Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help Removinh the "VIRTUMONDE" virus


  • Please log in to reply
7 replies to this topic

#1 Sandunes

Sandunes

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 17 February 2009 - 10:49 AM

My Webroot spy sweeper keeps picking up this virus and quarantines it but never removes the virus.
I ran Malware and this doesn't even find it.
I downloaded the Combo fix in hopes to get help removing this nasty virus.

The PC for the most part seems to be ok except that I/E acts a little strange. Takes longer to load pages and cannot access certain web sites.

Any help would be apprectiated.
John

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:12:49 PM

Posted 17 February 2009 - 01:29 PM

Hi and welcome to BleepingComputer :thumbsup:

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#3 Sandunes

Sandunes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 17 February 2009 - 04:10 PM

OK, I already had MalwareBytes/Anti-Malware on my PC. I updated to the latest version and ran the scan. It still did not pick up the VirtuMone virus.
Any other sugestions?

John

#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:12:49 PM

Posted 17 February 2009 - 06:11 PM

What version of Windows are you running?

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#5 Sandunes

Sandunes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 17 February 2009 - 07:20 PM

Operating system is: MS Windows XP Professional edition, Service Pack-3.
Hope this helps

#6 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:12:49 PM

Posted 17 February 2009 - 07:58 PM

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#7 Sandunes

Sandunes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 18 February 2009 - 04:53 PM

OK, Hope this file helps:


System Report
*************

Run on Wed 02/18/2009 at 04:44 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [792]
\??\C:\WINDOWS\system32\csrss.exe [896]
\??\C:\WINDOWS\system32\winlogon.exe [920]
C:\WINDOWS\system32\services.exe [964]
C:\WINDOWS\system32\lsass.exe [976]
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [1124]
C:\WINDOWS\system32\svchost.exe [1144]
C:\WINDOWS\system32\svchost.exe [1248]
C:\WINDOWS\System32\svchost.exe [1308]
C:\WINDOWS\system32\svchost.exe [1384]
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1520]
C:\WINDOWS\System32\svchost.exe [1600]
C:\WINDOWS\system32\svchost.exe [1624]
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [1724]
C:\WINDOWS\system32\spoolsv.exe [1892]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [176]
C:\WINDOWS\system32\HPZipm12.exe [252]
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [296]
C:\WINDOWS\System32\svchost.exe [320]
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [380]
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [520]
C:\Program Files\RealVNC\VNC4\WinVNC4.exe [732]
C:\WINDOWS\Explorer.EXE [2072]
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe [2360]
C:\WINDOWS\System32\alg.exe [2692]
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [3148]
C:\WINDOWS\system32\ctfmon.exe [2164]


Drivers - Running:

ACPI
aeaudio
AFD
agp440
atapi
audstub
Beep
Cdfs
Cdrom
Disk
dmio
dmload
E100B
eeCtrl
EraserUtilRebootDrv
Fdc
Fips
Flpydisk
FltMgr
Ftdisk
Gpc
HPZid412
HPZipr12
HPZius12
HTTP
i8042prt
Imapi
intelppm
IpFilterDriver
IpNat
IPSec
isapnp
Kbdclass
KSecDD
mnmdd
Mouclass
MountMgr
MRxDAV
MRxSmb
Msfs
mssmbios
Mup
NAVENG
NAVEX15
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
nv
OMCI
Parport
PartMgr
ParVdm
PCI
PCIIde
PptpMiniport
PSched
Ptilink
PxHelp20
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
serenum
Serial
smwdm
SPBBCDrv
sr
SRTSP
SRTSPX
Srv
ssfs0bbc
sshrmd
ssidrv
swenum
SymEvent
SYMTDI
sysaudio
SysPlant
Tcpip
Teefer2
TermDD
Update
usbccgp
usbehci
usbhub
usbprint
usbscan
usbstor
usbuhci
VgaSave
VolSnap
Wanarp
wdmaud
WPS
WpsHelper
WudfPf


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
catchme
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
COH_Mon
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
drmkaud
Fastfat
hpn
i2omgmt
i2omp
ini910u
IntelIde
ip6fw
IpInIp
IRENUM
kmixer
lbrtfdc
Modem
mraid35x
MSKSSRV
MSPCLOCK
MSPQM
NwlnkFlt
NwlnkFwd
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
Processor
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
Secdrv
Sfloppy
Simbad
Sparrow
splitter
SRTSPL
swmidi
symc810
symc8xx
SYMREDRV
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
Udfs
ultra
usb_rndisx
ViaIde
vsdatant
WDICA
WpdUsb
WudfRd


Services - Running:

ALG
Apple
AudioSrv
BITS
Browser
ccEvtMgr
ccSetMgr
CryptSvc
DcomLaunch
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventSystem
FastUserSwitchingCompatibility
helpsvc
lanmanserver
lanmanworkstation
LmHosts
Netman
Nla
PlugPlay
Pml
PolicyAgent
ProtectedStorage
RasMan
RemoteRegistry
RpcSs
SamSs
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
SmcService
spkrmon
Spooler
srservice
SSDPSRV
stisvc
Symantec
TapiSrv
TermService
Themes
TrkWks
W32Time
WebClient
WebrootSpySweeperService
winmgmt
WinVNC4
WRConsumerService
wscsvc
wuauserv
WudfSvc
WZCSVC


Services - Stopped:

Alerter
AppMgmt
aspnet_state
Bonjour
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
dmadmin
Dot3svc
EapHost
FLEXnet
HidServ
hkmsvc
HTTPFilter
ImapiService
LiveUpdate
Messenger
Microsoft
mnmsrvc
MSDTC
MSIServer
napagent
NetDDE
NetDDEdsdm
Netlogon
NtLmSsp
NtmsSvc
odserv
ose
RasAuto
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SCardSvr
SNAC
SwPrv
SysmonLog
TlntSvr
upnphost
UPS
VSS
WmdmPmSN
Wmi
WmiApSrv
xmlprov


Files Created/Modified - 60 Days:


C:\

Feb 18 2009 4:26:54p 1,610,612,736 A.SH. "C:\pagefile.sys"


