelpPane.exe
2008-12-15 13:54:10 ----A---- C:\Windows\system32\wmpmde.dll
2008-12-15 13:54:10 ----A---- C:\Windows\system32\vdsutil.dll
2008-12-15 13:54:10 ----A---- C:\Windows\system32\thumbcache.dll
2008-12-15 13:54:10 ----A---- C:\Windows\system32\riched20.dll
2008-12-15 13:54:10 ----A---- C:\Windows\system32\autofmt.exe
2008-12-15 13:54:10 ----A---- C:\Windows\system32\autoconv.exe
2008-12-15 13:54:10 ----A---- C:\Windows\system32\autochk.exe
2008-12-15 13:54:09 ----A---- C:\Windows\system32\imapi2fs.dll
2008-12-15 13:54:09 ----A---- C:\Windows\system32\d3d10_1.dll
2008-12-15 13:54:09 ----A---- C:\Windows\system32\authui.dll
2008-12-15 13:54:09 ----A---- C:\Windows\system32\authfwcfg.dll
2008-12-15 13:54:08 ----A---- C:\Windows\system32\wevtapi.dll
2008-12-15 13:54:08 ----A---- C:\Windows\system32\dmvdsitf.dll
2008-12-15 13:54:08 ----A---- C:\Windows\system32\d3d10_1core.dll
2008-12-15 13:54:08 ----A---- C:\Windows\system32\comuid.dll
2008-12-15 13:54:08 ----A---- C:\Windows\system32\comdlg32.dll
2008-12-15 13:54:08 ----A---- C:\Windows\system32\browseui.dll
2008-12-15 13:54:07 ----A---- C:\Windows\system32\WSDMon.dll
2008-12-15 13:54:07 ----A---- C:\Windows\system32\wevtfwd.dll
2008-12-15 13:54:07 ----A---- C:\Windows\system32\untfs.dll
2008-12-15 13:54:07 ----A---- C:\Windows\system32\uexfat.dll
2008-12-15 13:54:07 ----A---- C:\Windows\system32\mscories.dll
2008-12-15 13:54:07 ----A---- C:\Windows\system32\eapphost.dll
2008-12-15 13:54:07 ----A---- C:\Windows\system32\eappcfg.dll
2008-12-15 13:54:06 ----A---- C:\Windows\system32\sqlcese30.dll
2008-12-15 13:54:06 ----A---- C:\Windows\system32\pcaui.dll
2008-12-15 13:54:06 ----A---- C:\Windows\system32\iassam.dll
2008-12-15 13:54:06 ----A---- C:\Windows\system32\DfrgNtfs.exe
2008-12-15 13:54:04 ----A---- C:\Windows\system32\winhttp.dll
2008-12-15 13:54:04 ----A---- C:\Windows\system32\mssha.dll
2008-12-15 13:54:04 ----A---- C:\Windows\system32\msdrm.dll
2008-12-15 13:54:03 ----A---- C:\Windows\system32\zipfldr.dll
2008-12-15 13:54:03 ----A---- C:\Windows\system32\WsmAuto.dll
2008-12-15 13:54:03 ----A---- C:\Windows\system32\rasppp.dll
2008-12-15 13:54:03 ----A---- C:\Windows\system32\ncrypt.dll
2008-12-15 13:54:03 ----A---- C:\Windows\system32\evr.dll
2008-12-15 13:54:03 ----A---- C:\Windows\system32\dfrgui.exe
2008-12-15 13:54:02 ----A---- C:\Windows\system32\wmdrmdev.dll
2008-12-15 13:54:02 ----A---- C:\Windows\system32\uxtheme.dll
2008-12-15 13:54:02 ----A---- C:\Windows\system32\msrepl40.dll
2008-12-15 13:54:02 ----A---- C:\Windows\system32\msra.exe
2008-12-15 13:54:02 ----A---- C:\Windows\system32\ddraw.dll
2008-12-15 13:54:02 ----A---- C:\Windows\system32\CertEnrollCtrl.exe
2008-12-15 13:54:01 ----A---- C:\Windows\system32\WsmWmiPl.dll
2008-12-15 13:54:01 ----A---- C:\Windows\system32\printui.dll
2008-12-15 13:54:01 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-12-15 13:53:59 ----A---- C:\Windows\system32\WebClnt.dll
2008-12-15 13:53:59 ----A---- C:\Windows\system32\themecpl.dll
2008-12-15 13:53:59 ----A---- C:\Windows\system32\rastls.dll
2008-12-15 13:53:59 ----A---- C:\Windows\system32\objsel.dll
2008-12-15 13:53:58 ----A---- C:\Windows\system32\QAGENT.DLL
2008-12-15 13:53:58 ----A---- C:\Windows\system32\dbghelp.dll
2008-12-15 13:53:57 ----A---- C:\Windows\system32\sqlsrv32.dll
2008-12-15 13:53:57 ----A---- C:\Windows\system32\iasnap.dll
2008-12-15 13:53:56 ----A---- C:\Windows\system32\wmdrmnet.dll
2008-12-15 13:53:56 ----A---- C:\Windows\system32\WerFaultSecure.exe
2008-12-15 13:53:56 ----A---- C:\Windows\system32\PresentationHost.exe
2008-12-15 13:53:56 ----A---- C:\Windows\system32\ncryptui.dll
2008-12-15 13:53:56 ----A---- C:\Windows\system32\iprtrmgr.dll
2008-12-15 13:53:56 ----A---- C:\Windows\system32\icm32.dll
2008-12-15 13:53:56 ----A---- C:\Windows\system32\azroles.dll
2008-12-15 13:53:55 ----A---- C:\Windows\system32\spoolss.dll
2008-12-15 13:53:55 ----A---- C:\Windows\system32\msctf.dll
2008-12-15 13:53:55 ----A---- C:\Windows\system32\infocardapi.dll
2008-12-15 13:53:54 ----A---- C:\Windows\system32\wlangpui.dll
2008-12-15 13:53:54 ----A---- C:\Windows\system32\taskschd.dll
2008-12-15 13:53:54 ----A---- C:\Windows\system32\systeminfo.exe
2008-12-15 13:53:54 ----A---- C:\Windows\system32\mstlsapi.dll
2008-12-15 13:53:54 ----A---- C:\Windows\system32\basecsp.dll
2008-12-15 13:53:54 ----A---- C:\Windows\system32\AudioEng.dll
2008-12-15 13:53:53 ----A---- C:\Windows\system32\scksp.dll
2008-12-15 13:53:53 ----A---- C:\Windows\system32\netprofm.dll
2008-12-15 13:53:52 ----A---- C:\Windows\system32\winsta.dll
2008-12-15 13:53:52 ----A---- C:\Windows\system32\winlogon.exe
2008-12-15 13:53:52 ----A---- C:\Windows\system32\taskcomp.dll
2008-12-15 13:53:52 ----A---- C:\Windows\system32\rsaenh.dll
2008-12-15 13:53:52 ----A---- C:\Windows\system32\perfhost.exe
2008-12-15 13:53:52 ----A---- C:\Windows\system32\netcfgx.dll
2008-12-15 13:53:52 ----A---- C:\Windows\system32\dbgeng.dll
2008-12-15 13:53:52 ----A---- C:\Windows\system32\cdosys.dll
2008-12-15 13:53:51 ----A---- C:\Windows\system32\wscisvif.dll
2008-12-15 13:53:51 ----A---- C:\Windows\system32\wlansec.dll
2008-12-15 13:53:51 ----A---- C:\Windows\system32\msdtcuiu.dll
2008-12-15 13:53:51 ----A---- C:\Windows\system32\driverquery.exe
2008-12-15 13:53:51 ----A---- C:\Windows\system32\dfshim.dll
2008-12-15 13:53:51 ----A---- C:\Windows\system32\certcli.dll
2008-12-15 13:53:51 ----A---- C:\Windows\system32\apds.dll
2008-12-15 13:53:50 ----A---- C:\Windows\system32\tsgqec.dll
2008-12-15 13:53:50 ----A---- C:\Windows\system32\srchadmin.dll
2008-12-15 13:53:50 ----A---- C:\Windows\system32\shdocvw.dll
2008-12-15 13:53:50 ----A---- C:\Windows\system32\mprddm.dll
2008-12-15 13:53:50 ----A---- C:\Windows\system32\iasrad.dll
2008-12-15 13:53:50 ----A---- C:\Windows\system32\AUDIOKSE.dll
2008-12-15 13:53:50 ----A---- C:\Windows\system32\aaclient.dll
2008-12-15 13:53:49 ----A---- C:\Windows\system32\Wldap32.dll
2008-12-15 13:53:49 ----A---- C:\Windows\system32\secur32.dll
2008-12-15 13:53:49 ----A---- C:\Windows\system32\msidcrl30.dll
2008-12-15 13:53:49 ----A---- C:\Windows\system32\dnsapi.dll
2008-12-15 13:53:49 ----A---- C:\Windows\system32\certmgr.dll
2008-12-15 13:53:48 ----A---- C:\Windows\system32\WMVDECOD.DLL
2008-12-15 13:53:48 ----A---- C:\Windows\system32\pla.dll
2008-12-15 13:53:48 ----A---- C:\Windows\system32\netshell.dll
2008-12-15 13:53:48 ----A---- C:\Windows\system32\dxgi.dll
2008-12-15 13:53:48 ----A---- C:\Windows\system32\dot3gpui.dll
2008-12-15 13:53:47 ----A---- C:\Windows\system32\shsvcs.dll
2008-12-15 13:53:47 ----A---- C:\Windows\system32\ntprint.dll
2008-12-15 13:53:47 ----A---- C:\Windows\system32\MMDevAPI.dll
2008-12-15 13:53:47 ----A---- C:\Windows\system32\iashost.exe
2008-12-15 13:53:47 ----A---- C:\Windows\system32\cryptnet.dll
2008-12-15 13:53:47 ----A---- C:\Windows\system32\comsnap.dll
2008-12-15 13:53:46 ----A---- C:\Windows\system32\WMVSDECD.DLL
2008-12-15 13:53:46 ----A---- C:\Windows\system32\winmm.dll
2008-12-15 13:53:46 ----A---- C:\Windows\system32\taskeng.exe
2008-12-15 13:53:46 ----A---- C:\Windows\system32\synceng.dll
2008-12-15 13:53:46 ----A---- C:\Windows\system32\services.exe
2008-12-15 13:53:46 ----A---- C:\Windows\system32\pnidui.dll
2008-12-15 13:53:46 ----A---- C:\Windows\system32\msjtes40.dll
2008-12-15 13:53:46 ----A---- C:\Windows\system32\iassdo.dll
2008-12-15 13:53:46 ----A---- C:\Windows\system32\cmifw.dll
2008-12-15 13:53:46 ----A---- C:\Windows\system32\cipher.exe
2008-12-15 13:53:45 ----A---- C:\Windows\system32\tdh.dll
2008-12-15 13:53:45 ----A---- C:\Windows\system32\SessEnv.dll
2008-12-15 13:53:45 ----A---- C:\Windows\system32\rasapi32.dll
2008-12-15 13:53:45 ----A---- C:\Windows\system32\imapi2.dll
2008-12-15 13:53:45 ----A---- C:\Windows\system32\dot3api.dll
2008-12-15 13:53:45 ----A---- C:\Windows\system32\dmdskmgr.dll
2008-12-15 13:53:45 ----A---- C:\Windows\system32\cmd.exe
2008-12-15 13:53:45 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2008-12-15 13:53:44 ----A---- C:\Windows\system32\wlanmsm.dll
2008-12-15 13:53:44 ----A---- C:\Windows\system32\wlancfg.dll
2008-12-15 13:53:44 ----A---- C:\Windows\system32\wevtutil.exe
2008-12-15 13:53:44 ----A---- C:\Windows\system32\qdvd.dll
2008-12-15 13:53:44 ----A---- C:\Windows\system32\msscp.dll
2008-12-15 13:53:44 ----A---- C:\Windows\system32\loadperf.dll
2008-12-15 13:53:44 ----A---- C:\Windows\system32\gpedit.msc
2008-12-15 13:53:44 ----A---- C:\Windows\system32\diskpart.exe
2008-12-15 13:53:44 ----A---- C:\Windows\system32\comres.dll
2008-12-15 13:53:43 ----A---- C:\Windows\system32\wlanapi.dll
2008-12-15 13:53:43 ----A---- C:\Windows\system32\rpchttp.dll
2008-12-15 13:53:43 ----A---- C:\Windows\system32\mshtmled.dll
2008-12-15 13:53:43 ----A---- C:\Windows\system32\localsec.dll
2008-12-15 13:53:43 ----A---- C:\Windows\system32\hnetcfg.dll
2008-12-15 13:53:43 ----A---- C:\Windows\system32\fontext.dll
2008-12-15 13:53:42 ----A---- C:\Windows\system32\WMADMOD.DLL
2008-12-15 13:53:42 ----A---- C:\Windows\system32\wlanpref.dll
2008-12-15 13:53:42 ----A---- C:\Windows\system32\WinSATAPI.dll
2008-12-15 13:53:42 ----A---- C:\Windows\system32\NAPMONTR.DLL
2008-12-15 13:53:42 ----A---- C:\Windows\system32\dsound.dll
2008-12-15 13:53:41 ----A---- C:\Windows\system32\whealogr.dll
2008-12-15 13:53:41 ----A---- C:\Windows\system32\filemgmt.dll
2008-12-15 13:53:41 ----A---- C:\Windows\system32\avifil32.dll
2008-12-15 13:53:38 ----A---- C:\Windows\system32\wsecedit.dll
2008-12-15 13:53:38 ----A---- C:\Windows\system32\tracerpt.exe
2008-12-15 13:53:38 ----A---- C:\Windows\system32\SLCommDlg.dll
2008-12-15 13:53:38 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2008-12-15 13:53:38 ----A---- C:\Windows\system32\MuiUnattend.exe
2008-12-15 13:53:38 ----A---- C:\Windows\system32\dhcpcsvc.dll
2008-12-15 13:53:37 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2008-12-15 13:53:37 ----A---- C:\Windows\system32\wininit.exe
2008-12-15 13:53:37 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2008-12-15 13:53:37 ----A---- C:\Windows\system32\QSHVHOST.DLL
2008-12-15 13:53:37 ----A---- C:\Windows\system32\P2PGraph.dll
2008-12-15 13:53:37 ----A---- C:\Windows\system32\msdt.exe
2008-12-15 13:53:37 ----A---- C:\Windows\system32\mscorier.dll
2008-12-15 13:53:37 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2008-12-15 13:53:37 ----A---- C:\Windows\system32\apphelp.dll
2008-12-15 13:53:36 ----A---- C:\Windows\system32\spp.dll
2008-12-15 13:53:36 ----A---- C:\Windows\system32\rasdlg.dll
2008-12-15 13:53:36 ----A---- C:\Windows\system32\iassvcs.dll
2008-12-15 13:53:36 ----A---- C:\Windows\system32\azroleui.dll