C:\WINDOWS\

Feb 18 2009 4:26:58p 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Feb 16 2009 9:20:30p 110 A.... "C:\WINDOWS\ERDNT\CFrecovery.bat"
Dec 20 2008 6:15:12p 124,928 A.... "C:\WINDOWS\system32\advpack.dll"
Jan 13 2009 11:06:48a 552 A.... "C:\WINDOWS\system32\d3d8caps.dat"
Dec 20 2008 6:15:12p 347,136 A.... "C:\WINDOWS\system32\dxtmsft.dll"
Dec 20 2008 6:15:14p 214,528 A.... "C:\WINDOWS\system32\dxtrans.dll"
Dec 20 2008 6:15:14p 133,120 A.... "C:\WINDOWS\system32\extmgr.dll"
Dec 20 2008 6:15:14p 63,488 A.... "C:\WINDOWS\system32\icardie.dll"
Dec 19 2008 4:10:16a 70,656 A.... "C:\WINDOWS\system32\ie4uinit.exe"
Dec 20 2008 6:15:14p 153,088 A.... "C:\WINDOWS\system32\ieakeng.dll"
Dec 20 2008 6:15:14p 230,400 A.... "C:\WINDOWS\system32\ieaksie.dll"
Dec 19 2008 12:23:56a 161,792 A.... "C:\WINDOWS\system32\ieakui.dll"
Dec 20 2008 6:15:16p 383,488 A.... "C:\WINDOWS\system32\ieapfltr.dll"
Dec 20 2008 6:15:16p 384,512 A.... "C:\WINDOWS\system32\iedkcs32.dll"
Dec 20 2008 6:15:22p 6,066,688 A.... "C:\WINDOWS\system32\ieframe.dll"
Dec 20 2008 6:15:22p 44,544 A.... "C:\WINDOWS\system32\iernonce.dll"
Dec 20 2008 6:15:22p 267,776 A.... "C:\WINDOWS\system32\iertutil.dll"
Dec 19 2008 4:10:16a 13,824 A.... "C:\WINDOWS\system32\ieudinit.exe"
Dec 20 2008 6:15:24p 27,648 A.... "C:\WINDOWS\system32\jsproxy.dll"
Dec 22 2008 2:43:22p 82,768 A.... "C:\WINDOWS\system32\lmdimon8.dll"
Feb 3 2009 6:21:12p 21,244,864 A.... "C:\WINDOWS\system32\MRT.exe"
Dec 20 2008 6:15:24p 459,264 A.... "C:\WINDOWS\system32\msfeeds.dll"
Dec 20 2008 6:15:24p 52,224 A.... "C:\WINDOWS\system32\msfeedsbs.dll"
Jan 16 2009 9:35:14p 3,594,752 A.... "C:\WINDOWS\system32\mshtml.dll"
Dec 20 2008 6:15:30p 477,696 A.... "C:\WINDOWS\system32\mshtmled.dll"
Dec 20 2008 6:15:32p 193,024 A.... "C:\WINDOWS\system32\msrating.dll"
Dec 20 2008 6:15:32p 671,232 A.... "C:\WINDOWS\system32\mstime.dll"
Dec 20 2008 6:15:38p 102,912 A.... "C:\WINDOWS\system32\occache.dll"
Jan 9 2009 10:51:08a 63,188 A.... "C:\WINDOWS\system32\perfc009.dat"
Jan 9 2009 10:51:08a 403,968 A.... "C:\WINDOWS\system32\perfh009.dat"
Dec 20 2008 6:15:38p 44,544 A.... "C:\WINDOWS\system32\pngfilt.dll"
Dec 20 2008 6:15:40p 105,984 A.... "C:\WINDOWS\system32\url.dll"
Dec 20 2008 6:15:40p 1,160,192 A.... "C:\WINDOWS\system32\urlmon.dll"
Dec 20 2008 6:15:40p 233,472 A.... "C:\WINDOWS\system32\webcheck.dll"
Dec 20 2008 6:15:42p 826,368 A.... "C:\WINDOWS\system32\wininet.dll"
Feb 18 2009 4:27:10p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Feb 18 2009 4:40:42p 67,994 A.... "C:\WINDOWS\Temp\scs6.tmp"
Feb 18 2009 4:44:20p 0 A.... "C:\WINDOWS\Temp\scsA.tmp"
Dec 20 2008 6:15:12p 124,928 ..... "C:\WINDOWS\system32\dllcache\advpack.dll"
Dec 20 2008 6:15:12p 347,136 A.... "C:\WINDOWS\system32\dllcache\dxtmsft.dll"
Dec 20 2008 6:15:14p 214,528 A.... "C:\WINDOWS\system32\dllcache\dxtrans.dll"
Dec 20 2008 6:15:14p 133,120 A.... "C:\WINDOWS\system32\dllcache\extmgr.dll"
Dec 20 2008 6:15:14p 63,488 ..... "C:\WINDOWS\system32\dllcache\icardie.dll"
Dec 19 2008 4:10:16a 70,656 ..... "C:\WINDOWS\system32\dllcache\ie4uinit.exe"
Dec 20 2008 6:15:14p 153,088 ..... "C:\WINDOWS\system32\dllcache\ieakeng.dll"
Dec 20 2008 6:15:14p 230,400 ..... "C:\WINDOWS\system32\dllcache\ieaksie.dll"
Dec 19 2008 12:23:56a 161,792 A.... "C:\WINDOWS\system32\dllcache\ieakui.dll"
Dec 20 2008 6:15:16p 383,488 ..... "C:\WINDOWS\system32\dllcache\ieapfltr.dll"
Dec 20 2008 6:15:16p 384,512 ..... "C:\WINDOWS\system32\dllcache\iedkcs32.dll"
Dec 20 2008 6:15:22p 6,066,688 ..... "C:\WINDOWS\system32\dllcache\ieframe.dll"
Dec 20 2008 6:15:22p 44,544 ..... "C:\WINDOWS\system32\dllcache\iernonce.dll"
Dec 20 2008 6:15:22p 267,776 ..... "C:\WINDOWS\system32\dllcache\iertutil.dll"
Dec 19 2008 4:10:16a 13,824 ..... "C:\WINDOWS\system32\dllcache\ieudinit.exe"
Dec 19 2008 12:25:26a 634,024 ..... "C:\WINDOWS\system32\dllcache\iexplore.exe"
Dec 20 2008 6:15:24p 27,648 A.... "C:\WINDOWS\system32\dllcache\jsproxy.dll"
Dec 20 2008 6:15:24p 459,264 ..... "C:\WINDOWS\system32\dllcache\msfeeds.dll"
Dec 20 2008 6:15:24p 52,224 ..... "C:\WINDOWS\system32\dllcache\msfeedsbs.dll"
Jan 16 2009 9:35:14p 3,594,752 A.... "C:\WINDOWS\system32\dllcache\mshtml.dll"
Dec 20 2008 6:15:30p 477,696 A.... "C:\WINDOWS\system32\dllcache\mshtmled.dll"
Dec 20 2008 6:15:32p 193,024 A.... "C:\WINDOWS\system32\dllcache\msrating.dll"
Dec 20 2008 6:15:32p 671,232 A.... "C:\WINDOWS\system32\dllcache\mstime.dll"
Dec 20 2008 6:15:38p 102,912 ..... "C:\WINDOWS\system32\dllcache\occache.dll"
Dec 20 2008 6:15:38p 44,544 A.... "C:\WINDOWS\system32\dllcache\pngfilt.dll"
Dec 20 2008 6:15:40p 105,984 ..... "C:\WINDOWS\system32\dllcache\url.dll"
Dec 20 2008 6:15:40p 1,160,192 A.... "C:\WINDOWS\system32\dllcache\urlmon.dll"
Feb 18 2009 4:21:52p 578,560 A.... "C:\WINDOWS\system32\dllcache\user32.dll"
Dec 20 2008 6:15:40p 233,472 ..... "C:\WINDOWS\system32\dllcache\webcheck.dll"
Dec 20 2008 6:15:42p 826,368 A.... "C:\WINDOWS\system32\dllcache\wininet.dll"
Feb 11 2009 10:19:34a 15,504 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
Feb 11 2009 10:19:42a 38,496 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
Jan 20 2009 8:44:18p 149,760 A.... "C:\WINDOWS\system32\drivers\WpsHelper.sys"
Feb 18 2009 4:40:26p 3,334 A.... "C:\WINDOWS\Temp\wrstemp\S-1-5-18.dat"
Feb 18 2009 4:40:26p 4,182 A.... "C:\WINDOWS\Temp\wrstemp\S-1-5-19.dat"
Feb 18 2009 4:40:26p 4,250 A.... "C:\WINDOWS\Temp\wrstemp\S-1-5-20.dat"
Feb 18 2009 4:40:34p 4,936 A.... "C:\WINDOWS\Temp\wrstemp\S-1-5-21-861567501-261478967-839522115-1003.dat"
Feb 18 2009 4:40:26p 4,350 A.... "C:\WINDOWS\Temp\wrstemp\S-1-5-21-861567501-261478967-839522115-500.dat"
Feb 18 2009 4:39:34p 0 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS075F40A0-C2FF-44DD-8048-AE038E783A63.tmp"
Feb 18 2009 4:39:42p 2,883,584 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS0B0A546B-859E-48CE-9AB0-7318EBCA61EA.tmp"
Feb 18 2009 4:40:38p 131,072 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS0F83A080-3E0C-4DE8-8876-73FD499B6DAB.tmp"
Feb 18 2009 4:40:26p 131,072 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS0F10CC29-7D52-44AC-B8BF-CB943716F55F.tmp"
Feb 18 2009 4:39:34p 0 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS0FCFFE2D-74C5-407A-ADC0-AB33A98BC852.tmp"
Feb 18 2009 4:40:38p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS102D209E-57DD-4EDA-9DA3-6099E82A7848.tmp"
Feb 18 2009 4:40:36p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS12BD6D35-9B33-4D18-949D-A245010069C8.tmp"
Feb 18 2009 4:39:42p 5,308,416 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS13554581-8DF3-42F4-8106-E76EABF4BB36.tmp"
Feb 18 2009 4:39:42p 1,376,256 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS13157423-626E-41AB-B33D-D3963AA2EDB6.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS15932D55-0C6A-4D6E-B74D-62C51D1942E5.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS16ADD765-A814-44C8-8B67-62A441978797.tmp"
Feb 18 2009 4:39:40p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS1B92A75F-8250-4549-BE6F-55E4AF457983.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS1CBF62F7-7DED-4F39-A35E-0A4865DBAA52.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS21CD88DC-CE3C-4ABF-96ED-94B5873660E9.tmp"
Feb 18 2009 4:40:38p 131,072 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS26115F72-159A-4B69-9A89-B854AEC174F4.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS29F0F6EC-3163-4833-9BF6-F06DBA787DDF.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS2A56A92B-9D07-42FC-8F40-305AE400D7FB.tmp"
Feb 18 2009 4:40:36p 131,072 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS2BF57499-CCAD-4035-B6E9-9EDF8369ECE4.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS2B3256DF-48C9-43DA-B197-AB7258064645.tmp"
Feb 18 2009 4:39:34p 0 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS2C823C92-D164-42A5-88EB-40D63C19260B.tmp"
Feb 18 2009 4:40:36p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS2EB3AFA0-B1B3-466D-A6CB-C655E8FC4F5D.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS30FE12BD-9FBE-444A-A60C-A818D96B2695.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS3220BE76-1639-469A-8657-B386BED5C379.tmp"
Feb 18 2009 4:40:38p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS35FC7D90-599B-4975-98A8-502A648526E2.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS401DC05F-B7B9-4E7E-BAC9-821F5E5ED8D5.tmp"
Feb 18 2009 4:40:36p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS407A3E67-F203-44A6-B264-86EBAEDD8C41.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS40448E00-54B1-4E5D-BF54-EA1E2E1CF0D3.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS40CA2051-336A-4F33-92FD-2D9AA8E7F0D9.tmp"
Feb 18 2009 4:39:42p 2,097,152 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS4223C4BB-421A-464B-B00F-9B2B9388EA9D.tmp"
Feb 18 2009 4:39:34p 0 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS4439A1B5-8BB0-4A9F-8C24-040079397C53.tmp"
Feb 18 2009 4:39:42p 2,162,688 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS4841ADA3-017B-43E9-97AE-E1A052591532.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS490F12EB-4997-4A6D-92A2-ACCC134FD844.tmp"
Feb 18 2009 4:40:36p 50,331,648 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS4A51B76C-A868-4A79-83CC-9B560F8E2D1A.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS4C7C0DF9-C06D-4456-993A-6586BB7F4770.tmp"
Feb 18 2009 4:39:40p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS4C9A452A-7D05-4F3C-B47A-DD204656E62B.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS4D5E6D91-DFF2-4C48-A0C3-8DFFE1B967E8.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS51A666DA-1A48-45CC-A665-717EBFD7A43A.tmp"
Feb 18 2009 4:39:40p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS585F0144-E181-42DE-BA8F-FA001DFDD110.tmp"
Feb 18 2009 4:39:42p 12,189,696 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS5B4719D0-783E-4A66-8D8F-9933A68B50F2.tmp"
Feb 18 2009 4:40:36p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS5E19F4B3-7965-4AE2-8E63-08830CBA12B7.tmp"
Feb 18 2009 4:40:38p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS61C22E1C-D18E-4589-95D3-EF2AF3293DD3.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS62CF9FB0-D893-488F-8341-C3CCD1B36B57.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS64EEDEDB-278F-4101-AE35-3F772104780B.tmp"
Feb 18 2009 4:40:38p 983,040 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS651B94E6-BA01-46A6-AB65-9B36F3BF6705.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS660850D3-0B36-4389-9361-25C43445EAF1.tmp"
Feb 18 2009 4:39:34p 0 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS6ABA2E65-1D9B-492B-85CE-DBF64EF4AAB4.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS6BF6C0F0-4612-47DF-AE03-3580B19FB571.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS6DD81DD4-0D34-45FC-AC92-D4D3D28E3159.tmp"
Feb 18 2009 4:39:40p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS6E7148BB-FFDD-4698-9865-EE297098C5E7.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS7621FD28-717A-4B0F-A4C1-6AFA82C246B4.tmp"
Feb 18 2009 4:39:42p 655,360 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS77D4DEFC-1DED-4FB1-A90B-FA1EEF29AFDE.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS78CABE9C-A974-4987-846F-A08B123552CF.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS7E2B8BFF-4147-4BB8-9275-D241F9BD45AA.tmp"
Feb 18 2009 4:39:42p 131,072 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS80295B5B-2134-4FBE-844A-6E301ABFC686.tmp"
Feb 18 2009 4:39:42p 262,144 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS81ED2461-EA68-4C83-BC32-1CCD92E7C3E7.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS82C0AFDD-9A78-4342-BE2E-C695F2A7AE26.tmp"