2008-12-15 13:53:35 ----A---- C:\Windows\system32\WMPEncEn.dll
2008-12-15 13:53:35 ----A---- C:\Windows\system32\wecapi.dll
2008-12-15 13:53:35 ----A---- C:\Windows\system32\unbcl.dll
2008-12-15 13:53:35 ----A---- C:\Windows\system32\tcpmon.dll
2008-12-15 13:53:35 ----A---- C:\Windows\system32\spwizeng.dll
2008-12-15 13:53:35 ----A---- C:\Windows\system32\shrink.dll
2008-12-15 13:53:35 ----A---- C:\Windows\system32\rasmontr.dll
2008-12-15 13:53:35 ----A---- C:\Windows\system32\mcbuilder.exe
2008-12-15 13:53:35 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2008-12-15 13:53:35 ----A---- C:\Windows\system32\iashlpr.dll
2008-12-15 13:53:35 ----A---- C:\Windows\system32\gpedit.dll
2008-12-15 13:53:34 ----A---- C:\Windows\system32\raschap.dll
2008-12-15 13:53:34 ----A---- C:\Windows\system32\oleacc.dll
2008-12-15 13:53:34 ----A---- C:\Windows\system32\ipsmsnap.dll
2008-12-15 13:53:34 ----A---- C:\Windows\system32\framedynos.dll
2008-12-15 13:53:34 ----A---- C:\Windows\system32\fdWSD.dll
2008-12-15 13:53:34 ----A---- C:\Windows\system32\appmgr.dll
2008-12-15 13:53:34 ----A---- C:\Windows\system32\advpack.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\wpdshext.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\WlanMM.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\wdc.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\vsstrace.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\ntlanman.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\l2nacp.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\imm32.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\iedkcs32.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\ieapfltr.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\framedyn.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\EncDec.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\dssenh.dll
2008-12-15 13:53:33 ----A---- C:\Windows\system32\certreq.exe
2008-12-15 13:53:33 ----A---- C:\Windows\system32\adsnt.dll
2008-12-15 13:53:32 ----A---- C:\Windows\system32\wusa.exe
2008-12-15 13:53:32 ----A---- C:\Windows\system32\WsmProv.dll
2008-12-15 13:53:32 ----A---- C:\Windows\system32\wlanhlp.dll
2008-12-15 13:53:32 ----A---- C:\Windows\system32\WLanConn.dll
2008-12-15 13:53:32 ----A---- C:\Windows\system32\userenv.dll
2008-12-15 13:53:32 ----A---- C:\Windows\system32\sxs.dll
2008-12-15 13:53:32 ----A---- C:\Windows\system32\ncsi.dll
2008-12-15 13:53:31 ----A---- C:\Windows\system32\WerFault.exe
2008-12-15 13:53:31 ----A---- C:\Windows\system32\VAN.dll
2008-12-15 13:53:31 ----A---- C:\Windows\system32\scrptadm.dll
2008-12-15 13:53:31 ----A---- C:\Windows\system32\puiobj.dll
2008-12-15 13:53:31 ----A---- C:\Windows\system32\photowiz.dll
2008-12-15 13:53:31 ----A---- C:\Windows\system32\netid.dll
2008-12-15 13:53:31 ----A---- C:\Windows\system32\netcenter.dll
2008-12-15 13:53:31 ----A---- C:\Windows\system32\InkEd.dll
2008-12-15 13:53:31 ----A---- C:\Windows\system32\ie4uinit.exe
2008-12-15 13:53:31 ----A---- C:\Windows\system32\fundisc.dll
2008-12-15 13:53:31 ----A---- C:\Windows\system32\cryptui.dll
2008-12-15 13:53:31 ----A---- C:\Windows\system32\catsrvut.dll
2008-12-15 13:53:30 ----A---- C:\Windows\system32\ws2_32.dll
2008-12-15 13:53:30 ----A---- C:\Windows\system32\WinSCard.dll
2008-12-15 13:53:30 ----A---- C:\Windows\system32\winrs.exe
2008-12-15 13:53:30 ----A---- C:\Windows\system32\spbcd.dll
2008-12-15 13:53:30 ----A---- C:\Windows\system32\odbcjt32.dll
2008-12-15 13:53:30 ----A---- C:\Windows\system32\ntdsapi.dll
2008-12-15 13:53:30 ----A---- C:\Windows\system32\NAPSTAT.EXE
2008-12-15 13:53:30 ----A---- C:\Windows\system32\msinfo32.exe
2008-12-15 13:53:30 ----A---- C:\Windows\system32\ipsecsnp.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\TSpkg.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\RelMon.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\prnntfy.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\pdh.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\netdiagfx.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\msfeeds.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\iasacct.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\FXSCOMEX.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\FirewallControlPanel.exe
2008-12-15 13:53:29 ----A---- C:\Windows\system32\dmdlgs.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\dhcpsapi.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\dfrgfat.exe
2008-12-15 13:53:29 ----A---- C:\Windows\system32\cryptsvc.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\catsrv.dll
2008-12-15 13:53:29 ----A---- C:\Windows\system32\activeds.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\wvc.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\winrm.vbs
2008-12-15 13:53:28 ----A---- C:\Windows\system32\shsetup.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\rastapi.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\qwave.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\ntshrui.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\netcorehc.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\NAPHLPR.DLL
2008-12-15 13:53:28 ----A---- C:\Windows\system32\msacm32.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\ifmon.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\fdWCN.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\els.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\dot3msm.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\dot3cfg.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\cscobj.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\AudioSes.dll
2008-12-15 13:53:28 ----A---- C:\Windows\system32\adsldp.dll
2008-12-15 13:53:27 ----A---- C:\Windows\system32\wscntfy.dll
2008-12-15 13:53:27 ----A---- C:\Windows\system32\stobject.dll
2008-12-15 13:53:27 ----A---- C:\Windows\system32\QUTIL.DLL
2008-12-15 13:53:27 ----A---- C:\Windows\system32\psisdecd.dll
2008-12-15 13:53:27 ----A---- C:\Windows\system32\net1.exe
2008-12-15 13:53:27 ----A---- C:\Windows\system32\iasrecst.dll
2008-12-15 13:53:27 ----A---- C:\Windows\system32\iasdatastore.dll
2008-12-15 13:53:27 ----A---- C:\Windows\system32\fdSSDP.dll
2008-12-15 13:53:27 ----A---- C:\Windows\system32\clbcatq.dll
2008-12-15 13:53:26 ----A---- C:\Windows\system32\wlgpclnt.dll
2008-12-15 13:53:26 ----A---- C:\Windows\system32\wlanui.dll
2008-12-15 13:53:26 ----A---- C:\Windows\system32\upnphost.dll
2008-12-15 13:53:26 ----A---- C:\Windows\system32\TsWpfWrp.exe
2008-12-15 13:53:26 ----A---- C:\Windows\system32\systemcpl.dll
2008-12-15 13:53:26 ----A---- C:\Windows\system32\rasman.dll
2008-12-15 13:53:26 ----A---- C:\Windows\system32\nci.dll
2008-12-15 13:53:26 ----A---- C:\Windows\system32\mprmsg.dll
2008-12-15 13:53:26 ----A---- C:\Windows\system32\dsprop.dll
2008-12-15 13:53:26 ----A---- C:\Windows\system32\adsldpc.dll
2008-12-15 13:53:26 ----A---- C:\Windows\system32\ActiveContentWizard.dll
2008-12-15 13:53:23 ----A---- C:\Windows\system32\t2embed.dll
2008-12-15 13:53:23 ----A---- C:\Windows\system32\rascfg.dll
2008-12-15 13:53:23 ----A---- C:\Windows\system32\P2P.dll
2008-12-15 13:53:23 ----A---- C:\Windows\system32\oleprn.dll
2008-12-15 13:53:23 ----A---- C:\Windows\system32\msftedit.dll
2008-12-15 13:53:23 ----A---- C:\Windows\system32\loghours.dll
2008-12-15 13:53:23 ----A---- C:\Windows\system32\L2SecHC.dll
2008-12-15 13:53:23 ----A---- C:\Windows\system32\FXSAPI.dll
2008-12-15 13:53:23 ----A---- C:\Windows\system32\fde.dll
2008-12-15 13:53:23 ----A---- C:\Windows\system32\dxdiag.exe
2008-12-15 13:53:23 ----A---- C:\Windows\system32\CompatUI.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\wscapi.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\WinFXDocObj.exe
2008-12-15 13:53:22 ----A---- C:\Windows\system32\wdigest.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\wdi.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\scansetting.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\rtm.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\NAPCRYPT.DLL
2008-12-15 13:53:22 ----A---- C:\Windows\system32\mswmdm.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\msutb.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\msihnd.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\mprdim.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\MigAutoPlay.exe
2008-12-15 13:53:22 ----A---- C:\Windows\system32\ifsutil.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\gpapi.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\dimsroam.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\devmgr.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\CertEnrollUI.dll
2008-12-15 13:53:22 ----A---- C:\Windows\system32\actxprxy.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\wlandlg.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\vssadmin.exe
2008-12-15 13:53:21 ----A---- C:\Windows\system32\uudf.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\usbmon.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\SyncCenter.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\sud.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\scecli.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\SCardSvr.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\regapi.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\newdev.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\mycomput.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\mstask.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\mspaint.exe
2008-12-15 13:53:21 ----A---- C:\Windows\system32\msls31.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\lpk.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\imagehlp.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\FXSXP32.dll
2008-12-15 13:53:21 ----A---- C:\Windows\system32\audiodg.exe
2008-12-15 13:53:20 ----A---- C:\Windows\system32\termmgr.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\tapisrv.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\samlib.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\Robocopy.exe
2008-12-15 13:53:20 ----A---- C:\Windows\system32\puiapi.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\mtxoci.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\input.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\iasads.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\duser.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\cscapi.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\cic.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\AzSqlExt.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\authz.dll
2008-12-15 13:53:20 ----A---- C:\Windows\system32\adtschema.dll