Feb 18 2009 4:39:42p 131,072 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS8342D13B-DEBB-4842-B726-66DE89B6FFAE.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS832A9E81-C875-4909-B32F-EA8FF7110611.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS8E69A2F7-4A7A-4767-9A6D-3EC4CB311195.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS9255BD46-5748-4615-B980-BD210DE18A55.tmp"
Feb 18 2009 4:40:26p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS97043B21-A7E1-44B9-A96A-ABB5CBA24405.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS981D9744-E132-4AE6-AEAC-C40B94A77611.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS9C8A6434-9409-4050-BF1D-12E182FBBA52.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS9F1E0153-1A94-40CB-8699-9E0768684862.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMS9FF66EFC-DBFD-42F8-B043-C1C9890BCB36.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSA21CF717-C4D0-4AF1-B5D3-1DBBD5EBBD65.tmp"
Feb 18 2009 4:39:42p 131,072 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSA46DFB05-6D59-4793-8F4E-7ACAC26EB3E1.tmp"
Feb 18 2009 4:40:38p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSA540B7E0-A5D3-4C15-B62F-3DB7C752A66B.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSA508F44C-3D73-4367-BB0B-816E8CF22F0F.tmp"
Feb 18 2009 4:40:36p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSA9338D5F-4687-4613-AF84-996D4FA94582.tmp"
Feb 18 2009 4:39:34p 0 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSAE60BDE6-ACEF-456D-9FCA-F883B717C93C.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSAF075EB0-B960-4BEC-86D2-8D2F7E0FC368.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSAF2DEFBA-0893-4122-8B0E-650BB349C21D.tmp"
Feb 18 2009 4:39:34p 0 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSB04D0CC1-6D2C-4014-9BC7-B928F03333DA.tmp"
Feb 18 2009 4:39:42p 196,608 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSBC161DDB-9CA9-4298-A84A-739D2E15566C.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSBC96A44F-F26A-4B38-864D-FD09550B8210.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSBD43A20C-9DD4-451B-8F1B-7C31229ADD10.tmp"
Feb 18 2009 4:39:42p 262,144 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSC2CE1D79-296B-4315-939F-FB4100CEA49F.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSC41E1498-F234-4D84-BEF8-8A37D02BE70C.tmp"
Feb 18 2009 4:39:42p 393,216 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSC45327C2-C2D8-4EE0-BF81-B5D819AF7C2F.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSC803DDE4-0BEF-4B09-9BEC-D21E4C73FF96.tmp"
Feb 18 2009 4:39:40p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSC819E1BD-2616-464F-9E39-94A2E384B261.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSCBFD6234-5D1E-4F1D-8417-F623C9BCE4EF.tmp"
Feb 18 2009 4:39:42p 983,040 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSCD2F45B7-9A7B-44B7-9C93-613D153B7ACB.tmp"
Feb 18 2009 4:39:34p 0 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSD15263A2-E1BC-4A67-971D-A7D147F049CB.tmp"
Feb 18 2009 4:39:40p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSD16F1091-8A5A-4D31-B5F3-FE066FF234F3.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSD41E201F-512D-48BC-859A-AD36BE9E47E0.tmp"
Feb 18 2009 4:39:42p 131,072 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSD4D42407-96EE-4BE7-87F0-3AE1D4E2903F.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSD6B40F9D-CCAE-4270-A8EF-49F1F77B6697.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSD9D02461-B020-4D19-8B95-6E1AEA95ADB5.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSDBB6A122-F75A-4A81-8D5C-CD6239771F3A.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSDD63C6B9-5E39-4146-9C90-A00A46C29D83.tmp"
Feb 18 2009 4:39:42p 196,608 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSDFCF811A-ED63-4498-8CEE-C7261EC0C2A9.tmp"
Feb 18 2009 4:39:42p 1,900,544 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSDF9EDD00-2F89-4F79-8709-222A4A8DCB40.tmp"
Feb 18 2009 4:39:34p 0 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSE2E7915D-D8BD-45DD-BCCF-A05BED5AC9FD.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSE612541F-2545-477E-BD06-12E13E615951.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSE6FD46B1-8D36-4473-B8C6-4BE129EB869A.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSEAF30CD0-C85B-4DAD-A4BB-0DCCE1E2E94F.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSEB5BA179-9A01-4718-8C84-E3ACF6F1EDAC.tmp"
Feb 18 2009 4:40:38p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSEDA9A002-B7EF-4B84-B1C1-BCD0EDE38757.tmp"
Feb 18 2009 4:39:34p 0 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSF2279370-A543-4E9A-B013-F1C5C5E56290.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSF6E490AD-1574-4980-89AF-C33C107B327B.tmp"
Feb 18 2009 4:39:42p 65,536 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSFCCABC26-2D1E-4C31-82D7-77660AD535CC.tmp"
Feb 18 2009 4:40:36p 1,179,648 A..H. "C:\WINDOWS\Temp\wrstemp\SSMSFF6D6208-72A6-443A-AED4-55241A2DD3A6.tmp"
Jan 9 2009 10:36:22a 258,048 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll"
Jan 9 2009 10:36:26a 114,176 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll"
Feb 16 2009 9:13:36p 229,376 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT"
Feb 16 2009 9:13:36p 8,192 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat"
Feb 16 2009 9:13:36p 245,760 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT"
Feb 16 2009 9:13:36p 8,192 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat"
Feb 16 2009 9:13:36p 3,616,768 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT"
Feb 16 2009 9:13:36p 221,184 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat"
Dec 22 2008 2:43:24p 82,256 A.... "C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll"
Dec 22 2008 2:43:36p 984,400 A.... "C:\WINDOWS\system32\spool\drivers\w32x86\3\lmdigraph8.dll"
Dec 22 2008 2:43:28p 160,072 A.... "C:\WINDOWS\system32\spool\drivers\w32x86\3\lmdiui8.dll"


C:\Program Files\

Dec 19 2008 12:25:26a 634,024 A.... "C:\Program Files\Internet Explorer\iexplore.exe"
Feb 11 2009 10:19:32a 1,273,488 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Feb 11 2009 10:19:38a 399,504 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"
Feb 11 2009 10:19:38a 179,856 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
Feb 17 2009 3:13:46p 38,246 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
Feb 17 2009 3:11:34p 688,784 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Feb 11 2009 10:19:42a 77,968 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
Feb 17 2009 10:36:42a 125,922 A.... "C:\Program Files\mIRC\uninstall.exe"
Dec 25 2008 10:47:56p 173,022 A.... "C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe"
Jan 6 2009 8:34:08p 3,673,400 A.... "C:\Program Files\Microsoft Office\Office12\OUTLFLTR.DAT"
Feb 9 2009 10:42:56a 7,925 A.... "C:\Program Files\Registry Mechanic\log\ignore.dat"
Feb 18 2009 4:27:38p 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"
Jan 28 2009 10:39:38p 332,980 A.... "C:\Program Files\Symantec\Symantec Endpoint Protection\metadata.dat"
Feb 18 2009 4:40:18p 35,264 A.... "C:\Program Files\Symantec\Symantec Endpoint Protection\SerState.dat"
Jan 28 2009 10:39:36p 813,403 A.... "C:\Program Files\Symantec\Symantec Endpoint Protection\sigs.dat"
Feb 7 2009 8:51:16p 619,344 A.... "C:\Program Files\Webroot\WebrootSecurity\compressed.dat"
Jan 11 2009 12:50:34p 89,837 A.... "C:\Program Files\Common Files\AOL\AOLDiag\tbunins.exe"
Jan 11 2009 12:50:02p 88,490 A.... "C:\Program Files\Common Files\AOL\Loader\alunins.exe"
Dec 22 2008 2:43:38p 2,077,512 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\CONFAPI.dll"
Dec 22 2008 12:16:56p 548,864 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\MSVCP80.dll"
Dec 22 2008 12:16:58p 626,688 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\MSVCR80.dll"
Dec 22 2008 2:43:30p 287,056 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\RtcRouter.dll"
Dec 22 2008 2:43:38p 3,160,904 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\uccp.dll"
Dec 22 2008 12:07:40p 1,451,856 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\AppShare.dll"
Dec 22 2008 3:07:10p 31,056 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_de_de.DLL"
Dec 22 2008 3:30:24p 30,032 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_sv_se.DLL"
Dec 22 2008 3:10:26p 30,032 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_fi_fi.DLL"
Dec 22 2008 2:59:56p 30,032 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_da_dk.DLL"
Dec 22 2008 3:27:22p 30,032 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_nl_nl.DLL"
Dec 22 2008 3:08:14p 31,056 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_es_es.DLL"
Dec 22 2008 3:32:30p 23,888 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_zh_cn.DLL"
Dec 22 2008 3:15:22p 31,056 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_it_it.DLL"
Dec 22 2008 3:28:40p 30,544 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_pt_br.DLL"
Dec 22 2008 3:34:20p 23,888 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_zh_tw.DLL"
Dec 22 2008 2:43:30p 240,976 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\bgpubmgr.exe"
Dec 22 2008 2:46:22p 29,520 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_en_us.DLL"
Dec 22 2008 3:19:06p 25,936 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_ja_jp.DLL"
Dec 22 2008 3:20:00p 25,936 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_ko_kr.DLL"
Dec 22 2008 3:12:58p 31,568 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\BGPUBRES_fr_fr.DLL"
Dec 22 2008 12:07:42p 104,784 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\CollabHook.dll"
Dec 22 2008 12:07:42p 1,310,032 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Collaborate.dll"
Dec 22 2008 2:43:30p 362,320 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\ImportUtil.dll"
Dec 22 2008 12:07:54p 78,648 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\INTLDATE.DLL"
Dec 22 2008 3:30:26p 60,232 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_sv_se.DLL"
Dec 22 2008 2:43:30p 300,880 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMASRecord.dll"
Dec 22 2008 2:59:56p 60,232 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_da_dk.DLL"
Dec 22 2008 2:43:28p 286,552 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMClientRecord.dll"
Dec 22 2008 3:06:56p 60,232 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_de_de.DLL"
Dec 22 2008 3:28:40p 60,232 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_pt_br.DLL"
Dec 22 2008 3:10:26p 60,232 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_fi_fi.DLL"
Dec 22 2008 3:32:34p 59,208 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_zh_cn.DLL"
Dec 22 2008 2:43:34p 1,234,256 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDICore.dll"
Dec 22 2008 2:43:36p 984,400 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Lmdigraph8.dll"
Dec 22 2008 2:43:22p 82,768 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\lmdimon8.dll"
Dec 22 2008 2:43:24p 82,256 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\lmdippr8.dll"
Dec 22 2008 2:46:20p 60,232 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_en_us.DLL"
Dec 22 2008 3:19:08p 59,720 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_ja_jp.DLL"
Dec 22 2008 3:19:58p 59,720 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_ko_kr.DLL"
Dec 22 2008 3:12:58p 60,744 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_fr_fr.DLL"
Dec 22 2008 2:43:28p 160,072 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIUI8.dll"
Dec 22 2008 2:43:34p 699,216 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIView.DLL"
Dec 22 2008 3:15:22p 60,744 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_it_it.DLL"
Dec 22 2008 3:27:22p 60,232 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_nl_nl.DLL"
Dec 22 2008 3:08:18p 60,744 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_es_es.DLL"
Dec 22 2008 3:34:20p 59,208 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\LMDIRES_zh_tw.DLL"
Dec 22 2008 2:43:38p 2,042,704 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\lmpptview.dll"
Dec 22 2008 12:07:54p 759,640 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MSPTLS.DLL"
Dec 22 2008 12:16:56p 548,864 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MSVCP80.dll"
Dec 22 2008 12:16:58p 626,688 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MSVCR80.dll"
Dec 22 2008 12:07:54p 1,660,752 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\OGL.dll"