2008-12-15 13:53:20 ----A---- C:\Windows\splwow64.exe
2008-12-15 13:53:20 ----A---- C:\Windows\regedit.exe
2008-12-15 13:53:19 ----A---- C:\Windows\system32\wintrust.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\webcheck.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\verifier.exe
2008-12-15 13:53:19 ----A---- C:\Windows\system32\vdsldr.exe
2008-12-15 13:53:19 ----A---- C:\Windows\system32\twext.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\themeui.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\slcinst.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\rasgcw.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\oledlg.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\ntmarta.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\netiohlp.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\mmcbase.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\icardres.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\dxtmsft.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\d3d8.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\cmdial32.dll
2008-12-15 13:53:19 ----A---- C:\Windows\system32\clfsw32.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\wtsapi32.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\WMPhoto.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\unlodctr.exe
2008-12-15 13:53:18 ----A---- C:\Windows\system32\ulib.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\syssetup.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\SndVol.exe
2008-12-15 13:53:18 ----A---- C:\Windows\system32\slmgr.vbs
2008-12-15 13:53:18 ----A---- C:\Windows\system32\sethc.exe
2008-12-15 13:53:18 ----A---- C:\Windows\system32\rasqec.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\pnpsetup.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\nslookup.exe
2008-12-15 13:53:18 ----A---- C:\Windows\system32\ncobjapi.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\msrd3x40.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\mscms.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\msaatext.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\mpr.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\mlang.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\lodctr.exe
2008-12-15 13:53:18 ----A---- C:\Windows\system32\icardie.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\iaspolcy.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\extmgr.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\dxdiagn.dll
2008-12-15 13:53:18 ----A---- C:\Windows\system32\diskraid.exe
2008-12-15 13:53:18 ----A---- C:\Windows\system32\accessibilitycpl.dll
2008-12-15 13:53:17 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2008-12-15 13:53:17 ----A---- C:\Windows\system32\Utilman.exe
2008-12-15 13:53:17 ----A---- C:\Windows\system32\unattend.dll
2008-12-15 13:53:17 ----A---- C:\Windows\system32\scesrv.dll
2008-12-15 13:53:17 ----A---- C:\Windows\system32\oobefldr.dll
2008-12-15 13:53:17 ----A---- C:\Windows\system32\ogldrv.dll
2008-12-15 13:53:17 ----A---- C:\Windows\system32\occache.dll
2008-12-15 13:53:17 ----A---- C:\Windows\system32\lnkstub.exe
2008-12-15 13:53:17 ----A---- C:\Windows\system32\fontsub.dll
2008-12-15 13:53:17 ----A---- C:\Windows\system32\cabinet.dll
2008-12-15 13:53:16 ----A---- C:\Windows\system32\wermgr.exe
2008-12-15 13:53:16 ----A---- C:\Windows\system32\p2pcollab.dll
2008-12-15 13:53:16 ----A---- C:\Windows\system32\msnetobj.dll
2008-12-15 13:53:16 ----A---- C:\Windows\system32\iepeers.dll
2008-12-15 13:53:16 ----A---- C:\Windows\system32\ieaksie.dll
2008-12-15 13:53:16 ----A---- C:\Windows\system32\eappgnui.dll
2008-12-15 13:53:16 ----A---- C:\Windows\system32\cabview.dll
2008-12-15 13:53:15 ----A---- C:\Windows\system32\dsquery.dll
2008-12-15 13:53:15 ----A---- C:\Windows\system32\drvinst.exe
2008-12-15 13:53:15 ----A---- C:\Windows\system32\DHCPQEC.DLL
2008-12-15 13:53:14 ----A---- C:\Windows\system32\verifier.dll
2008-12-15 13:53:14 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2008-12-15 13:53:14 ----A---- C:\Windows\system32\secproc_ssp.dll
2008-12-15 13:53:14 ----A---- C:\Windows\system32\RstrtMgr.dll
2008-12-15 13:53:14 ----A---- C:\Windows\system32\mprapi.dll
2008-12-15 13:53:14 ----A---- C:\Windows\system32\efsadu.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\WPDSp.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\WMVENCOD.DLL
2008-12-15 13:53:13 ----A---- C:\Windows\system32\wiascanprofiles.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\wiaaut.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\usercpl.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\setupugc.exe
2008-12-15 13:53:13 ----A---- C:\Windows\system32\QSVRMGMT.DLL
2008-12-15 13:53:13 ----A---- C:\Windows\system32\qedit.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\pnrpnsp.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\pngfilt.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\p2pnetsh.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\networkmap.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\msoeacct.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\msdmo.dll
2008-12-15 13:53:13 ----A---- C:\Windows\system32\icacls.exe
2008-12-15 13:53:13 ----A---- C:\Windows\system32\d3d10core.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\xwizards.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\xactsrv.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\resutils.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\pcadm.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\netprof.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\msrdc.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\msrating.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\msdtcVSp1res.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2008-12-15 13:53:12 ----A---- C:\Windows\system32\mfplat.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\FXSRESM.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\findstr.exe
2008-12-15 13:53:12 ----A---- C:\Windows\system32\eappprxy.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\DWWIN.EXE
2008-12-15 13:53:12 ----A---- C:\Windows\system32\dssec.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\drmmgrtn.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\dpapimig.exe
2008-12-15 13:53:12 ----A---- C:\Windows\system32\dot3ui.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\dfrgifc.exe
2008-12-15 13:53:12 ----A---- C:\Windows\system32\dbnetlib.dll
2008-12-15 13:53:12 ----A---- C:\Windows\system32\conime.exe
2008-12-15 13:53:12 ----A---- C:\Windows\system32\cmdl32.exe
2008-12-15 13:53:12 ----A---- C:\Windows\system32\autoplay.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\txflog.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\taskkill.exe
2008-12-15 13:53:11 ----A---- C:\Windows\system32\regedit.exe
2008-12-15 13:53:11 ----A---- C:\Windows\system32\RASMM.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\powercpl.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\odbc32.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\nshhttp.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\msieftp.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\iexpress.exe
2008-12-15 13:53:11 ----A---- C:\Windows\system32\feclient.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\dxva2.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\dwmapi.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\d3d10.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\btpanui.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\apircl.dll
2008-12-15 13:53:11 ----A---- C:\Windows\system32\ActionQueue.dll
2008-12-15 13:53:11 ----A---- C:\Windows\notepad.exe
2008-12-15 13:53:10 ----A---- C:\Windows\system32\WMASF.DLL
2008-12-15 13:53:10 ----A---- C:\Windows\system32\syncui.dll
2008-12-15 13:53:10 ----A---- C:\Windows\system32\svchost.exe
2008-12-15 13:53:10 ----A---- C:\Windows\system32\slwmi.dll
2008-12-15 13:53:10 ----A---- C:\Windows\system32\SLCExt.dll
2008-12-15 13:53:10 ----A---- C:\Windows\system32\slcc.dll
2008-12-15 13:53:10 ----A---- C:\Windows\system32\shwebsvc.dll
2008-12-15 13:53:10 ----A---- C:\Windows\system32\raserver.exe
2008-12-15 13:53:10 ----A---- C:\Windows\system32\provthrd.dll
2008-12-15 13:53:10 ----A---- C:\Windows\system32\olepro32.dll
2008-12-15 13:53:10 ----A---- C:\Windows\system32\networkexplorer.dll
2008-12-15 13:53:10 ----A---- C:\Windows\system32\EAPQEC.DLL
2008-12-15 13:53:10 ----A---- C:\Windows\system32\dmocx.dll
2008-12-15 13:53:10 ----A---- C:\Windows\system32\appmgmts.dll
2008-12-15 13:53:10 ----A---- C:\Windows\system32\aclui.dll
2008-12-15 13:53:08 ----A---- C:\Windows\system32\xcopy.exe
2008-12-15 13:53:08 ----A---- C:\Windows\system32\upnp.dll
2008-12-15 13:53:08 ----A---- C:\Windows\system32\taskmgr.exe
2008-12-15 13:53:08 ----A---- C:\Windows\system32\reg.exe
2008-12-15 13:53:08 ----A---- C:\Windows\system32\QCLIPROV.DLL
2008-12-15 13:53:08 ----A---- C:\Windows\system32\ias.dll
2008-12-15 13:53:08 ----A---- C:\Windows\system32\dnscacheugc.exe
2008-12-15 13:53:08 ----A---- C:\Windows\system32\audiodev.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\xwtpw32.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\wzcdlg.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\WMVXENCD.DLL
2008-12-15 13:53:07 ----A---- C:\Windows\system32\WMVSENCD.DLL
2008-12-15 13:53:07 ----A---- C:\Windows\system32\wmpsrcwp.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\wmpdxm.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\wlanext.exe
2008-12-15 13:53:07 ----A---- C:\Windows\system32\shimgvw.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\Sens.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\SecEdit.exe
2008-12-15 13:53:07 ----A---- C:\Windows\system32\sbeio.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\rekeywiz.exe
2008-12-15 13:53:07 ----A---- C:\Windows\system32\qcap.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\qasf.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\PING.EXE
2008-12-15 13:53:07 ----A---- C:\Windows\system32\perfts.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\netplwiz.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\ndfapi.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\NapiNSP.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\mtstocom.exe
2008-12-15 13:53:07 ----A---- C:\Windows\system32\msoert2.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\msjetoledb40.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\msdadiag.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\mscandui.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\mountvol.exe
2008-12-15 13:53:07 ----A---- C:\Windows\system32\mmcshext.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\makecab.exe
2008-12-15 13:53:07 ----A---- C:\Windows\system32\lsmproxy.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\inetmib1.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\ieakeng.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\icsfiltr.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\httpapi.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\FXSEXT32.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\dsuiext.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\dskquoui.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\dot3gpclnt.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\dmusic.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\cmstp.exe
2008-12-15 13:53:07 ----A---- C:\Windows\system32\cewmdm.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\bitsadmin.exe
2008-12-15 13:53:07 ----A---- C:\Windows\system32\AuxiliaryDisplayApi.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\auditpol.exe
2008-12-15 13:53:07 ----A---- C:\Windows\system32\atl.dll
2008-12-15 13:53:07 ----A---- C:\Windows\system32\adsmsext.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\wscproxystub.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\wscmisetup.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\wpdwcn.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2008-12-15 13:53:06 ----A---- C:\Windows\system32\wmiprop.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\winrshost.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\winethc.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\wiashext.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\wiadefui.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\userinit.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\UIAutomationCore.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\txfw32.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\tasklist.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\TapiMigPlugin.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\takeown.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\sxstrace.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\shrpubw.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\shacct.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2008-12-15 13:53:06 ----A---- C:\Windows\system32\rasplap.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\prntvpt.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\powrprof.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\pots.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\perfmon.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\nshipsec.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\notepad.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\netiougc.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\napipsec.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\msorcl32.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\msimtf.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\msiexec.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\MP4SDECD.DLL
2008-12-15 13:53:06 ----A---- C:\Windows\system32\ktmutil.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\keymgr.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\inseng.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\HelpPaneProxy.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\ftp.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\fsutil.exe
2008-12-15 13:53:06 ----A---- C:\Windows\system32\fmifs.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\findnetprinters.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\dxtrans.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\dnshc.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\d3dim700.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\cryptdll.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\colorui.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\capisp.dll
2008-12-15 13:53:06 ----A---- C:\Windows\system32\apss.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\WMADMOE.DLL
2008-12-15 13:53:05 ----A---- C:\Windows\system32\WLanHC.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\wiaacmgr.exe
2008-12-15 13:53:05 ----A---- C:\Windows\system32\wextract.exe
2008-12-15 13:53:05 ----A---- C:\Windows\system32\w32tm.exe
2008-12-15 13:53:05 ----A---- C:\Windows\system32\version.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\unregmp2.exe
2008-12-15 13:53:05 ----A---- C:\Windows\system32\TMM.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\shgina.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\sfc_os.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\sendmail.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\runonce.exe
2008-12-15 13:53:05 ----A---- C:\Windows\system32\rshx32.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\RpcPing.exe
2008-12-15 13:53:05 ----A---- C:\Windows\system32\perfnet.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\olecli32.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\net.exe
2008-12-15 13:53:05 ----A---- C:\Windows\system32\msvfw32.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\mdminst.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\luainstall.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\ktmw32.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\imapi.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\gpscript.exe
2008-12-15 13:53:05 ----A---- C:\Windows\system32\gpscript.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\getmac.exe
2008-12-15 13:53:05 ----A---- C:\Windows\system32\dsauth.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\dimsjob.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\d3dim.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\compstui.dll
2008-12-15 13:53:05 ----A---- C:\Windows\system32\cmmon32.exe
2008-12-15 13:53:05 ----A---- C:\Windows\system32\cmlua.dll
2008-12-15 13:53:04 ----A---- C:\Windows\system32\wmpshell.dll
2008-12-15 13:53:04 ----A---- C:\Windows\system32\tscupgrd.exe
2008-12-15 13:53:04 ----A---- C:\Windows\system32\sdchange.exe
2008-12-15 13:53:04 ----A---- C:\Windows\system32\MPG4DECD.DLL
2008-12-15 13:53:04 ----A---- C:\Windows\system32\MP43DECD.DLL
2008-12-15 13:53:04 ----A---- C:\Windows\system32\ipconfig.exe
2008-12-15 13:53:04 ----A---- C:\Windows\system32\imgutil.dll
2008-12-15 13:53:04 ----A---- C:\Windows\system32\credui.dll
2008-12-15 13:53:04 ----A---- C:\Windows\system32\ACW.exe
2008-12-15 13:53:03 ----A---- C:\Windows\system32\wsnmp32.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2008-12-15 13:53:03 ----A---- C:\Windows\system32\wmvdspa.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\wmidx.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\vds_ps.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\utildll.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\TSTheme.exe
2008-12-15 13:53:03 ----A---- C:\Windows\system32\TpmInit.exe
2008-12-15 13:53:03 ----A---- C:\Windows\system32\sti_ci.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\softkbd.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\sfc.exe
2008-12-15 13:53:03 ----A---- C:\Windows\system32\remotepg.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\rdrleakdiag.exe
2008-12-15 13:53:03 ----A---- C:\Windows\system32\PortableDeviceWiaCompat.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\pdhui.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\nlaapi.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\msfeedsbs.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\modemui.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\migisol.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\iernonce.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\hlink.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\FXSCOM.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\fwcfg.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\fdeploy.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\ExplorerFrame.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\expand.exe
2008-12-15 13:53:03 ----A---- C:\Windows\system32\esentutl.exe
2008-12-15 13:53:03 ----A---- C:\Windows\system32\dxmasf.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\dinput8.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\diantz.exe
2008-12-15 13:53:03 ----A---- C:\Windows\system32\comrepl.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\colbact.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\cmutil.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\cfgbkend.dll
2008-12-15 13:53:03 ----A---- C:\Windows\system32\bootcfg.exe
2008-12-15 13:53:03 ----A---- C:\Windows\system32\amstream.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\xmlprovi.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\wmpcm.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\WINSRPC.DLL
2008-12-15 13:53:02 ----A---- C:\Windows\system32\winnsi.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\wfapigp.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\werdiagcontroller.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\wavemsp.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\waitfor.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\vss_ps.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\VIDRESZR.DLL