Dec 22 2008 2:43:30p 337,744 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\ppvwintl.dll"
Dec 22 2008 2:43:34p 750,408 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\pubutil.dll"
Dec 22 2008 2:59:56p 258,896 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_da_dk.dll"
Dec 22 2008 3:32:28p 154,960 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_zh_cn.dll"
Dec 22 2008 3:06:58p 284,496 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_de_de.dll"
Dec 22 2008 3:10:26p 260,432 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_fi_fi.dll"
Dec 22 2008 3:08:16p 274,768 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_es_es.dll"
Dec 22 2008 3:28:40p 269,136 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_pt_br.dll"
Dec 22 2008 3:27:22p 273,232 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_nl_nl.dll"
Dec 22 2008 3:34:20p 157,008 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_zh_tw.dll"
Dec 22 2008 3:15:22p 275,792 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_it_it.dll"
Dec 22 2008 3:30:24p 253,776 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_sv_se.dll"
Dec 22 2008 2:43:38p 6,277,968 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"
Dec 22 2008 2:46:22p 249,168 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_en_us.dll"
Dec 22 2008 3:19:06p 186,704 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_ja_jp.dll"
Dec 22 2008 3:20:00p 181,072 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_ko_kr.dll"
Dec 22 2008 3:13:00p 286,032 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWResources_fr_fr.dll"
Dec 22 2008 2:43:38p 5,356,368 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\RTMPLTFM.dll"
Dec 22 2008 12:07:54p 291,128 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\SAEXT.DLL"
Dec 22 2008 2:43:28p 151,880 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\scdec.dll"
Dec 22 2008 2:43:38p 3,160,904 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Uccp.dll"
Jan 7 2009 9:20:00a 118,849 A.... "C:\Program Files\Webroot\WebrootSecurity\AntiVirus\OSDP.DLL"
Jan 7 2009 9:19:58a 483,393 A.... "C:\Program Files\Webroot\WebrootSecurity\AntiVirus\SAVI.DLL"
Jan 7 2009 9:23:46a 131,072 A.... "C:\Program Files\Webroot\WebrootSecurity\AntiVirus\SAVMSCM.DLL"
Jan 7 2009 5:17:10p 885,791 A.... "C:\Program Files\Webroot\WebrootSecurity\AntiVirus\VDL.DAT"
Jan 7 2009 9:23:24a 1,732,673 A.... "C:\Program Files\Webroot\WebrootSecurity\AntiVirus\VEEX.DLL"
Feb 18 2009 4:40:34p 61,320 A.... "C:\Program Files\Webroot\WebrootSecurity\Data\settings.dat"
Feb 18 2009 4:11:18p 96 A.... "C:\Program Files\Webroot\WebrootSecurity\Masters\other.dat"
Dec 22 2008 2:59:56p 227,664 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\DA\ConfApiSat.dll"
Dec 22 2008 3:06:58p 240,976 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\de-DE\ConfApiSat.dll"
Dec 22 2008 2:46:20p 223,568 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\en-US\ConfApiSat.dll"
Dec 22 2008 3:08:14p 238,928 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\es-ES\ConfApiSat.dll"
Dec 22 2008 3:10:24p 229,200 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\FI\ConfApiSat.dll"
Dec 22 2008 3:12:58p 243,024 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\fr-FR\ConfApiSat.dll"
Dec 22 2008 3:15:20p 237,392 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\it-IT\ConfApiSat.dll"
Dec 22 2008 3:19:06p 196,432 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\ja-JP\ConfApiSat.dll"
Dec 22 2008 3:20:00p 194,384 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\ko-KR\ConfApiSat.dll"
Dec 22 2008 3:27:20p 236,368 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\NL-NL\ConfApiSat.dll"
Dec 22 2008 3:28:40p 234,320 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\pt-BR\ConfApiSat.dll"
Dec 22 2008 3:30:24p 226,128 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\SV-SE\ConfApiSat.dll"
Dec 22 2008 3:32:30p 184,144 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\ZH-CN\ConfApiSat.dll"
Dec 22 2008 3:34:20p 184,656 A.... "C:\Program Files\Common Files\Microsoft Shared\LiveMeeting Shared\ZH-TW\ConfApiSat.dll"
Dec 22 2008 12:02:44p 6,750 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Playback\Playback.htm"
Dec 22 2008 12:02:44p 6,398 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Playback\Start.htm"
Dec 22 2008 3:34:22p 628,040 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0404\UCCPRES.dll"
Dec 22 2008 2:59:56p 637,768 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0406\UCCPRES.dll"
Dec 22 2008 3:06:56p 640,328 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0407\UCCPRES.dll"
Dec 22 2008 2:46:20p 637,768 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0409\UCCPRES.dll"
Dec 22 2008 3:10:26p 637,768 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\040b\UCCPRES.dll"
Dec 22 2008 3:12:58p 640,328 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\040C\UCCPRES.dll"
Dec 22 2008 3:15:22p 639,816 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0410\UCCPRES.dll"
Dec 22 2008 3:19:06p 630,600 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0411\UCCPRES.dll"
Dec 22 2008 3:19:58p 630,600 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0412\UCCPRES.dll"
Dec 22 2008 3:27:22p 638,792 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0413\UCCPRES.dll"
Dec 22 2008 3:28:40p 638,792 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0416\UCCPRES.dll"
Dec 22 2008 3:30:26p 637,256 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\041d\UCCPRES.dll"
Dec 22 2008 3:32:30p 628,040 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0804\UCCPRES.dll"
Dec 22 2008 3:08:18p 639,304 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\MUI\0C0A\UCCPRES.dll"
Dec 22 2008 12:02:38p 1,975 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Playback\Engine\Anno.htm"
Dec 22 2008 12:02:38p 442 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Playback\Engine\Blank.htm"
Dec 22 2008 12:02:38p 238 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Playback\Engine\BlankWithCSS.htm"
Dec 22 2008 12:02:38p 692 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Playback\Engine\ClipWidget.htm"
Dec 22 2008 12:02:38p 78 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Playback\Engine\close.htm"
Dec 22 2008 12:02:38p 10,797 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Playback\Engine\Default.htm"
Dec 22 2008 12:02:44p 662 A.... "C:\Program Files\Microsoft Office\Live Meeting 8\Console\Playback\Engine\MmcRenderer.htm"