2008-12-15 13:53:02 ----A---- C:\Windows\system32\usbui.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\upnpcont.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\unattendedjoin.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\ufat.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\TimeDateMUICallback.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\tbs.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\sxproxy.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\shutdown.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\setupcln.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\rgb9rast.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\regini.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\RegCtrl.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\rasdiag.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\RacAgent.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\qdv.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\prevhost.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\osblprov.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\olethk32.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\olesvr32.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\odbctrac.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\odbccu32.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\odbccr32.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\odbccp32.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\ocsetup.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\nsi.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\networkitemfactory.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\netbtugc.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\nbtstat.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\napdsnap.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\mydocs.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\mtxlegih.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\mtxdm.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\mstext40.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\msident.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\mshta.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\msdart.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\msctfui.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\mobsync.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\mfvdsp.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\mfcsubs.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\logman.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\licmgr10.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\l2gpstore.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\itss.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\iscsiwmi.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\iscsium.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\iscsied.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\GuidedHelp.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\gpupdate.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\fphc.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\dskquota.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\dsdmo.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\dpnet.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\DpiScaling.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\dot3dlg.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\dmsynth.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\dmime.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\devenum.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\cscdll.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\convert.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\COLORCNV.DLL
2008-12-15 13:53:02 ----A---- C:\Windows\system32\cmstplua.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\cmpbk32.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\cmcfg32.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\cacls.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\avrt.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\AuthFWGP.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\AtBroker.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\at.exe
2008-12-15 13:53:02 ----A---- C:\Windows\system32\apilogen.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\amxread.dll
2008-12-15 13:53:02 ----A---- C:\Windows\system32\admparse.dll
2008-12-15 13:53:01 ----A---- C:\Windows\system32\wsock32.dll
2008-12-15 13:53:01 ----A---- C:\Windows\system32\vfwwdm32.dll
2008-12-15 13:53:01 ----A---- C:\Windows\system32\syskey.exe
2008-12-15 13:53:01 ----A---- C:\Windows\system32\ROUTE.EXE
2008-12-15 13:53:01 ----A---- C:\Windows\system32\rasphone.exe
2008-12-15 13:53:01 ----A---- C:\Windows\system32\odbcbcp.dll
2008-12-15 13:53:01 ----A---- C:\Windows\system32\netevent.dll
2008-12-15 13:53:01 ----A---- C:\Windows\system32\ndfetw.dll
2008-12-15 13:53:01 ----A---- C:\Windows\system32\msexcl40.dll
2008-12-15 13:53:01 ----A---- C:\Windows\system32\MP3DMOD.DLL
2008-12-15 13:53:01 ----A---- C:\Windows\system32\extrac32.exe
2008-12-15 13:53:01 ----A---- C:\Windows\system32\eventcls.dll
2008-12-15 13:53:01 ----A---- C:\Windows\system32\d3dxof.dll
2008-12-15 13:53:00 ----A---- C:\Windows\system32\WlanMmHC.dll
2008-12-15 13:53:00 ----A---- C:\Windows\system32\wiadss.dll
2008-12-15 13:53:00 ----A---- C:\Windows\system32\psbase.dll
2008-12-15 13:53:00 ----A---- C:\Windows\system32\dmscript.dll
2008-12-15 13:53:00 ----A---- C:\Windows\system32\atmfd.dll
2008-12-15 13:52:58 ----A---- C:\Windows\system32\wshcon.dll
2008-12-15 13:52:58 ----A---- C:\Windows\system32\Netplwiz.exe
2008-12-15 13:52:58 ----A---- C:\Windows\system32\msxbde40.dll
2008-12-15 13:52:58 ----A---- C:\Windows\system32\mspbde40.dll
2008-12-15 13:52:58 ----A---- C:\Windows\system32\msltus40.dll
2008-12-15 13:52:58 ----A---- C:\Windows\system32\icsunattend.exe
2008-12-15 13:52:58 ----A---- C:\Windows\system32\dmloader.dll
2008-12-15 13:52:58 ----A---- C:\Windows\system32\dmdskres2.dll
2008-12-15 13:52:58 ----A---- C:\Windows\system32\credssp.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\WsmRes.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\WSHTCPIP.DLL
2008-12-15 13:52:57 ----A---- C:\Windows\system32\wship6.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\usbperf.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\tcpmon.ini
2008-12-15 13:52:57 ----A---- C:\Windows\system32\sxsstore.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\spopk.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\slwga.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\setupSNK.exe
2008-12-15 13:52:57 ----A---- C:\Windows\system32\serialui.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\sbunattend.exe
2008-12-15 13:52:57 ----A---- C:\Windows\system32\PlaySndSrv.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\OptionalFeatures.exe
2008-12-15 13:52:57 ----A---- C:\Windows\system32\NcdProp.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\msvidc32.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\localui.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\dmutil.dll
2008-12-15 13:52:57 ----A---- C:\Windows\system32\ComputerDefaults.exe
2008-12-15 13:52:57 ----A---- C:\Windows\fveupdate.exe
2008-12-15 13:52:56 ----A---- C:\Windows\system32\wsepno.dll
2008-12-15 13:52:56 ----A---- C:\Windows\system32\WinFax.dll
2008-12-15 13:52:56 ----A---- C:\Windows\system32\rasctrs.dll
2008-12-15 13:52:56 ----A---- C:\Windows\system32\odbcconf.dll
2008-12-15 13:52:56 ----A---- C:\Windows\system32\msobjs.dll
2008-12-15 13:52:56 ----A---- C:\Windows\system32\msfeedssync.exe
2008-12-15 13:52:56 ----A---- C:\Windows\system32\ieencode.dll
2008-12-15 13:52:56 ----A---- C:\Windows\system32\hnetmon.dll
2008-12-15 13:52:56 ----A---- C:\Windows\system32\hbaapi.dll
2008-12-15 13:52:56 ----A---- C:\Windows\system32\corpol.dll
2008-12-15 13:52:55 ----A---- C:\Windows\system32\vdmdbg.dll
2008-12-15 13:52:55 ----A---- C:\Windows\system32\url.dll
2008-12-15 13:52:55 ----A---- C:\Windows\system32\midimap.dll
2008-12-15 13:52:55 ----A---- C:\Windows\system32\LogonUI.exe
2008-12-15 13:52:55 ----A---- C:\Windows\system32\iprtprio.dll
2008-12-15 13:52:55 ----A---- C:\Windows\system32\InfDefaultInstall.exe
2008-12-15 13:52:55 ----A---- C:\Windows\system32\esentprf.dll
2008-12-15 13:52:54 ----A---- C:\Windows\system32\winusb.dll
2008-12-15 13:52:54 ----A---- C:\Windows\system32\riched32.dll
2008-12-15 13:52:54 ----A---- C:\Windows\system32\osbaseln.dll
2008-12-15 13:52:54 ----A---- C:\Windows\system32\Nlsdl.dll
2008-12-15 13:52:54 ----A---- C:\Windows\system32\nlsbres.dll
2008-12-15 13:52:54 ----A---- C:\Windows\system32\msisip.dll
2008-12-15 13:52:54 ----A---- C:\Windows\system32\dispex.dll
2008-12-15 13:52:54 ----A---- C:\Windows\system32\cfgmgr32.dll
2008-12-15 13:52:53 ----A---- C:\Windows\system32\WsmCl.dll
2008-12-15 13:52:53 ----A---- C:\Windows\system32\spwmp.dll
2008-12-15 13:52:53 ----A---- C:\Windows\system32\msidle.dll
2008-12-15 13:52:53 ----A---- C:\Windows\system32\KBDKOR.DLL
2008-12-15 13:52:53 ----A---- C:\Windows\system32\KBDJPN.DLL
2008-12-15 13:52:53 ----A---- C:\Windows\system32\idndl.dll
2008-12-15 13:52:52 ----A---- C:\Windows\system32\wmploc.DLL
2008-12-15 13:52:52 ----A---- C:\Windows\system32\tsddd.dll
2008-12-15 13:52:52 ----A---- C:\Windows\system32\spwizres.dll
2008-12-15 13:52:52 ----A---- C:\Windows\system32\f3ahvoas.dll
2008-12-15 13:52:49 ----A---- C:\Windows\system32\fsmgmt.msc
2008-12-15 13:52:48 ----A---- C:\Windows\system32\perfmon.msc
2008-12-15 13:52:37 ----A---- C:\Windows\system32\xmllite.dll
2008-12-15 13:52:32 ----A---- C:\Windows\system32\sqmapi.dll
2008-12-15 13:52:27 ----A---- C:\Windows\system32\wdscore.dll
2008-12-15 13:52:09 ----A---- C:\Windows\system32\mspatcha.dll
2008-12-15 13:52:09 ----A---- C:\Windows\system32\msdelta.dll
2008-12-15 13:52:09 ----A---- C:\Windows\system32\drvstore.dll
2008-12-15 13:52:09 ----A---- C:\Windows\system32\dpx.dll
2008-12-15 13:52:05 ----A---- C:\Windows\system32\wbemcomn.dll
2008-12-15 01:27:09 ----D---- C:\Program Files (x86)\RivaTuner v2.21
2008-12-14 20:47:46 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-12-14 20:47:36 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-12-14 19:36:19 ----D---- C:\Program Files (x86)\MagicTune Premium
2008-12-14 19:36:06 ----D---- C:\Users\Trond\AppData\Roaming\InstallShield
2008-12-14 17:21:52 ----A---- C:\Windows\system32\es.dll
2008-12-14 17:20:57 ----A---- C:\Windows\system32\gpprefcl.dll
2008-12-14 17:19:08 ----D---- C:\Windows\PCHEALTH
2008-12-14 17:16:17 ----SHDC---- C:\Program Files (x86)\Common Files\WindowsLiveInstaller
2008-12-14 17:16:15 ----D---- C:\Program Files (x86)\Windows Live
2008-12-14 17:16:03 ----D---- C:\ProgramData\WLInstaller
2008-12-14 17:09:34 ----D---- C:\Users\Trond\AppData\Roaming\Ventrilo
2008-12-14 16:57:24 ----D---- C:\Program Files (x86)\America's Army Server Manager
2008-12-14 16:56:23 ----D---- C:\Program Files (x86)\America's Army
2008-12-14 16:39:31 ----D---- C:\Program Files (x86)\Logitech
2008-12-14 16:38:50 ----D---- C:\Users\Trond\AppData\Roaming\Logitech
2008-12-14 16:38:44 ----D---- C:\ProgramData\LogiShrd
2008-12-14 16:38:00 ----D---- C:\ProgramData\Logitech
2008-12-14 16:27:13 ----D---- C:\Program Files (x86)\Intel
2008-12-14 16:27:13 ----A---- C:\Windows\system32\CSVer.dll
2008-12-14 16:26:44 ----D---- C:\Intel
2008-12-14 16:25:37 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-12-14 16:18:33 ----HD---- C:\Program Files (x86)\Creative Installation Information
2008-12-14 16:18:29 ----D---- C:\Program Files (x86)\Common Files\Creative Labs Shared
2008-12-14 16:18:15 ----D---- C:\Program Files (x86)\OpenAL
2008-12-14 16:18:15 ----A---- C:\Windows\system32\wrap_oal.dll
2008-12-14 16:18:12 ----D---- C:\ProgramData\Creative
2008-12-14 16:18:11 ----A---- C:\Windows\system32\cttele32.dll
2008-12-14 16:17:54 ----A---- C:\Windows\system32\CmdRtr.DLL
2008-12-14 16:17:54 ----A---- C:\Windows\system32\APOMngr.DLL
2008-12-14 16:17:14 ----A---- C:\Windows\system32\INRES.DLL
2008-12-14 16:17:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-12-14 16:17:02 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2008-12-14 15:56:55 ----A---- C:\Windows\system32\connect.dll
2008-12-14 15:54:24 ----A---- C:\Windows\system32\msxml3r.dll
2008-12-14 15:54:24 ----A---- C:\Windows\system32\msxml3.dll
2008-12-14 15:48:47 ----A---- C:\Windows\system32\kbd106n.dll
2008-12-14 15:48:44 ----A---- C:\Windows\system32\srclient.dll
2008-12-14 15:47:44 ----A---- C:\Windows\system32\win32spl.dll
2008-12-14 15:47:44 ----A---- C:\Windows\system32\printcom.dll
2008-12-14 15:46:16 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-14 15:46:15 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-14 15:46:15 ----A---- C:\Windows\system32\gameux.dll
2008-12-14 15:43:39 ----A---- C:\Windows\system32\gdi32.dll
2008-12-14 15:41:39 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-12-14 15:41:39 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-12-14 15:41:39 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-12-14 15:41:39 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-12-14 15:41:39 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-12-14 15:41:39 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-12-14 15:41:38 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-12-14 15:41:38 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-12-14 15:41:38 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-12-14 15:41:38 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-12-14 15:41:37 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-12-14 15:41:37 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-12-14 15:41:37 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-12-14 15:41:37 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-12-14 15:41:37 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-12-14 15:41:36 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-12-14 15:41:36 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-12-14 15:41:36 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-12-14 15:41:35 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-12-14 15:41:35 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-12-14 15:41:35 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-12-14 15:41:35 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-12-14 15:41:34 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-12-14 15:41:34 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-12-14 15:41:34 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-12-14 15:41:34 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-12-14 15:41:34 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-12-14 15:41:34 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-12-14 15:41:33 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-12-14 15:41:33 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-12-14 15:41:33 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-12-14 15:41:32 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-12-14 15:41:32 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-12-14 15:41:32 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-12-14 15:41:32 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-12-14 15:41:31 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-12-14 15:41:31 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-12-14 15:41:31 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-12-14 15:41:30 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-12-14 15:41:30 ----A---- C:\Windows\system32\NlsData0049.dll
2008-12-14 15:41:30 ----A---- C:\Windows\system32\NlsData0047.dll
2008-12-14 15:41:30 ----A---- C:\Windows\system32\NlsData0046.dll
2008-12-14 15:41:30 ----A---- C:\Windows\system32\NlsData0045.dll
2008-12-14 15:41:30 ----A---- C:\Windows\system32\NlsData0039.dll
2008-12-14 15:41:29 ----A---- C:\Windows\system32\NlsData0027.dll
2008-12-14 15:41:29 ----A---- C:\Windows\system32\NlsData0026.dll
2008-12-14 15:41:29 ----A---- C:\Windows\system32\NlsData0024.dll
2008-12-14 15:41:29 ----A---- C:\Windows\system32\NlsData0022.dll
2008-12-14 15:41:29 ----A---- C:\Windows\system32\NlsData0021.dll
2008-12-14 15:41:29 ----A---- C:\Windows\system32\NlsData0020.dll
2008-12-14 15:41:28 ----A---- C:\Windows\system32\NlsData0019.dll
2008-12-14 15:41:28 ----A---- C:\Windows\system32\NlsData0018.dll
2008-12-14 15:41:28 ----A---- C:\Windows\system32\NlsData0013.dll
2008-12-14 15:41:28 ----A---- C:\Windows\system32\NlsData0011.dll
2008-12-14 15:41:28 ----A---- C:\Windows\system32\NlsData0010.dll
2008-12-14 15:41:28 ----A---- C:\Windows\system32\NlsData0000.dll
2008-12-14 15:41:27 ----A---- C:\Windows\system32\NlsData004b.dll
2008-12-14 15:41:27 ----A---- C:\Windows\system32\NlsData004a.dll
2008-12-14 15:41:27 ----A---- C:\Windows\system32\NlsData0009.dll
2008-12-14 15:41:27 ----A---- C:\Windows\system32\NlsData0007.dll
2008-12-14 15:41:27 ----A---- C:\Windows\system32\NlsData0003.dll
2008-12-14 15:41:27 ----A---- C:\Windows\system32\NlsData0002.dll
2008-12-14 15:41:27 ----A---- C:\Windows\system32\NlsData0001.dll
2008-12-14 15:41:26 ----A---- C:\Windows\system32\NlsData004e.dll
2008-12-14 15:41:26 ----A---- C:\Windows\system32\NlsData004c.dll
2008-12-14 15:41:26 ----A---- C:\Windows\system32\NlsData003e.dll
2008-12-14 15:41:26 ----A---- C:\Windows\system32\NlsData002a.dll
2008-12-14 15:41:26 ----A---- C:\Windows\system32\NlsData001b.dll
2008-12-14 15:41:26 ----A---- C:\Windows\system32\NlsData001a.dll
2008-12-14 15:41:25 ----A---- C:\Windows\system32\NlsData001d.dll
2008-12-14 15:41:25 ----A---- C:\Windows\system32\NlsData000d.dll
2008-12-14 15:41:25 ----A---- C:\Windows\system32\NlsData000c.dll
2008-12-14 15:41:25 ----A---- C:\Windows\system32\NlsData000a.dll
2008-12-14 15:41:24 ----A---- C:\Windows\system32\NlsData081a.dll
2008-12-14 15:41:24 ----A---- C:\Windows\system32\NlsData0816.dll
2008-12-14 15:41:24 ----A---- C:\Windows\system32\NlsData0416.dll
2008-12-14 15:41:24 ----A---- C:\Windows\system32\NlsData0414.dll
2008-12-14 15:41:24 ----A---- C:\Windows\system32\NlsData000f.dll
2008-12-14 15:41:24 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-12-14 15:41:23 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-12-14 15:41:23 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-12-14 15:39:38 ----A---- C:\Windows\system32\msxml6r.dll
2008-12-14 15:39:38 ----A---- C:\Windows\system32\msxml6.dll
2008-12-14 15:36:26 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-12-14 15:36:26 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-12-14 15:36:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-12-14 15:35:49 ----A---- C:\Windows\system32\INETRES.dll
2008-12-14 15:35:49 ----A---- C:\Windows\system32\inetcomm.dll
2008-12-14 15:35:11 ----A---- C:\Windows\system32\winipsec.dll
2008-12-14 15:35:11 ----A---- C:\Windows\system32\polstore.dll
2008-12-14 15:35:11 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-12-14 15:30:01 ----A---- C:\Windows\system32\explorer.exe
2008-12-14 15:30:00 ----A---- C:\Windows\explorer.exe
2008-12-14 15:28:54 ----A---- C:\Windows\system32\tzres.dll
2008-12-14 15:26:33 ----A---- C:\Windows\system32\wmpeffects.dll
2008-12-14 15:25:23 ----A---- C:\Windows\system32\rrinstaller.exe
2008-12-14 15:25:23 ----A---- C:\Windows\system32\mfps.dll
2008-12-14 15:25:23 ----A---- C:\Windows\system32\mfpmp.exe
2008-12-14 15:25:23 ----A---- C:\Windows\system32\mferror.dll
2008-12-14 15:25:23 ----A---- C:\Windows\system32\mf.dll
2008-12-14 15:25:22 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-14 15:25:22 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-14 15:25:22 ----A---- C:\Windows\system32\logagent.exe
2008-12-14 15:23:52 ----A---- C:\Windows\system32\wshrm.dll
2008-12-14 15:22:52 ----A---- C:\Windows\system32\quartz.dll
2008-12-14 15:16:47 ----A---- C:\Windows\system32\shell32.dll
2008-12-14 15:16:05 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-12-14 15:16:05 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-12-14 15:16:04 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-12-14 15:14:27 ----A---- C:\Windows\system32\wininet.dll
2008-12-14 15:14:27 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-14 15:14:27 ----A---- C:\Windows\system32\ieui.dll
2008-12-14 15:14:26 ----A---- C:\Windows\system32\ieframe.dll
2008-12-14 15:14:20 ----A---- C:\Windows\system32\mstime.dll
2008-12-14 15:14:19 ----A---- C:\Windows\system32\urlmon.dll
2008-12-14 15:14:19 ----A---- C:\Windows\system32\iertutil.dll
2008-12-14 15:13:25 ----A---- C:\Windows\system32\netapi32.dll
2008-12-14 15:09:36 ----D---- C:\Users\Trond\AppData\Roaming\Macromedia
2008-12-14 15:09:36 ----D---- C:\Users\Trond\AppData\Roaming\Adobe
2008-12-14 15:09:35 ----D---- C:\Windows\system32\Macromed
2008-12-14 15:07:21 ----SHD---- C:\Windows\Installer
2008-12-14 14:59:28 ----D---- C:\Users\Trond\AppData\Roaming\Identities
2008-12-14 14:59:16 ----SD---- C:\Users\Trond\AppData\Roaming\Microsoft
2008-12-14 14:58:53 ----A---- C:\Windows\system32\wups.dll
2008-12-14 14:58:53 ----A---- C:\Windows\system32\wudriver.dll
2008-12-14 14:58:53 ----A---- C:\Windows\system32\wuapi.dll
2008-12-14 14:58:29 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-14 14:58:29 ----A---- C:\Windows\system32\wuapp.exe
2008-12-14 14:57:40 ----SHD---- C:\Programfiler
2008-12-14 14:57:40 ----SHD---- C:\ProgramData\Start-meny
2008-12-14 14:57:40 ----SHD---- C:\ProgramData\Skrivebord
2008-12-14 14:57:40 ----SHD---- C:\ProgramData\Programdata
2008-12-14 14:57:40 ----SHD---- C:\ProgramData\Maler
2008-12-14 14:57:40 ----SHD---- C:\ProgramData\Favoritter
2008-12-14 14:57:40 ----SHD---- C:\ProgramData\Dokumenter
2008-12-14 14:54:14 ----HD---- C:\ProgramData\CanonBJ
2008-12-14 14:53:20 ----D---- C:\Windows\SoftwareDistribution
2008-12-14 14:52:16 ----D---- C:\Windows\Debug
2008-12-14 14:52:16 ----D---- C:\Windows\CSC
2008-12-14 14:51:21 ----D---- C:\Windows\Prefetch
2008-12-14 14:51:07 ----SHD---- C:\System Volume Information
2008-12-14 14:50:13 ----D---- C:\Windows\Panther
2008-12-14 14:50:01 ----RAS---- C:\BOOTSECT.BAK
2008-12-14 14:50:00 ----SHD---- C:\Boot
2008-12-11 21:38:34 ----A---- C:\Windows\system32\xfcodec.dll
2008-11-17 09:44:08 ----A---- C:\Windows\system32\PhysXLoader.dll
2008-11-17 08:45:10 ----A---- C:\Windows\system32\PhysXDevice.dll