Files with hidden attributes:

Wed 18 Feb 2009 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS075F40A0-C2FF-44DD-8048-AE038E783A63.tmp"
Wed 18 Feb 2009 2,883,584 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS0B0A546B-859E-48CE-9AB0-7318EBCA61EA.tmp"
Wed 18 Feb 2009 131,072 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS0F83A080-3E0C-4DE8-8876-73FD499B6DAB.tmp"
Wed 18 Feb 2009 131,072 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS0F10CC29-7D52-44AC-B8BF-CB943716F55F.tmp"
Wed 18 Feb 2009 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS0FCFFE2D-74C5-407A-ADC0-AB33A98BC852.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS102D209E-57DD-4EDA-9DA3-6099E82A7848.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS12BD6D35-9B33-4D18-949D-A245010069C8.tmp"
Wed 18 Feb 2009 5,308,416 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS13554581-8DF3-42F4-8106-E76EABF4BB36.tmp"
Wed 18 Feb 2009 1,376,256 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS13157423-626E-41AB-B33D-D3963AA2EDB6.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS15932D55-0C6A-4D6E-B74D-62C51D1942E5.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS16ADD765-A814-44C8-8B67-62A441978797.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS1B92A75F-8250-4549-BE6F-55E4AF457983.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS1CBF62F7-7DED-4F39-A35E-0A4865DBAA52.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS21CD88DC-CE3C-4ABF-96ED-94B5873660E9.tmp"
Wed 18 Feb 2009 131,072 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS26115F72-159A-4B69-9A89-B854AEC174F4.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS29F0F6EC-3163-4833-9BF6-F06DBA787DDF.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2A56A92B-9D07-42FC-8F40-305AE400D7FB.tmp"
Wed 18 Feb 2009 131,072 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2BF57499-CCAD-4035-B6E9-9EDF8369ECE4.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2B3256DF-48C9-43DA-B197-AB7258064645.tmp"
Wed 18 Feb 2009 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2C823C92-D164-42A5-88EB-40D63C19260B.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2EB3AFA0-B1B3-466D-A6CB-C655E8FC4F5D.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS30FE12BD-9FBE-444A-A60C-A818D96B2695.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS3220BE76-1639-469A-8657-B386BED5C379.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS35FC7D90-599B-4975-98A8-502A648526E2.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS401DC05F-B7B9-4E7E-BAC9-821F5E5ED8D5.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS407A3E67-F203-44A6-B264-86EBAEDD8C41.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS40448E00-54B1-4E5D-BF54-EA1E2E1CF0D3.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS40CA2051-336A-4F33-92FD-2D9AA8E7F0D9.tmp"
Wed 18 Feb 2009 2,097,152 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS4223C4BB-421A-464B-B00F-9B2B9388EA9D.tmp"
Wed 18 Feb 2009 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS4439A1B5-8BB0-4A9F-8C24-040079397C53.tmp"
Wed 18 Feb 2009 2,162,688 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS4841ADA3-017B-43E9-97AE-E1A052591532.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS490F12EB-4997-4A6D-92A2-ACCC134FD844.tmp"
Wed 18 Feb 2009 50,331,648 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS4A51B76C-A868-4A79-83CC-9B560F8E2D1A.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS4C7C0DF9-C06D-4456-993A-6586BB7F4770.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS4C9A452A-7D05-4F3C-B47A-DD204656E62B.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS4D5E6D91-DFF2-4C48-A0C3-8DFFE1B967E8.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS51A666DA-1A48-45CC-A665-717EBFD7A43A.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS585F0144-E181-42DE-BA8F-FA001DFDD110.tmp"
Wed 18 Feb 2009 12,189,696 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS5B4719D0-783E-4A66-8D8F-9933A68B50F2.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS5E19F4B3-7965-4AE2-8E63-08830CBA12B7.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS61C22E1C-D18E-4589-95D3-EF2AF3293DD3.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS62CF9FB0-D893-488F-8341-C3CCD1B36B57.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS64EEDEDB-278F-4101-AE35-3F772104780B.tmp"
Wed 18 Feb 2009 983,040 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS651B94E6-BA01-46A6-AB65-9B36F3BF6705.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS660850D3-0B36-4389-9361-25C43445EAF1.tmp"
Wed 18 Feb 2009 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6ABA2E65-1D9B-492B-85CE-DBF64EF4AAB4.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6BF6C0F0-4612-47DF-AE03-3580B19FB571.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6DD81DD4-0D34-45FC-AC92-D4D3D28E3159.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6E7148BB-FFDD-4698-9865-EE297098C5E7.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS7621FD28-717A-4B0F-A4C1-6AFA82C246B4.tmp"
Wed 18 Feb 2009 655,360 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS77D4DEFC-1DED-4FB1-A90B-FA1EEF29AFDE.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS78CABE9C-A974-4987-846F-A08B123552CF.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS7E2B8BFF-4147-4BB8-9275-D241F9BD45AA.tmp"
Wed 18 Feb 2009 131,072 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS80295B5B-2134-4FBE-844A-6E301ABFC686.tmp"
Wed 18 Feb 2009 262,144 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS81ED2461-EA68-4C83-BC32-1CCD92E7C3E7.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS82C0AFDD-9A78-4342-BE2E-C695F2A7AE26.tmp"
Wed 18 Feb 2009 131,072 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8342D13B-DEBB-4842-B726-66DE89B6FFAE.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS832A9E81-C875-4909-B32F-EA8FF7110611.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8E69A2F7-4A7A-4767-9A6D-3EC4CB311195.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS9255BD46-5748-4615-B980-BD210DE18A55.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS97043B21-A7E1-44B9-A96A-ABB5CBA24405.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS981D9744-E132-4AE6-AEAC-C40B94A77611.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS9C8A6434-9409-4050-BF1D-12E182FBBA52.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS9F1E0153-1A94-40CB-8699-9E0768684862.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS9FF66EFC-DBFD-42F8-B043-C1C9890BCB36.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA21CF717-C4D0-4AF1-B5D3-1DBBD5EBBD65.tmp"
Wed 18 Feb 2009 131,072 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA46DFB05-6D59-4793-8F4E-7ACAC26EB3E1.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA540B7E0-A5D3-4C15-B62F-3DB7C752A66B.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA508F44C-3D73-4367-BB0B-816E8CF22F0F.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA9338D5F-4687-4613-AF84-996D4FA94582.tmp"
Wed 18 Feb 2009 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSAE60BDE6-ACEF-456D-9FCA-F883B717C93C.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSAF075EB0-B960-4BEC-86D2-8D2F7E0FC368.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSAF2DEFBA-0893-4122-8B0E-650BB349C21D.tmp"
Wed 18 Feb 2009 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSB04D0CC1-6D2C-4014-9BC7-B928F03333DA.tmp"
Wed 18 Feb 2009 196,608 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSBC161DDB-9CA9-4298-A84A-739D2E15566C.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSBC96A44F-F26A-4B38-864D-FD09550B8210.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSBD43A20C-9DD4-451B-8F1B-7C31229ADD10.tmp"
Wed 18 Feb 2009 262,144 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC2CE1D79-296B-4315-939F-FB4100CEA49F.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC41E1498-F234-4D84-BEF8-8A37D02BE70C.tmp"
Wed 18 Feb 2009 393,216 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC45327C2-C2D8-4EE0-BF81-B5D819AF7C2F.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC803DDE4-0BEF-4B09-9BEC-D21E4C73FF96.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC819E1BD-2616-464F-9E39-94A2E384B261.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSCBFD6234-5D1E-4F1D-8417-F623C9BCE4EF.tmp"
Wed 18 Feb 2009 983,040 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSCD2F45B7-9A7B-44B7-9C93-613D153B7ACB.tmp"
Wed 18 Feb 2009 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSD15263A2-E1BC-4A67-971D-A7D147F049CB.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSD16F1091-8A5A-4D31-B5F3-FE066FF234F3.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSD41E201F-512D-48BC-859A-AD36BE9E47E0.tmp"
Wed 18 Feb 2009 131,072 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSD4D42407-96EE-4BE7-87F0-3AE1D4E2903F.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSD6B40F9D-CCAE-4270-A8EF-49F1F77B6697.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSD9D02461-B020-4D19-8B95-6E1AEA95ADB5.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSDBB6A122-F75A-4A81-8D5C-CD6239771F3A.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSDD63C6B9-5E39-4146-9C90-A00A46C29D83.tmp"
Wed 18 Feb 2009 196,608 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSDFCF811A-ED63-4498-8CEE-C7261EC0C2A9.tmp"
Wed 18 Feb 2009 1,900,544 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSDF9EDD00-2F89-4F79-8709-222A4A8DCB40.tmp"
Wed 18 Feb 2009 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSE2E7915D-D8BD-45DD-BCCF-A05BED5AC9FD.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSE612541F-2545-477E-BD06-12E13E615951.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSE6FD46B1-8D36-4473-B8C6-4BE129EB869A.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSEAF30CD0-C85B-4DAD-A4BB-0DCCE1E2E94F.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSEB5BA179-9A01-4718-8C84-E3ACF6F1EDAC.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSEDA9A002-B7EF-4B84-B1C1-BCD0EDE38757.tmp"
Wed 18 Feb 2009 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSF2279370-A543-4E9A-B013-F1C5C5E56290.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSF6E490AD-1574-4980-89AF-C33C107B327B.tmp"
Wed 18 Feb 2009 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFCCABC26-2D1E-4C31-82D7-77660AD535CC.tmp"
Wed 18 Feb 2009 1,179,648 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFF6D6208-72A6-443A-AED4-55241A2DD3A6.tmp"
Tue 11 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 407 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Mon 13 Feb 2006 400 A.SH. --- "C:\Documents and Settings\John\My Documents\My Music\License Backup\drmv2key.bak"
Mon 13 Feb 2006 400 A.SH. --- "C:\Documents and Settings\John\My Documents\My Music\Ripped music\License Backup\drmv2key.bak"
Mon 10 Nov 2008 810,301 ...H. --- "C:\Documents and Settings\John Pidliskey\Application Data\Sun\Java\jre1.6.0_11\BIT2.tmp"
Tue 9 Dec 2008 221,146 ...H. --- "C:\Documents and Settings\John Pidliskey\Application Data\Sun\Java\jre1.6.0_11\BIT3.tmp"