======List of files/folders modified in the last 3 months======

2009-01-17 02:40:55 ----D---- C:\Windows\Temp
2009-01-16 23:20:52 ----D---- C:\Windows\System32
2009-01-16 23:20:52 ----D---- C:\Windows\inf
2009-01-16 23:14:27 ----D---- C:\Windows
2009-01-16 11:46:43 ----HD---- C:\ProgramData
2009-01-16 11:34:21 ----D---- C:\Windows\SysWOW64
2009-01-16 11:33:34 ----RD---- C:\Program Files (x86)
2009-01-16 11:32:53 ----RSD---- C:\Windows\Fonts
2009-01-16 11:30:09 ----D---- C:\Program Files (x86)\Common Files
2009-01-15 01:06:33 ----D---- C:\Windows\winsxs
2009-01-15 00:59:01 ----D---- C:\Program Files (x86)\Windows Mail
2009-01-13 12:18:46 ----SD---- C:\Windows\Downloaded Program Files
2009-01-06 23:50:34 ----D---- C:\Windows\system32\drivers
2009-01-05 15:04:08 ----RD---- C:\Program Files
2009-01-05 14:52:27 ----D---- C:\Windows\Help
2008-12-29 16:51:33 ----RSD---- C:\Windows\assembly
2008-12-29 16:51:30 ----D---- C:\Windows\Microsoft.NET
2008-12-20 17:20:50 ----D---- C:\Windows\LiveKernelReports
2008-12-19 22:04:41 ----D---- C:\Windows\rescache
2008-12-19 21:47:13 ----D---- C:\Windows\system32\nb-NO
2008-12-19 21:47:12 ----D---- C:\Windows\PolicyDefinitions
2008-12-19 21:35:46 ----A---- C:\Windows\win.ini
2008-12-19 21:33:56 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2008-12-18 18:39:26 ----D---- C:\Program Files (x86)\MSBuild
2008-12-18 18:39:08 ----D---- C:\Windows\ShellNew
2008-12-18 18:38:46 ----SD---- C:\ProgramData\Microsoft
2008-12-18 18:36:32 ----D---- C:\Program Files (x86)\Common Files\System
2008-12-18 17:33:49 ----D---- C:\Windows\Cursors
2008-12-15 16:20:08 ----D---- C:\Windows\Logs
2008-12-15 15:24:52 ----D---- C:\Windows\Tasks
2008-12-15 14:40:50 ----ASH---- C:\Program Files (x86)\desktop.ini
2008-12-15 14:35:22 ----D---- C:\Program Files (x86)\Windows Sidebar
2008-12-15 14:35:22 ----D---- C:\Program Files (x86)\Windows Photo Gallery
2008-12-15 14:35:22 ----D---- C:\Program Files (x86)\Windows Media Player
2008-12-15 14:35:22 ----D---- C:\Program Files (x86)\Windows Collaboration
2008-12-15 14:35:22 ----D---- C:\Program Files (x86)\Windows Calendar
2008-12-15 14:35:22 ----D---- C:\Program Files (x86)\Internet Explorer
2008-12-15 14:35:21 ----D---- C:\Windows\MSAgent64
2008-12-15 14:35:21 ----D---- C:\Program Files (x86)\Windows Defender
2008-12-15 14:35:20 ----D---- C:\Windows\servicing
2008-12-15 14:35:17 ----D---- C:\Windows\system32\zh-TW
2008-12-15 14:35:17 ----D---- C:\Windows\system32\zh-CN
2008-12-15 14:35:17 ----D---- C:\Windows\system32\XPSViewer
2008-12-15 14:35:17 ----D---- C:\Windows\system32\sysprep
2008-12-15 14:35:17 ----D---- C:\Windows\system32\sv-SE
2008-12-15 14:35:17 ----D---- C:\Windows\system32\SLUI
2008-12-15 14:35:17 ----D---- C:\Windows\system32\setup
2008-12-15 14:35:17 ----D---- C:\Windows\system32\ru-RU
2008-12-15 14:35:17 ----D---- C:\Windows\system32\ro-RO
2008-12-15 14:35:17 ----D---- C:\Windows\system32\pt-PT
2008-12-15 14:35:17 ----D---- C:\Windows\system32\pl-PL
2008-12-15 14:35:17 ----D---- C:\Windows\system32\oobe
2008-12-15 14:35:17 ----D---- C:\Windows\system32\migration
2008-12-15 14:35:17 ----D---- C:\Windows\system32\manifeststore
2008-12-15 14:35:17 ----D---- C:\Windows\system32\ko-KR
2008-12-15 14:35:17 ----D---- C:\Windows\system32\ja-JP
2008-12-15 14:35:17 ----D---- C:\Windows\system32\it-IT
2008-12-15 14:35:17 ----D---- C:\Windows\system32\ias
2008-12-15 14:35:17 ----D---- C:\Windows\system32\hu-HU
2008-12-15 14:35:17 ----D---- C:\Windows\system32\he-IL
2008-12-15 14:35:17 ----D---- C:\Windows\system32\fr-FR
2008-12-15 14:35:17 ----D---- C:\Windows\system32\fi-FI
2008-12-15 14:35:17 ----D---- C:\Windows\system32\es-ES
2008-12-15 14:35:17 ----D---- C:\Windows\system32\en-US
2008-12-15 14:35:17 ----D---- C:\Windows\system32\el-GR
2008-12-15 14:35:17 ----D---- C:\Windows\system32\de-DE
2008-12-15 14:35:17 ----D---- C:\Windows\system32\da-DK
2008-12-15 14:35:17 ----D---- C:\Windows\system32\cs-CZ
2008-12-15 14:35:17 ----D---- C:\Windows\system32\com
2008-12-15 14:35:17 ----D---- C:\Windows\system32\AdvancedInstallers
2008-12-15 14:35:17 ----D---- C:\Windows\MSAgent
2008-12-15 14:35:16 ----D---- C:\Windows\system32\wbem
2008-12-15 14:35:16 ----D---- C:\Windows\system32\tr-TR
2008-12-15 14:35:14 ----D---- C:\Windows\system32\pt-BR
2008-12-15 14:35:14 ----D---- C:\Windows\system32\nl-NL
2008-12-15 14:35:14 ----D---- C:\Windows\system32\migwiz
2008-12-15 14:35:14 ----D---- C:\Windows\system32\ar-SA
2008-12-15 14:35:06 ----D---- C:\Windows\L2Schemas
2008-12-15 14:35:06 ----D---- C:\Windows\IME
2008-12-15 14:35:06 ----D---- C:\Windows\DigitalLocker
2008-12-15 14:34:43 ----D---- C:\Windows\AppPatch
2008-12-15 14:34:38 ----D---- C:\Windows\Boot
2008-12-15 14:28:53 ----A---- C:\Windows\system32\ifxcardm.dll
2008-12-15 14:28:53 ----A---- C:\Windows\system32\axaltocm.dll
2008-12-14 16:05:48 ----D---- C:\Windows\system32\ras
2008-12-14 16:05:47 ----D---- C:\Windows\system32\icsxml
2008-12-14 14:59:52 ----SHD---- C:\$Recycle.Bin
2008-12-14 14:59:06 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2008-11-20 475696]
R1 IDSvia64;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20090113.002\IDSvia64.sys [2008-12-04 368688]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS []
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS []
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS []
R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS []
R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys []
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys []
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS []
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS []
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys []
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-20 128048]
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20090116.004\ENG64.SYS [2008-11-20 136752]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20090116.004\EX64.SYS [2008-11-20 1461808]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS []
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS []
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys []
S3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL []
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS []
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL []
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS []
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL []
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Tjenesteproxy for Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Klokkeproxy for Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Kvalitetsbehandlingsproxy for Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Tee/Sink-to-Sink-konverterer for Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys []
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatisk LiveUpdate-planlegging; C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-10-31 307200]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 MagicTuneEngine;MagicTuneEngine; C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 4297728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-12-14 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-01-17 202352]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-12-15 1251720]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-05 93696]
S3 comHost;COM Host; C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 267096]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-14 79360]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-16 654848]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-11-07 160784]
S3 LiveUpdate;LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

#9 Elfiero

Elfiero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Lierne, Norway
  • Local time:12:49 AM

Posted 16 January 2009 - 08:58 PM

INFO


info.txt logfile of random's system information tool 1.05 2009-01-17 02:41:01

======Uninstall list======

-->"C:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files (x86)\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{A3194B3E-EEC4-44EE-8519-9DEB0AAC904B}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0414-0000-0000000FF1CE} /uninstall {3FE135E8-2B21-44ED-99CA-87C782C4F5F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0814-0000-0000000FF1CE} /uninstall {63BBC1EA-E390-403D-BFDE-B53E1D23FF46}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0414-1000-0000000FF1CE} /uninstall {3CC75FEB-8AA6-43F5-958E-0D074633CB2E}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0414-0000-0000000FF1CE} /uninstall {3CC75FEB-8AA6-43F5-958E-0D074633CB2E}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
America's Army-->MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Creative Audio Control Panel-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative Sound Blaster Properties x64 Edition-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0009
Driver Sweeper 1.5.5-->"C:\Program Files (x86)\Driver Sweeper\unins000.exe"
HijackThis 2.0.2-->"C:\Users\Trond\Desktop\HijackThis.exe" /uninstall
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Logitech SetPoint-->"C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0014 -removeonly
MagicTune Premium-->C:\Program Files (x86)\InstallShield Installation Information\{D6044256-A309-43B5-9833-D3FAFE2AD24D}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Office Access MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0015-0414-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0016-0414-0000-0000000FF1CE}
Microsoft Office Groove MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-00BA-0414-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0044-0414-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-00A1-0414-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001A-0414-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0018-0414-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001F-0414-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Nynorsk)) 2007-->MsiExec.exe /X{90120000-001F-0814-0000-0000000FF1CE}
Microsoft Office Proofing (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-002C-0414-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0019-0414-0000-0000000FF1CE}
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-006E-0414-0000-0000000FF1CE}
Microsoft Office Word MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001B-0414-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1044}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security Online (Symantec Corporation)-->"C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA PhysX v8.11.18-->MsiExec.exe /X{A3194B3E-EEC4-44EE-8519-9DEB0AAC904B}
OpenAL-->"C:\Program Files (x86)\OpenAL\OALInst.exe" /U
PBCool-->MsiExec.exe /I{91A410CF-BD5A-44D4-A010-DE2E9CED5061}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Påloggingsassistent for Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
TmNationsForever-->"C:\Program Files (x86)\TmNationsForever\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Volume Panel-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR Arkiverer-->C:\Program Files (x86)\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"

======Security center information======

AV: Norton Internet Security Online
FW: Norton Internet Security Online
AS: Windows Defender
AS: Norton Internet Security Online

System event log

Computer Name: Trond-PC
Event Code: 7036
Message: Tjenesten LiveUpdate gikk inn i tilstanden kjører.
Record Number: 33300
Source Name: Service Control Manager
Time Written: 20090117012301.000000-000
Event Type: Informasjon
User:

Computer Name: Trond-PC
Event Code: 7036
Message: Tjenesten LiveUpdate gikk inn i tilstanden stoppet.
Record Number: 33301
Source Name: Service Control Manager
Time Written: 20090117012333.000000-000
Event Type: Informasjon
User:

Computer Name: Trond-PC
Event Code: 7036
Message: Tjenesten FLEXnet Licensing Service gikk inn i tilstanden kjører.
Record Number: 33302
Source Name: Service Control Manager
Time Written: 20090117012445.000000-000
Event Type: Informasjon
User:

Computer Name: Trond-PC
Event Code: 7036
Message: Tjenesten FLEXnet Licensing Service gikk inn i tilstanden stoppet.
Record Number: 33303
Source Name: Service Control Manager
Time Written: 20090117012545.000000-000
Event Type: Informasjon
User:

Application event log

Computer Name: Trond-PC
Event Code: 704
Message: msnmsgr (3956) \\.\C:\Users\Trond\AppData\Local\Microsoft\Messenger\elfiero44@hotmail.com\SharingMetadata\Working\database_4EC2_F8C2_C2F8_AEF9\dfsr.db: Online defragmentation of database '\\.\C:\Users\Trond\AppData\Local\Microsoft\Messenger\elfiero44@hotmail.com\SharingMetadata\Working\database_4EC2_F8C2_C2F8_AEF9\dfsr.db' was interrupted and terminated. The next time online defragmentation is started on this database, it will resume from the point of interruption.
Record Number: 7298
Source Name: ESENT
Time Written: 20090117011718.000000-000
Event Type: Informasjon
User:

Computer Name: Trond-PC
Event Code: 103
Message: msnmsgr (3956) \\.\C:\Users\Trond\AppData\Local\Microsoft\Messenger\elfiero44@hotmail.com\SharingMetadata\Working\database_4EC2_F8C2_C2F8_AEF9\dfsr.db: The database engine stopped the instance (0).
Record Number: 7299
Source Name: ESENT
Time Written: 20090117011718.000000-000
Event Type: Informasjon
User:

Computer Name: Trond-PC
Event Code: 101
Message: Informasjonsnivå: success

Planlegging startet automatisk LiveUpdate.
Record Number: 7300
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090117012302.000000-000
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Computer Name: Trond-PC
Event Code: 101
Message: Informasjonsnivå: success

Automatic LiveUpdate er avsluttet.
Record Number: 7301
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090117012336.000000-000
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Computer Name: Trond-PC
Event Code: 101
Message: Informasjonsnivå: success

Neste kjøring er fastsatt til ca. 3:28 AM.
Record Number: 7302
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090117012336.000000-000
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Security event log

Computer Name: Trond-PC
Event Code: 4904
Message: Det ble forsøkt å registrere en kilde for sikkerhetshendelse.

Emne:
Sikkerhets-ID: S-1-5-18
Kontonavn: TROND-PC$
Kontodomene: WORKGROUP
Påloggings-ID: 0x3e7

Prosess:
Prosess-ID: 0x1514
Prosessnavn: C:\Windows\System32\VSSVC.exe

Hendelseskilde:
Kildenavn: VSSAudit
Hendelseskilde-ID: 0x3b787f
Record Number: 12961
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090117003032.448888-000
Event Type: Overvåking vellykket
User:

Computer Name: Trond-PC
Event Code: 4905
Message: Det ble forsøkt å avregistrere en kilde for sikkerhetshendelse.

Emne
Sikkerhets-ID: S-1-5-18
Kontonavn: TROND-PC$
Kontodomene: WORKGROUP
Påloggings-ID: 0x3e7

Prosess:
Prosess-ID: 0x1514
Prosessnavn: C:\Windows\System32\VSSVC.exe

Hendelseskilde:
Kildenavn: VSSAudit
Hendelseskilde-ID: 0x3b787f
Record Number: 12962
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090117003032.448888-000
Event Type: Overvåking vellykket
User:

Computer Name: Trond-PC
Event Code: 4648
Message: Det ble forsøkt en pålogging med uttrykt legitimasjon.

Emne:
Sikkerhets-ID: S-1-5-18
Kontonavn: TROND-PC$
Kontodomene: WORKGROUP
Påloggings-ID: 0x3e7
Påloggings-GUID: {00000000-0000-0000-0000-000000000000}

Konto hvis legitimasjon ble brukt:
Kontonavn: SYSTEM
Kontodomene: NT-MYNDIGHET
Påloggings-GUID: {00000000-0000-0000-0000-000000000000}

Målserver:
Målservernavn: localhost
Tilleggsinformasjon: localhost

Prosessinformasjon:
Prosess-ID: 0x298
Prosessnavn: C:\Windows\System32\services.exe

Nettverksinformasjon:
Nettverksadresse: -
Port: -

Denne hendelsen genereres når en prosess prøver å logge på en konto ved eksplisitt å angi legitimasjonen for den kontoen. Dette er vanligst i satsvise konfigurasjoner som planlagte oppgaver, eller ved bruk av RUNAS-kommandoen.
Record Number: 12963
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090117003037.442888-000
Event Type: Overvåking vellykket
User:

Computer Name: Trond-PC
Event Code: 4624
Message: Det ble logget på en konto.

Emne:
Sikkerhets-ID: S-1-5-18
Kontonavn: TROND-PC$
Kontodomene: WORKGROUP
Påloggings-ID: 0x3e7

Påloggingstype: 5

Ny pålogging:
Sikkerhets-ID: S-1-5-18
Kontonavn: SYSTEM
Kontodomene: NT-MYNDIGHET
Påloggings-ID: 0x3e7
Påloggings-GUID: {00000000-0000-0000-0000-000000000000}

Prosessinformasjon:
Prosess-ID: 0x298
Prosessnavn: C:\Windows\System32\services.exe

Nettverksinformasjon:
Navn på arbeidsstasjon:
Adresse til kildenettverk: -
Kildeport: -

Detaljert godkjenningsinformasjon:
Påloggingsprosess: Advapi
Godkjenningspakke: Negotiate
Overførte tjenester: -
Pakkenavn (bare NTLM): -
Nøkkellengde: 0

Denne hendelsen genereres når en påloggingsøkt opprettes. Den genereres på datamaskinen der tilgang ble gitt.

Emnefeltene angir kontoen på det lokale systemet som bad om påloggingen. Dette er vanligvis en tjeneste som Server-tjenesten, eller en lokal prosess som Winlogon.exe eller Services.exe.

Påloggingstypefeltet angir hvilken påloggingstype som ble brukt. De vanligste typene er 2 (interaktiv) og 3 (nettverk).

Feltene for ny pålogging angir hvilken konto den nye påloggingen ble opprettet fra, det vil si kontoen som ble logget på.

Nettverksfeltene angir hvor den eksterne påloggingsforespørselen kom fra. Navnet på arbeidsstasjonen er ikke alltid tilgjengelig, og feltet kan enkelte ganger være tomt.

Feltene med godkjenningsinformasjon gir detaljert informasjon om denne bestemte påloggingsforespørselen.
- Påloggings-GUIDen er en entydig identifikator som kan brukes til å koordinere denne hendelsen med en KDC-hendelse.
- Overførte tjenester angir hvilke mellomliggende tjenester som har deltatt i denne påloggingsforespørselen.
- Pakkenavnet angir hvilken underprotokoll som ble brukt blant NTLM-protokollene.
- Nøkkellengden angir lengden til den genererte øktnøkkelen. Den er 0 hvis det ikke ble bedt om en øktnøkkel.
Record Number: 12964
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090117003037.442888-000
Event Type: Overvåking vellykket
User:

Computer Name: Trond-PC
Event Code: 4672
Message: Spesielle tillatelser tildelt ny pålogging:

Emne:
Sikkerhets-ID: S-1-5-18
Kontonavn: SYSTEM
Kontodomene: NT-MYNDIGHET
Påloggings-ID: 0x3e7

Tilgangsrettigheter: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 12965
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090117003037.442888-000
Event Type: Overvåking vellykket
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0f07
"NUMBER_OF_PROCESSORS"=4

-----------------EOF-----------------

#10 Elfiero

Elfiero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Lierne, Norway
  • Local time:12:49 AM

Posted 16 January 2009 - 09:00 PM

Looking at the log and info gives me a clue :thumbsup:

#11 SpotCheckBilly

SpotCheckBilly

  • Members
  • 81 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Twin Cities, MN
  • Local time:05:49 PM

Posted 17 January 2009 - 07:42 PM

Hi Elfiero,

Thanks for the logs. I will look them over and get back to you as soon as I can. -- SCB :thumbsup:
Posted ImagePosted Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat" - Delbert McClinton
Posted Image

#12 Elfiero

Elfiero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Lierne, Norway
  • Local time:12:49 AM

Posted 22 January 2009 - 04:48 AM

TYVM!

Looking fwd to the conclution, aventho I can't see any harmful or dodgy reports in them logs :thumbsup: Nice tool btw.

#13 SpotCheckBilly

SpotCheckBilly

  • Members
  • 81 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Twin Cities, MN
  • Local time:05:49 PM

Posted 22 January 2009 - 05:48 PM

Hi Elfiero,

Yes, random/random did a nice job on that tool. Other than the fact that the second part of the log appears to be a Norwegian (which I, unfortunately can't translate), the logs appear good.

There is one file which gives me a reason for concern. This file:

C.:\Windows\system 32\explorer.exe

Should not be in the \system32\ folder. It should be in C.:\Windows\.

Many of the popular scanners have not yet been updated to run on 64-bit systems, however, a very good one has been. I'd like you to run a scan with Malwarebytes Anti-Malware just to make sure that something is in hiding from us.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).
  • Click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.

    If Malware is found...
  • Be sure that >>Every box has a checkmark in it<<, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to your desktop.
NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:
  • Launch Malwarebytes' Anti-Malware.
  • Click the Logs tab.
  • Double-click log-mm.dd.yyyy [xxxxxx].txt.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please post back with the results of the scan. -- SCB :thumbsup:
Posted ImagePosted Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat" - Delbert McClinton
Posted Image

#14 Elfiero

Elfiero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Lierne, Norway
  • Local time:12:49 AM

Posted 23 January 2009 - 05:56 AM

Funny thing, It's not located in the system32 anymore... Looking at the log, the file is located in the system32 dir. a second before it's located in the \windows root. This is the time I installed Vista iirc, And then again it was on a formatted disk with changed RAID utility, with for all I know no virus or any other bug...
Running Mbam now, which is a program I tend to use hunting malware on my kids computers... :thumbsup:

EDIT: Back after a reboot, and the Mbam found this:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties)
I removed it, yes.. But this isn't harmful afaik....?
Do the .exe from above preinstall to system32 to selfdestruct later? :)

Edited by Elfiero, 23 January 2009 - 09:32 AM.

#15 SpotCheckBilly

SpotCheckBilly

  • Members
  • 81 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Twin Cities, MN
  • Local time:05:49 PM

Posted 23 January 2009 - 07:41 PM

Hi Elfiero,

Malwarebytes Anti-Malware is really a remarkable tool. Its developers are not only well respected members of the security community, they have an amazing grasp on how today's infections work and how to remove them.

The fact that explorer.exe no longer appears in the \system 32\ directory is a good thing. Please post a fresh RSIT log just to make sure it's not hiding. Also, could you post the entire MBAM log as well (see my previous post on where to find it)?

It looks like the end of our journey together is near. -- SCB :thumbsup:
Posted ImagePosted Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat" - Delbert McClinton
Posted Image
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·