Program Folders:

C:\Program Files\

Adobe
AIM6
Alwil Software
Analog Devices
Apple Software Update
Audacity
Bash Software
Bonjour
Common Files
ComPlus Applications
Dell
DVD Decrypter
EA GAMES
FileZilla FTP Client
Hewlett-Packard
HP
HTC
InstallShield Installation Information
Internet Explorer
Java
Light-O-Rama
LimeWire
Macromedia
MagicISO
Malwarebytes' Anti-Malware
Messenger
Microsoft ActiveSync
Microsoft Expression
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
mIRC
Movie Maker
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
NetMeeting
NOS
Online Services
Outlook Express
Quicken
QuickTime
Real
RealVNC
Registry Mechanic
Sling Media
Symantec
TomTom DesktopSuite
TomTom HOME 2
Uninstall Information
uTorrent
Verizon Wireless
Webroot
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox

C:\Program Files\Common Files\

Adobe
Adobe AIR
AOL
Apple
DESIGNER
Hewlett-Packard
HP
InstallShield
Intuit
Macromedia
Macrovision Shared
Microsoft Shared
MSSoap
ODBC
Palo Alto Software
Real
Services
Sonic Shared
SpeechEngines
Symantec Shared
System
xing shared


Add/Remove Programs:

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS3
Audacity 1.2.6
Acrobat.com
DVD Decrypter (Remove Only)
Microsoft Office Enterprise 2007
FileZilla Client 3.1.5.1
Free Internet Eraser 2.50
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Solution Center 7.0
HP Customer Participation Program 7.0
OCR Software by I.R.I.S 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
SlingPlayer Mobile
Windows Genuine Advantage Validation Tool (KB892130)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956390)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows Internet Explorer 7 (KB961260)
LimeWire PRO 4.18.2
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Magic ISO Maker v5.3 (build 0221)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
mIRC
Microsoft National Language Support Downlevel APIs
PE Builder 3.1.10a
Intel® PRO Network Adapters and Drivers
RealPlayer
VNC Enterprise Edition 4.1.9
Registry Mechanic 5.2
Light-O-Rama
TomTom HOME 2.5.2.60
VZAccess Manager
Microsoft Expression Web
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
Windows Media Format 11 runtime
Microsoft User-Mode Driver Framework Feature Pack 1.0
Adobe AIR
Adobe Photoshop CS3
Adobe Help Viewer CS3
SlingPlayer Mobile
Adobe Bridge Start Meeting
SlideShow
Quicken 2007
cp_OnlineProjectsConfig
Adobe WinSoft Linguistics Plugin
HPPhotoSmartExpress
Dell Media Experience
Java™ 6 Update 10
Adobe Stock Photos CS3
Macromedia Flash 8
Sonic_PrimoSDK
SkinsHP1
PanoStandAlone
The Sims 2
CP_Package_Basic1
BufferChm
HPProductAssistant
Adobe Color EU Extra Settings
FullDPAppQFolder
Adobe Linguistics CS3
Macromedia Extension Manager
c4100_Help
WebReg
RandMap
eSupportQFolder
AiOSoftwareNPI
Toolbox
Apple Software Update
Adobe Fonts All
Microsoft Office Live Meeting 2007
CustomerResearchQFolder
Adobe Asset Services CS3
Microsoft .NET Framework 2.0
Readme
Webroot AntiVirus with AntiSpyware
Acrobat.com
DocumentViewerQFolder
ProductContextNPI
Adobe XMP Panels CS3
Status
MSXML 4.0 SP2 (KB954430)
DocProcQFolder
Macromedia Flash Player 8
DocProc
Macromedia Flash 8 Video Encoder
Unload
Adobe Device Central CS3
QuickTime
Adobe Type Support
VC_MergeModuleToMSI
Microsoft Software Update for Web Folders (English) 12
Microsoft Office Access MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office PowerPoint MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Publisher MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Outlook MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Word MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (French) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (Spanish) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Expression Web
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office system 2007 (KB956828)
Microsoft Expression Web Service Pack 1 (SP1)
Update for Office 2007 (KB946691)
Security Update for 2007 Microsoft Office System (KB951550)
Microsoft Expression Web MUI (English)
Microsoft Office Proofing (English) 2007
Microsoft Office Enterprise 2007
Security Update for Microsoft Office Word 2007 (KB956358)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb959634)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office system 2007 (KB956828)
Update for Office 2007 (KB946691)
Security Update for 2007 Microsoft Office System (KB951550)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Microsoft Office InfoPath MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Shared MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office OneNote MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Groove MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Groove Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Shared Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Access Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Anchor Service CS3
Macromedia Flash Player 8 Plugin
Adobe Color NA Recommended Settings
Apple Mobile Device Support
Microsoft ActiveSync
ScannerCopy
Adobe Bridge CS3
InstantShareDevices
Adobe CMaps
Adobe Color - Photoshop Specific
WModem_Installer
DeviceManagementQFolder
PDF Settings
Adobe Reader 9
cp_PosterPrintConfig
Adobe Camera Raw 4.0
CueTour
CP_Panorama1Config
Adobe Default Language CS3
HP Software Update
HP Photosmart, Officejet and Deskjet 7.0.A
MSXML 4.0 SP2 (KB936181)
PhotoGallery
Adobe ExtendScript Toolkit 2
SolutionCenter
C4100
AiO_Scan_CDA
Microsoft .NET Framework 1.1
Adobe Version Cue CS3 Client
Adobe Setup
Adobe PDF Library Files
Dell ResourceCD
Adobe Color Common Settings
TrayApp
Adobe Color JA Extra Settings
MarketResearch
Adobe Update Manager CS3
Light-O-Rama
CP_CalendarTemplates1
SoundMAX
InstantShareDevicesMFC
Scan
Fax_CDA
Destinations
Symantec Endpoint Protection
NewCopy_CDA
DocumentViewer
µTorrent


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SDFix"="\"C:\\DOCUME~1\\John\\MYDOCU~1\\JOHN'S~1\\MIRC\\SDFix\\SDFix\\RunThis.bat\" /second"
"SpySweeper"="\"C:\\Program Files\\Webroot\\WebrootSecurity\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="\"C:\\WINDOWS\\system32\\ctfmon.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableStatusMessages"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Program Files\QuickTime\QTSystem\QTJava.zip
QTJAVA REG_SZ C:\Program Files\QuickTime\QTSystem\QTJava.zip

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\xxyvurol\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ccevtmgr
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ccsetmgr
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\symantec antivirus
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\webrootspysweeperservice
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wrconsumerservice
<NO NAME> REG_SZ Service


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

#8 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:12:49 PM

Posted 18 February 2009 - 06:25 PM

Please try Malwarebytes now and post its log.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users